admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:47:02 +00:00
parent 5c4f4cc9bd
commit 9c290420b0
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
59 changed files with 4717 additions and 4712 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
2006/0xxx/CVE-2006-0392.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0392",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Canon RAW image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2006-08-01",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"name" : "TA06-214A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name" : "VU#527236",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/527236"
},
{
"name" : "19289",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19289"
},
{
"name" : "ADV-2006-3101",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name" : "27739",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27739"
},
{
"name" : "21253",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21253"
},
{
"name" : "macosx-raw-image-bo(28142)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28142"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Canon RAW image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2006-08-01",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"name": "ADV-2006-3101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name": "21253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21253"
},
{
"name": "VU#527236",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/527236"
},
{
"name": "19289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19289"
},
{
"name": "TA06-214A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name": "macosx-raw-image-bo(28142)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28142"
},
{
"name": "27739",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27739"
}
]
}
}

130
2006/0xxx/CVE-2006-0420.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0420",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 through SP6 does not properly handle when servlets use relative forwarding, which allows remote attackers to cause a denial of service (slowdown) via unknown attack vectors that cause \"looping stack overflow errors.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "BEA06-106.01",
"refsource" : "BEA",
"url" : "http://dev2dev.bea.com/pub/advisory/164"
},
{
"name" : "1015528",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015528"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 through SP6 does not properly handle when servlets use relative forwarding, which allows remote attackers to cause a denial of service (slowdown) via unknown attack vectors that cause \"looping stack overflow errors.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015528",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015528"
},
{
"name": "BEA06-106.01",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/164"
}
]
}
}

240
2006/0xxx/CVE-2006-0456.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0456",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The strnlen_user function in Linux kernel before 2.6.16 on IBM S/390 can return an incorrect value, which allows local users to cause a denial of service via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-0456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=331c46591414f7f92b1cec048009abe89892ee79",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=331c46591414f7f92b1cec048009abe89892ee79"
},
{
"name" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=331c46591414f7f92b1cec048009abe89892ee79",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=331c46591414f7f92b1cec048009abe89892ee79"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.16-rc6",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.16-rc6"
},
{
"name" : "http://www.mail-archive.com/kernel-svn-changes@lists.alioth.debian.org/msg01631.html",
"refsource" : "CONFIRM",
"url" : "http://www.mail-archive.com/kernel-svn-changes@lists.alioth.debian.org/msg01631.html"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm"
},
{
"name" : "DSA-1103",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1103"
},
{
"name" : "RHSA-2006:0575",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0575.html"
},
{
"name" : "18687",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18687"
},
{
"name" : "oval:org.mitre.oval:def:9909",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9909"
},
{
"name" : "ADV-2006-2554",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2554"
},
{
"name" : "20914",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20914"
},
{
"name" : "21465",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21465"
},
{
"name" : "22417",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22417"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The strnlen_user function in Linux kernel before 2.6.16 on IBM S/390 can return an incorrect value, which allows local users to cause a denial of service via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18687",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18687"
},
{
"name": "ADV-2006-2554",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2554"
},
{
"name": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=331c46591414f7f92b1cec048009abe89892ee79",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=331c46591414f7f92b1cec048009abe89892ee79"
},
{
"name": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=331c46591414f7f92b1cec048009abe89892ee79",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=331c46591414f7f92b1cec048009abe89892ee79"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.16-rc6",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.16-rc6"
},
{
"name": "RHSA-2006:0575",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0575.html"
},
{
"name": "DSA-1103",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1103"
},
{
"name": "21465",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21465"
},
{
"name": "http://www.mail-archive.com/kernel-svn-changes@lists.alioth.debian.org/msg01631.html",
"refsource": "CONFIRM",
"url": "http://www.mail-archive.com/kernel-svn-changes@lists.alioth.debian.org/msg01631.html"
},
{
"name": "oval:org.mitre.oval:def:9909",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9909"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm"
},
{
"name": "22417",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22417"
},
{
"name": "20914",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20914"
}
]
}
}

190
2006/0xxx/CVE-2006-0727.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0727",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis (DFMSA), as used in some environments that use CPG-Nuke Dragonfly CMS, allows remote attackers to trigger path disclosure from a SQL syntax error, and possibly execute arbitrary SQL commands, via certain query data, probably involving the profile name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0727",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://dragonflycms.org/Forums/viewtopic/t=14751.html",
"refsource" : "CONFIRM",
"url" : "http://dragonflycms.org/Forums/viewtopic/t=14751.html"
},
{
"name" : "http://dragonflycms.org/Forums/viewtopic/t=14877/postdays=0/postorder=asc/start=15.html",
"refsource" : "CONFIRM",
"url" : "http://dragonflycms.org/Forums/viewtopic/t=14877/postdays=0/postorder=asc/start=15.html"
},
{
"name" : "http://dragonflycms.org/cvs/html/includes/functions/linking.php?d=9.23-9.22",
"refsource" : "CONFIRM",
"url" : "http://dragonflycms.org/cvs/html/includes/functions/linking.php?d=9.23-9.22"
},
{
"name" : "http://dragonflycms.org/cvs/html/includes/functions/linking.php?b=9.19.2",
"refsource" : "CONFIRM",
"url" : "http://dragonflycms.org/cvs/html/includes/functions/linking.php?b=9.19.2"
},
{
"name" : "16783",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16783"
},
{
"name" : "ADV-2006-0688",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0688"
},
{
"name" : "23060",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23060"
},
{
"name" : "23250",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23250"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis (DFMSA), as used in some environments that use CPG-Nuke Dragonfly CMS, allows remote attackers to trigger path disclosure from a SQL syntax error, and possibly execute arbitrary SQL commands, via certain query data, probably involving the profile name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16783"
},
{
"name": "23060",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23060"
},
{
"name": "http://dragonflycms.org/Forums/viewtopic/t=14751.html",
"refsource": "CONFIRM",
"url": "http://dragonflycms.org/Forums/viewtopic/t=14751.html"
},
{
"name": "23250",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23250"
},
{
"name": "http://dragonflycms.org/cvs/html/includes/functions/linking.php?b=9.19.2",
"refsource": "CONFIRM",
"url": "http://dragonflycms.org/cvs/html/includes/functions/linking.php?b=9.19.2"
},
{
"name": "ADV-2006-0688",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0688"
},
{
"name": "http://dragonflycms.org/Forums/viewtopic/t=14877/postdays=0/postorder=asc/start=15.html",
"refsource": "CONFIRM",
"url": "http://dragonflycms.org/Forums/viewtopic/t=14877/postdays=0/postorder=asc/start=15.html"
},
{
"name": "http://dragonflycms.org/cvs/html/includes/functions/linking.php?d=9.23-9.22",
"refsource": "CONFIRM",
"url": "http://dragonflycms.org/cvs/html/includes/functions/linking.php?d=9.23-9.22"
}
]
}
}

370
2006/1xxx/CVE-2006-1174.json
View File

@ -1,187 +1,187 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1174",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2006-1174",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070511 rPSA-2007-0096-1 shadow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/468336/100/0/threaded"
},
{
"name" : "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name" : "http://cvs.pld.org.pl/shadow/NEWS?rev=1.109",
"refsource" : "CONFIRM",
"url" : "http://cvs.pld.org.pl/shadow/NEWS?rev=1.109"
},
{
"name" : "https://issues.rpath.com/browse/RPL-1357",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-1357"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-249.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-249.htm"
},
{
"name" : "GLSA-200606-02",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200606-02.xml"
},
{
"name" : "MDKSA-2006:090",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:090"
},
{
"name" : "RHSA-2007:0276",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0276.html"
},
{
"name" : "RHSA-2007:0431",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0431.html"
},
{
"name" : "20070602-01-P",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc"
},
{
"name" : "VU#312692",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/312692"
},
{
"name" : "18111",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18111"
},
{
"name" : "oval:org.mitre.oval:def:10807",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10807"
},
{
"name" : "ADV-2006-2006",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2006"
},
{
"name" : "ADV-2007-3229",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name" : "1018221",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018221"
},
{
"name" : "20370",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20370"
},
{
"name" : "20506",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20506"
},
{
"name" : "25098",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25098"
},
{
"name" : "25267",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25267"
},
{
"name" : "25629",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25629"
},
{
"name" : "25894",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25894"
},
{
"name" : "25896",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25896"
},
{
"name" : "26909",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26909"
},
{
"name" : "27706",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27706"
},
{
"name" : "shadow-utils-useradd-file-permission(26958)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26958"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html"
},
{
"name": "25098",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25098"
},
{
"name": "25894",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25894"
},
{
"name": "RHSA-2007:0431",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0431.html"
},
{
"name": "ADV-2007-3229",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3229"
},
{
"name": "25267",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25267"
},
{
"name": "RHSA-2007:0276",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0276.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-249.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-249.htm"
},
{
"name": "18111",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18111"
},
{
"name": "1018221",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018221"
},
{
"name": "25629",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25629"
},
{
"name": "http://cvs.pld.org.pl/shadow/NEWS?rev=1.109",
"refsource": "CONFIRM",
"url": "http://cvs.pld.org.pl/shadow/NEWS?rev=1.109"
},
{
"name": "shadow-utils-useradd-file-permission(26958)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26958"
},
{
"name": "VU#312692",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/312692"
},
{
"name": "GLSA-200606-02",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-02.xml"
},
{
"name": "25896",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25896"
},
{
"name": "20070511 rPSA-2007-0096-1 shadow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/468336/100/0/threaded"
},
{
"name": "MDKSA-2006:090",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:090"
},
{
"name": "oval:org.mitre.oval:def:10807",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10807"
},
{
"name": "26909",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26909"
},
{
"name": "27706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27706"
},
{
"name": "ADV-2006-2006",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2006"
},
{
"name": "https://issues.rpath.com/browse/RPL-1357",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1357"
},
{
"name": "20506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20506"
},
{
"name": "20370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20370"
},
{
"name": "20070602-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc"
}
]
}
}

160
2006/1xxx/CVE-2006-1325.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1325",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Streber 0.055 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.streber-pm.org/phpBB2/viewtopic.php?p=491#491",
"refsource" : "CONFIRM",
"url" : "http://www.streber-pm.org/phpBB2/viewtopic.php?p=491#491"
},
{
"name" : "17157",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17157"
},
{
"name" : "ADV-2006-1005",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1005"
},
{
"name" : "19263",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19263"
},
{
"name" : "streber-xss(25317)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25317"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Streber 0.055 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "streber-xss(25317)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25317"
},
{
"name": "ADV-2006-1005",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1005"
},
{
"name": "19263",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19263"
},
{
"name": "http://www.streber-pm.org/phpBB2/viewtopic.php?p=491#491",
"refsource": "CONFIRM",
"url": "http://www.streber-pm.org/phpBB2/viewtopic.php?p=491#491"
},
{
"name": "17157",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17157"
}
]
}
}

240
2006/1xxx/CVE-2006-1389.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1389",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in swagentd in HP-UX B.11.00, B.11.04, and B.11.11 allows remote attackers to cause a denial of service (application crash) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-076.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-076.htm"
},
{
"name" : "HPSBUX02105",
"refsource" : "HP",
"url" : "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00622788"
},
{
"name" : "SSRT061134",
"refsource" : "HP",
"url" : "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00622788"
},
{
"name" : "17215",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17215"
},
{
"name" : "ADV-2006-1089",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1089"
},
{
"name" : "24097",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24097"
},
{
"name" : "oval:org.mitre.oval:def:1031",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1031"
},
{
"name" : "oval:org.mitre.oval:def:312",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A312"
},
{
"name" : "oval:org.mitre.oval:def:616",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A616"
},
{
"name" : "1015819",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015819"
},
{
"name" : "19373",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19373"
},
{
"name" : "19395",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19395"
},
{
"name" : "hpux-swagentd-dos(25421)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25421"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in swagentd in HP-UX B.11.00, B.11.04, and B.11.11 allows remote attackers to cause a denial of service (application crash) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19373",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19373"
},
{
"name": "19395",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19395"
},
{
"name": "HPSBUX02105",
"refsource": "HP",
"url": "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00622788"
},
{
"name": "ADV-2006-1089",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1089"
},
{
"name": "SSRT061134",
"refsource": "HP",
"url": "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00622788"
},
{
"name": "17215",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17215"
},
{
"name": "oval:org.mitre.oval:def:616",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A616"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-076.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-076.htm"
},
{
"name": "oval:org.mitre.oval:def:1031",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1031"
},
{
"name": "hpux-swagentd-dos(25421)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25421"
},
{
"name": "1015819",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015819"
},
{
"name": "oval:org.mitre.oval:def:312",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A312"
},
{
"name": "24097",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24097"
}
]
}
}

170
2006/1xxx/CVE-2006-1415.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1415",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in iforget.aspx in dotNetBB 2.42EC SP 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the em parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/03/xss-vuln-in-dotnetbb-v24.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/03/xss-vuln-in-dotnetbb-v24.html"
},
{
"name" : "17246",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17246"
},
{
"name" : "ADV-2006-1098",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1098"
},
{
"name" : "24122",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24122"
},
{
"name" : "19398",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19398"
},
{
"name" : "dotnetbb-iforget-xss(25462)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25462"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in iforget.aspx in dotNetBB 2.42EC SP 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the em parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "dotnetbb-iforget-xss(25462)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25462"
},
{
"name": "17246",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17246"
},
{
"name": "http://pridels0.blogspot.com/2006/03/xss-vuln-in-dotnetbb-v24.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/03/xss-vuln-in-dotnetbb-v24.html"
},
{
"name": "24122",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24122"
},
{
"name": "19398",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19398"
},
{
"name": "ADV-2006-1098",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1098"
}
]
}
}

200
2006/1xxx/CVE-2006-1552.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1552",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka \"Deja-Doom\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drunkenblog.com/drunkenblog-archives/000760.html",
"refsource" : "MISC",
"url" : "http://drunkenblog.com/drunkenblog-archives/000760.html"
},
{
"name" : "APPLE-SA-2006-05-11",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
},
{
"name" : "TA06-132A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
},
{
"name" : "17321",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17321"
},
{
"name" : "17951",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17951"
},
{
"name" : "ADV-2006-1779",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1779"
},
{
"name" : "25597",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25597"
},
{
"name" : "20077",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20077"
},
{
"name" : "macos-imageio-jpeg-bo(26412)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26412"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka \"Deja-Doom\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17951",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17951"
},
{
"name": "ADV-2006-1779",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1779"
},
{
"name": "25597",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25597"
},
{
"name": "TA06-132A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
},
{
"name": "17321",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17321"
},
{
"name": "APPLE-SA-2006-05-11",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
},
{
"name": "macos-imageio-jpeg-bo(26412)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26412"
},
{
"name": "20077",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20077"
},
{
"name": "http://drunkenblog.com/drunkenblog-archives/000760.html",
"refsource": "MISC",
"url": "http://drunkenblog.com/drunkenblog-archives/000760.html"
}
]
}
}

170
2006/1xxx/CVE-2006-1607.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1607",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the banner module in Exponent CMS before 0.96.5 RC 1 allows \"php injection\" via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=406474&group_id=118524",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=406474&group_id=118524"
},
{
"name" : "17357",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17357"
},
{
"name" : "ADV-2006-1201",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1201"
},
{
"name" : "24358",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24358"
},
{
"name" : "19498",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19498"
},
{
"name" : "exponent-banner-php-command-execution(25610)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25610"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the banner module in Exponent CMS before 0.96.5 RC 1 allows \"php injection\" via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1201",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1201"
},
{
"name": "19498",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19498"
},
{
"name": "24358",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24358"
},
{
"name": "exponent-banner-php-command-execution(25610)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25610"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=406474&group_id=118524",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=406474&group_id=118524"
},
{
"name": "17357",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17357"
}
]
}
}

160
2006/4xxx/CVE-2006-4356.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4356",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/80087",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/80087"
},
{
"name" : "19673",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19673"
},
{
"name" : "ADV-2006-3365",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3365"
},
{
"name" : "21603",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21603"
},
{
"name" : "easylinks-unspecified-sql-injection(28527)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28527"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21603",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21603"
},
{
"name": "19673",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19673"
},
{
"name": "ADV-2006-3365",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3365"
},
{
"name": "easylinks-unspecified-sql-injection(28527)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28527"
},
{
"name": "http://drupal.org/node/80087",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/80087"
}
]
}
}

170
2006/5xxx/CVE-2006-5016.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5016",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in admin/x_image.php in Szava Gyula and Csaba Tamas e-Vision CMS, probably 1.0, allows remote attackers to upload arbitrary files to the /imagebank directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060922 E-Vision CMS Multible Remote injections",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446706/100/0/threaded"
},
{
"name" : "21047",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21047"
},
{
"name" : "ADV-2006-3764",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3764"
},
{
"name" : "21969",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21969"
},
{
"name" : "1642",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1642"
},
{
"name" : "evisioncms-ximage-file-upload(29124)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29124"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in admin/x_image.php in Szava Gyula and Csaba Tamas e-Vision CMS, probably 1.0, allows remote attackers to upload arbitrary files to the /imagebank directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21969",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21969"
},
{
"name": "1642",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1642"
},
{
"name": "20060922 E-Vision CMS Multible Remote injections",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446706/100/0/threaded"
},
{
"name": "evisioncms-ximage-file-upload(29124)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29124"
},
{
"name": "ADV-2006-3764",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3764"
},
{
"name": "21047",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21047"
}
]
}
}

170
2006/5xxx/CVE-2006-5382.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5382",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified \"normally restricted management packets on the device\" that cause the community string to be returned."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.3com.com/securityalert/alerts/3COM-06-004.html",
"refsource" : "CONFIRM",
"url" : "http://www.3com.com/securityalert/alerts/3COM-06-004.html"
},
{
"name" : "20736",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20736"
},
{
"name" : "ADV-2006-4184",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4184"
},
{
"name" : "1017128",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017128"
},
{
"name" : "22818",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22818"
},
{
"name" : "3com-ss34400-snmp-information-disclosure(29779)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29779"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified \"normally restricted management packets on the device\" that cause the community string to be returned."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22818",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22818"
},
{
"name": "3com-ss34400-snmp-information-disclosure(29779)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29779"
},
{
"name": "ADV-2006-4184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4184"
},
{
"name": "http://www.3com.com/securityalert/alerts/3COM-06-004.html",
"refsource": "CONFIRM",
"url": "http://www.3com.com/securityalert/alerts/3COM-06-004.html"
},
{
"name": "1017128",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017128"
},
{
"name": "20736",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20736"
}
]
}
}

160
2010/0xxx/CVE-2010-0113.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0113",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Symantec Norton Mobile Security application 1.0 Beta for Android records setup details, possibly including wipe/lock credentials, in the device logs, which allows user-assisted remote attackers to obtain potentially sensitive information by leveraging the ability of a separate crafted application to read these logs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0113",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101111_00",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101111_00"
},
{
"name" : "44767",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44767"
},
{
"name" : "69253",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/69253"
},
{
"name" : "ADV-2010-2982",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2982"
},
{
"name" : "norton-mobile-setup-information-disclosure(63294)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63294"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Symantec Norton Mobile Security application 1.0 Beta for Android records setup details, possibly including wipe/lock credentials, in the device logs, which allows user-assisted remote attackers to obtain potentially sensitive information by leveraging the ability of a separate crafted application to read these logs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "norton-mobile-setup-information-disclosure(63294)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63294"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101111_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101111_00"
},
{
"name": "69253",
"refsource": "OSVDB",
"url": "http://osvdb.org/69253"
},
{
"name": "ADV-2010-2982",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2982"
},
{
"name": "44767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44767"
}
]
}
}

260
2010/2xxx/CVE-2010-2264.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2264",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4196",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4196"
},
{
"name" : "APPLE-SA-2010-06-07-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html"
},
{
"name" : "MDVSA-2011:039",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name" : "SUSE-SR:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name" : "USN-1006-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name" : "40620",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40620"
},
{
"name" : "40756",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40756"
},
{
"name" : "1024067",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024067"
},
{
"name" : "40105",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40105"
},
{
"name" : "41856",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41856"
},
{
"name" : "43068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43068"
},
{
"name" : "ADV-2010-1373",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1373"
},
{
"name" : "ADV-2010-2722",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name" : "ADV-2011-0212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name" : "ADV-2011-0552",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0552"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:039",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name": "ADV-2010-2722",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "USN-1006-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name": "41856",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41856"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "APPLE-SA-2010-06-07-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html"
},
{
"name": "40105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40105"
},
{
"name": "ADV-2010-1373",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1373"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "40756",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40756"
},
{
"name": "40620",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40620"
},
{
"name": "ADV-2011-0552",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"name": "1024067",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024067"
},
{
"name": "http://support.apple.com/kb/HT4196",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4196"
}
]
}
}

270
2010/2xxx/CVE-2010-2499.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2499",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[freetype] 20100712 FreeType 2.4.0 has been released",
"refsource" : "MLIST",
"url" : "http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html"
},
{
"name" : "[oss-security] 20100713 Multiple bugs in freetype",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127905701201340&w=2"
},
{
"name" : "[oss-security] 20100714 Re: Multiple bugs in freetype",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127909326909362&w=2"
},
{
"name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=c69891a1345640096fbf396e8dd567fe879ce233",
"refsource" : "CONFIRM",
"url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=c69891a1345640096fbf396e8dd567fe879ce233"
},
{
"name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f29f741efbba0a5ce2f16464f648fb8d026ed4c8",
"refsource" : "CONFIRM",
"url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f29f741efbba0a5ce2f16464f648fb8d026ed4c8"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=613162",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=613162"
},
{
"name" : "https://savannah.nongnu.org/bugs/?30248",
"refsource" : "CONFIRM",
"url" : "https://savannah.nongnu.org/bugs/?30248"
},
{
"name" : "https://savannah.nongnu.org/bugs/?30249",
"refsource" : "CONFIRM",
"url" : "https://savannah.nongnu.org/bugs/?30249"
},
{
"name" : "http://support.apple.com/kb/HT4435",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4435"
},
{
"name" : "APPLE-SA-2010-11-10-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name" : "DSA-2070",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2070"
},
{
"name" : "MDVSA-2010:137",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:137"
},
{
"name" : "RHSA-2010:0578",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0578.html"
},
{
"name" : "USN-963-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-963-1"
},
{
"name" : "1024266",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024266"
},
{
"name" : "48951",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48951"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=c69891a1345640096fbf396e8dd567fe879ce233",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=c69891a1345640096fbf396e8dd567fe879ce233"
},
{
"name": "https://savannah.nongnu.org/bugs/?30248",
"refsource": "CONFIRM",
"url": "https://savannah.nongnu.org/bugs/?30248"
},
{
"name": "USN-963-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-963-1"
},
{
"name": "http://support.apple.com/kb/HT4435",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f29f741efbba0a5ce2f16464f648fb8d026ed4c8",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f29f741efbba0a5ce2f16464f648fb8d026ed4c8"
},
{
"name": "[freetype] 20100712 FreeType 2.4.0 has been released",
"refsource": "MLIST",
"url": "http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html"
},
{
"name": "APPLE-SA-2010-11-10-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "[oss-security] 20100714 Re: Multiple bugs in freetype",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127909326909362&w=2"
},
{
"name": "DSA-2070",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2070"
},
{
"name": "[oss-security] 20100713 Multiple bugs in freetype",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127905701201340&w=2"
},
{
"name": "1024266",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024266"
},
{
"name": "https://savannah.nongnu.org/bugs/?30249",
"refsource": "CONFIRM",
"url": "https://savannah.nongnu.org/bugs/?30249"
},
{
"name": "RHSA-2010:0578",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0578.html"
},
{
"name": "MDVSA-2010:137",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:137"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=613162",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=613162"
},
{
"name": "48951",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48951"
}
]
}
}

34
2010/2xxx/CVE-2010-2501.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2501",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2501",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2010/3xxx/CVE-2010-3289.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3289",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2010-3289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMA02591",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=128768031706686&w=2"
},
{
"name" : "SSRT100299",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=128768031706686&w=2"
},
{
"name" : "44262",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44262"
},
{
"name" : "1024622",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024622"
},
{
"name" : "hp-sim-unspec-xss(62679)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62679"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "hp-sim-unspec-xss(62679)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62679"
},
{
"name": "44262",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44262"
},
{
"name": "HPSBMA02591",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=128768031706686&w=2"
},
{
"name": "SSRT100299",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=128768031706686&w=2"
},
{
"name": "1024622",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024622"
}
]
}
}

150
2010/3xxx/CVE-2010-3467.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3467",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in modules/sections/index.php in E-Xoopport Samsara 3.1 and earlier, when the Tutorial module is enabled, allows remote attackers to execute arbitrary SQL commands via the secid parameter in a listarticles action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15004",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15004"
},
{
"name" : "http://packetstormsecurity.org/1009-exploits/exoopport-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1009-exploits/exoopport-sql.txt"
},
{
"name" : "41397",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41397"
},
{
"name" : "exoopport-index-sql-injection(61808)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61808"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in modules/sections/index.php in E-Xoopport Samsara 3.1 and earlier, when the Tutorial module is enabled, allows remote attackers to execute arbitrary SQL commands via the secid parameter in a listarticles action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15004",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15004"
},
{
"name": "exoopport-index-sql-injection(61808)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61808"
},
{
"name": "http://packetstormsecurity.org/1009-exploits/exoopport-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1009-exploits/exoopport-sql.txt"
},
{
"name": "41397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41397"
}
]
}
}

220
2010/3xxx/CVE-2010-3819.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3819",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) boxes, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-3819",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4455",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4455"
},
{
"name" : "http://support.apple.com/kb/HT4456",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4456"
},
{
"name" : "APPLE-SA-2010-11-18-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html"
},
{
"name" : "APPLE-SA-2010-11-22-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"name" : "SUSE-SR:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name" : "oval:org.mitre.oval:def:11308",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11308"
},
{
"name" : "42314",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42314"
},
{
"name" : "43068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43068"
},
{
"name" : "ADV-2010-3046",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3046"
},
{
"name" : "ADV-2011-0212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name" : "safari-css-boxes-code-execution(63358)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63358"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) boxes, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "http://support.apple.com/kb/HT4455",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4455"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "ADV-2010-3046",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3046"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "APPLE-SA-2010-11-18-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html"
},
{
"name": "42314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42314"
},
{
"name": "safari-css-boxes-code-execution(63358)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63358"
},
{
"name": "http://support.apple.com/kb/HT4456",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "oval:org.mitre.oval:def:11308",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11308"
},
{
"name": "APPLE-SA-2010-11-22-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
]
}
}

220
2010/3xxx/CVE-2010-3853.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3853",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516909/100/0/threaded"
},
{
"name" : "[security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm",
"refsource" : "MLIST",
"url" : "http://lists.vmware.com/pipermail/security-announce/2011/000126.html"
},
{
"name" : "http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_namespace/pam_namespace.c?view=log#rev1.13",
"refsource" : "CONFIRM",
"url" : "http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_namespace/pam_namespace.c?view=log#rev1.13"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=643043",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=643043"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0004.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0004.html"
},
{
"name" : "GLSA-201206-31",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"name" : "MDVSA-2010:220",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:220"
},
{
"name" : "RHSA-2010:0819",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0819.html"
},
{
"name" : "RHSA-2010:0891",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0891.html"
},
{
"name" : "49711",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49711"
},
{
"name" : "ADV-2011-0606",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0606"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201206-31",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"name": "[security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000126.html"
},
{
"name": "ADV-2011-0606",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0606"
},
{
"name": "20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516909/100/0/threaded"
},
{
"name": "MDVSA-2010:220",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:220"
},
{
"name": "49711",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49711"
},
{
"name": "RHSA-2010:0891",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0891.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=643043",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=643043"
},
{
"name": "RHSA-2010:0819",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0819.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html"
},
{
"name": "http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_namespace/pam_namespace.c?view=log#rev1.13",
"refsource": "CONFIRM",
"url": "http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_namespace/pam_namespace.c?view=log#rev1.13"
}
]
}
}

170
2010/4xxx/CVE-2010-4055.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4055",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack consumption vulnerability in solid.exe in IBM solidDB 6.5.0.3 and earlier allows remote attackers to cause a denial of service (memory consumption and daemon crash) by connecting to TCP port 1315 and sending a packet with many integer fields, which trigger many recursive calls of a certain function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15261",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15261"
},
{
"name" : "http://aluigi.altervista.org/adv/soliddb_1-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/soliddb_1-adv.txt"
},
{
"name" : "1024597",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024597"
},
{
"name" : "41873",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41873"
},
{
"name" : "ADV-2010-2715",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2715"
},
{
"name" : "ibm-solid-database-server-dos(62590)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62590"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack consumption vulnerability in solid.exe in IBM solidDB 6.5.0.3 and earlier allows remote attackers to cause a denial of service (memory consumption and daemon crash) by connecting to TCP port 1315 and sending a packet with many integer fields, which trigger many recursive calls of a certain function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-solid-database-server-dos(62590)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62590"
},
{
"name": "15261",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15261"
},
{
"name": "ADV-2010-2715",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2715"
},
{
"name": "41873",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41873"
},
{
"name": "1024597",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024597"
},
{
"name": "http://aluigi.altervista.org/adv/soliddb_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/soliddb_1-adv.txt"
}
]
}
}

480
2010/4xxx/CVE-2010-4158.json
View File

@ -1,242 +1,242 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4158",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101109 Kernel 0-day",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/514705"
},
{
"name" : "20101118 Re: Kernel 0-day",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/514845"
},
{
"name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name" : "20101109 Kernel 0-day",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2010-November/077321.html"
},
{
"name" : "[netdev] 20101109 [PATCH] Prevent reading uninitialized memory with socket filters",
"refsource" : "MLIST",
"url" : "http://www.spinics.net/lists/netdev/msg146361.html"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=57fe93b374a6b8711995c2d466c502af9f3a08bb",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=57fe93b374a6b8711995c2d466c502af9f3a08bb"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=651698",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=651698"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name" : "FEDORA-2010-18983",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html"
},
{
"name" : "MDVSA-2011:029",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029"
},
{
"name" : "RHSA-2010:0958",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0958.html"
},
{
"name" : "RHSA-2011:0162",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0162.html"
},
{
"name" : "RHSA-2011:0007",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0007.html"
},
{
"name" : "RHSA-2011:0017",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0017.html"
},
{
"name" : "SUSE-SA:2011:001",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html"
},
{
"name" : "SUSE-SA:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html"
},
{
"name" : "SUSE-SA:2010:060",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html"
},
{
"name" : "SUSE-SA:2011:004",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html"
},
{
"name" : "SUSE-SA:2011:007",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
},
{
"name" : "SUSE-SA:2011:008",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html"
},
{
"name" : "44758",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44758"
},
{
"name" : "42745",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42745"
},
{
"name" : "42778",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42778"
},
{
"name" : "42801",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42801"
},
{
"name" : "42932",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42932"
},
{
"name" : "42963",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42963"
},
{
"name" : "42884",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42884"
},
{
"name" : "42890",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42890"
},
{
"name" : "43291",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43291"
},
{
"name" : "46397",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46397"
},
{
"name" : "ADV-2010-3321",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3321"
},
{
"name" : "ADV-2011-0012",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0012"
},
{
"name" : "ADV-2011-0124",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0124"
},
{
"name" : "ADV-2011-0168",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0168"
},
{
"name" : "ADV-2011-0298",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0298"
},
{
"name" : "ADV-2011-0375",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0375"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sk_run_filter function in net/core/filter.c in the Linux kernel before 2.6.36.2 does not check whether a certain memory location has been initialized before executing a (1) BPF_S_LD_MEM or (2) BPF_S_LDX_MEM instruction, which allows local users to obtain potentially sensitive information from kernel stack memory via a crafted socket filter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2011:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html"
},
{
"name": "42778",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42778"
},
{
"name": "42801",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42801"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "RHSA-2011:0017",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0017.html"
},
{
"name": "46397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46397"
},
{
"name": "SUSE-SA:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html"
},
{
"name": "FEDORA-2010-18983",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html"
},
{
"name": "SUSE-SA:2011:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html"
},
{
"name": "42932",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42932"
},
{
"name": "RHSA-2011:0007",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html"
},
{
"name": "ADV-2011-0124",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0124"
},
{
"name": "[netdev] 20101109 [PATCH] Prevent reading uninitialized memory with socket filters",
"refsource": "MLIST",
"url": "http://www.spinics.net/lists/netdev/msg146361.html"
},
{
"name": "20101118 Re: Kernel 0-day",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514845"
},
{
"name": "SUSE-SA:2011:007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
},
{
"name": "SUSE-SA:2010:060",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html"
},
{
"name": "ADV-2010-3321",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3321"
},
{
"name": "ADV-2011-0298",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0298"
},
{
"name": "RHSA-2010:0958",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0958.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2"
},
{
"name": "42963",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42963"
},
{
"name": "44758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44758"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "42884",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42884"
},
{
"name": "ADV-2011-0375",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0375"
},
{
"name": "42890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42890"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=651698",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=651698"
},
{
"name": "RHSA-2011:0162",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0162.html"
},
{
"name": "ADV-2011-0012",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0012"
},
{
"name": "SUSE-SA:2011:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html"
},
{
"name": "ADV-2011-0168",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0168"
},
{
"name": "MDVSA-2011:029",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029"
},
{
"name": "42745",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42745"
},
{
"name": "43291",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43291"
},
{
"name": "20101109 Kernel 0-day",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514705"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=57fe93b374a6b8711995c2d466c502af9f3a08bb",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=57fe93b374a6b8711995c2d466c502af9f3a08bb"
},
{
"name": "20101109 Kernel 0-day",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2010-November/077321.html"
}
]
}
}

180
2010/4xxx/CVE-2010-4283.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4283",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in extras/pandora_diag.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the argv[1] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101130 Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/514939/100/0/threaded"
},
{
"name" : "15643",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15643"
},
{
"name" : "20101130 Pandora FMS Authentication Bypass and Multiple\tInput Validation Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2010/Nov/326"
},
{
"name" : "http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download"
},
{
"name" : "45112",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45112"
},
{
"name" : "69542",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/69542"
},
{
"name" : "42347",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42347"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in extras/pandora_diag.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the argv[1] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42347",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42347"
},
{
"name": "20101130 Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514939/100/0/threaded"
},
{
"name": "http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download"
},
{
"name": "69542",
"refsource": "OSVDB",
"url": "http://osvdb.org/69542"
},
{
"name": "45112",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45112"
},
{
"name": "20101130 Pandora FMS Authentication Bypass and Multiple\tInput Validation Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2010/Nov/326"
},
{
"name": "15643",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15643"
}
]
}
}

190
2010/4xxx/CVE-2010-4330.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4330",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in includes/controller.php in Pulse CMS Basic before 1.2.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101205 'Pulse CMS Basic' Local File Inclusion Vulnerability (CVE-2010-4330)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/515029/100/0/threaded"
},
{
"name" : "15691",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15691"
},
{
"name" : "http://pulsecms.com/release-notes.php",
"refsource" : "MISC",
"url" : "http://pulsecms.com/release-notes.php"
},
{
"name" : "http://www.uncompiled.com/2010/12/pulse-cms-basic-local-file-inclusion-vulnerability-cve-2010-4330/",
"refsource" : "MISC",
"url" : "http://www.uncompiled.com/2010/12/pulse-cms-basic-local-file-inclusion-vulnerability-cve-2010-4330/"
},
{
"name" : "45186",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45186"
},
{
"name" : "69622",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/69622"
},
{
"name" : "42462",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42462"
},
{
"name" : "ADV-2010-3128",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3128"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in includes/controller.php in Pulse CMS Basic before 1.2.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69622",
"refsource": "OSVDB",
"url": "http://osvdb.org/69622"
},
{
"name": "42462",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42462"
},
{
"name": "ADV-2010-3128",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3128"
},
{
"name": "http://pulsecms.com/release-notes.php",
"refsource": "MISC",
"url": "http://pulsecms.com/release-notes.php"
},
{
"name": "20101205 'Pulse CMS Basic' Local File Inclusion Vulnerability (CVE-2010-4330)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515029/100/0/threaded"
},
{
"name": "45186",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45186"
},
{
"name": "http://www.uncompiled.com/2010/12/pulse-cms-basic-local-file-inclusion-vulnerability-cve-2010-4330/",
"refsource": "MISC",
"url": "http://www.uncompiled.com/2010/12/pulse-cms-basic-local-file-inclusion-vulnerability-cve-2010-4330/"
},
{
"name": "15691",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15691"
}
]
}
}

120
2011/5xxx/CVE-2011-5318.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5318",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in diafan.CMS before 5.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify articles via a save_post action to admin/news/saveNEWS_ID/, (2) modify settings via a save_post action to admin/site/save2/, or (3) modify credentials via a save_post action to admin/usersite/save2/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.htbridge.com/advisory/HTB22775",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB22775"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in diafan.CMS before 5.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify articles via a save_post action to admin/news/saveNEWS_ID/, (2) modify settings via a save_post action to admin/site/save2/, or (3) modify credentials via a save_post action to admin/usersite/save2/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.com/advisory/HTB22775",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB22775"
}
]
}
}

145
2014/10xxx/CVE-2014-10079.json
View File

@ -1,72 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-10079",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the \"ipaddress\" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-10079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://cxsecurity.com/issue/WLB-2018120091",
"refsource" : "MISC",
"url" : "https://cxsecurity.com/issue/WLB-2018120091"
},
{
"name" : "https://packetstormsecurity.com/files/127786/Vembu-Backup-Disaster-Recovery-6.1-Follow-Up.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/127786/Vembu-Backup-Disaster-Recovery-6.1-Follow-Up.html"
},
{
"name" : "https://seclists.org/fulldisclosure/2014/Aug/8",
"refsource" : "MISC",
"url" : "https://seclists.org/fulldisclosure/2014/Aug/8"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the \"ipaddress\" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/127786/Vembu-Backup-Disaster-Recovery-6.1-Follow-Up.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/127786/Vembu-Backup-Disaster-Recovery-6.1-Follow-Up.html"
},
{
"name": "https://cxsecurity.com/issue/WLB-2018120091",
"refsource": "MISC",
"url": "https://cxsecurity.com/issue/WLB-2018120091"
},
{
"name": "https://seclists.org/fulldisclosure/2014/Aug/8",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2014/Aug/8"
},
{
"refsource": "EXPLOIT-DB",
"name": "46549",
"url": "https://www.exploit-db.com/exploits/46549/"
}
]
}
}

150
2014/3xxx/CVE-2014-3187.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3187",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-3187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://twitter.com/S9Labs/statuses/519576582742999043",
"refsource" : "MISC",
"url" : "http://twitter.com/S9Labs/statuses/519576582742999043"
},
{
"name" : "https://medium.com/section-9-lab/abusing-ios-url-handlers-on-messages-96979e8b12f5",
"refsource" : "MISC",
"url" : "https://medium.com/section-9-lab/abusing-ios-url-handlers-on-messages-96979e8b12f5"
},
{
"name" : "http://googlechromereleases.blogspot.com/2014/10/chrome-for-ios-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2014/10/chrome-for-ios-update.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=413831",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=413831"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.google.com/p/chromium/issues/detail?id=413831",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=413831"
},
{
"name": "https://medium.com/section-9-lab/abusing-ios-url-handlers-on-messages-96979e8b12f5",
"refsource": "MISC",
"url": "https://medium.com/section-9-lab/abusing-ios-url-handlers-on-messages-96979e8b12f5"
},
{
"name": "http://googlechromereleases.blogspot.com/2014/10/chrome-for-ios-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2014/10/chrome-for-ios-update.html"
},
{
"name": "http://twitter.com/S9Labs/statuses/519576582742999043",
"refsource": "MISC",
"url": "http://twitter.com/S9Labs/statuses/519576582742999043"
}
]
}
}

150
2014/3xxx/CVE-2014-3431.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3431",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2014-3431",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140620_00",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140620_00"
},
{
"name" : "68077",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68077"
},
{
"name" : "1030454",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030454"
},
{
"name" : "59421",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59421"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030454",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030454"
},
{
"name": "68077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68077"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140620_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140620_00"
},
{
"name": "59421",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59421"
}
]
}
}

34
2014/3xxx/CVE-2014-3649.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3649",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3649",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/4xxx/CVE-2014-4001.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4001",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4001",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2014/4xxx/CVE-2014-4123.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4123",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka \"Internet Explorer Elevation of Privilege Vulnerability,\" as exploited in the wild in October 2014, a different vulnerability than CVE-2014-4124."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-4123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx",
"refsource" : "CONFIRM",
"url" : "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx"
},
{
"name" : "MS14-056",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-056"
},
{
"name" : "70326",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70326"
},
{
"name" : "1031018",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031018"
},
{
"name" : "60968",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60968"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka \"Internet Explorer Elevation of Privilege Vulnerability,\" as exploited in the wild in October 2014, a different vulnerability than CVE-2014-4124."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx"
},
{
"name": "60968",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60968"
},
{
"name": "1031018",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031018"
},
{
"name": "MS14-056",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-056"
},
{
"name": "70326",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70326"
}
]
}
}

130
2014/4xxx/CVE-2014-4195.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4195",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the article_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/127262/ZeroCMS-1.0-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127262/ZeroCMS-1.0-Cross-Site-Scripting.html"
},
{
"name" : "68246",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68246"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the article_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127262/ZeroCMS-1.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127262/ZeroCMS-1.0-Cross-Site-Scripting.html"
},
{
"name": "68246",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68246"
}
]
}
}

140
2014/8xxx/CVE-2014-8162.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8162",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "RHSA-2015:0957",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0957.html"
},
{
"name" : "SUSE-SU-2015:0928",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00020.html"
},
{
"name" : "74595",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74595"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74595",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74595"
},
{
"name": "RHSA-2015:0957",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0957.html"
},
{
"name": "SUSE-SU-2015:0928",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00020.html"
}
]
}
}

160
2014/8xxx/CVE-2014-8339.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8339",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in midroll.php in Nuevolab Nuevoplayer for ClipShare 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ch parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141029 CVE-2014-8399 SQL Injection in NuevoLabs flash player for clipshare",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/533847/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/128909/Nuevolabs-Nuevoplayer-For-Clipshare-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128909/Nuevolabs-Nuevoplayer-For-Clipshare-SQL-Injection.html"
},
{
"name" : "http://www.youtube.com/watch?v=_-oOI1LnEdk",
"refsource" : "MISC",
"url" : "http://www.youtube.com/watch?v=_-oOI1LnEdk"
},
{
"name" : "70833",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70833"
},
{
"name" : "nuevolabs-sql-injection(98393)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98393"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in midroll.php in Nuevolab Nuevoplayer for ClipShare 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ch parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.youtube.com/watch?v=_-oOI1LnEdk",
"refsource": "MISC",
"url": "http://www.youtube.com/watch?v=_-oOI1LnEdk"
},
{
"name": "http://packetstormsecurity.com/files/128909/Nuevolabs-Nuevoplayer-For-Clipshare-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128909/Nuevolabs-Nuevoplayer-For-Clipshare-SQL-Injection.html"
},
{
"name": "20141029 CVE-2014-8399 SQL Injection in NuevoLabs flash player for clipshare",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533847/100/0/threaded"
},
{
"name": "nuevolabs-sql-injection(98393)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98393"
},
{
"name": "70833",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70833"
}
]
}
}

34
2014/8xxx/CVE-2014-8409.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8409",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8409",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2014/8xxx/CVE-2014-8522.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8522",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The MySQL database in McAfee Network Data Loss Prevention (NDLP) before 9.3 does not require a password, which makes it easier for remote attackers to obtain access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10053",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10053"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MySQL database in McAfee Network Data Loss Prevention (NDLP) before 9.3 does not require a password, which makes it easier for remote attackers to obtain access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10053",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10053"
}
]
}
}

120
2014/8xxx/CVE-2014-8992.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8992",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in manager/assets/fileapi/FileAPI.flash.image.swf in MODX Revolution 2.3.2-pl allows remote attackers to inject arbitrary web script or HTML via the callback parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/modxcms/revolution/issues/12161",
"refsource" : "MISC",
"url" : "https://github.com/modxcms/revolution/issues/12161"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in manager/assets/fileapi/FileAPI.flash.image.swf in MODX Revolution 2.3.2-pl allows remote attackers to inject arbitrary web script or HTML via the callback parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/modxcms/revolution/issues/12161",
"refsource": "MISC",
"url": "https://github.com/modxcms/revolution/issues/12161"
}
]
}
}

190
2014/9xxx/CVE-2014-9030.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9030",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://xenbits.xen.org/xsa/advisory-113.html",
"refsource" : "CONFIRM",
"url" : "http://xenbits.xen.org/xsa/advisory-113.html"
},
{
"name" : "DSA-3140",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3140"
},
{
"name" : "GLSA-201504-04",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201504-04"
},
{
"name" : "openSUSE-SU-2015:0226",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html"
},
{
"name" : "openSUSE-SU-2015:0256",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html"
},
{
"name" : "71207",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71207"
},
{
"name" : "62672",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62672"
},
{
"name" : "xen-mmumachphysupdate-dos(98853)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98853"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xenbits.xen.org/xsa/advisory-113.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-113.html"
},
{
"name": "GLSA-201504-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-04"
},
{
"name": "62672",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62672"
},
{
"name": "xen-mmumachphysupdate-dos(98853)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98853"
},
{
"name": "DSA-3140",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3140"
},
{
"name": "71207",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71207"
},
{
"name": "openSUSE-SU-2015:0226",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html"
},
{
"name": "openSUSE-SU-2015:0256",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html"
}
]
}
}

120
2014/9xxx/CVE-2014-9044.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9044",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the absolute file paths of the original CSS and JS files as the name of the concatenated file, which allows remote attackers to obtain sensitive information via a brute force attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://owncloud.org/security/advisory/?id=oc-sa-2014-021",
"refsource" : "CONFIRM",
"url" : "https://owncloud.org/security/advisory/?id=oc-sa-2014-021"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the absolute file paths of the original CSS and JS files as the name of the concatenated file, which allows remote attackers to obtain sensitive information via a brute force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2014-021",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-021"
}
]
}
}

160
2014/9xxx/CVE-2014-9331.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9331",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine Desktop Central before 9 build 90130 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an addUser action to STATE_ID/1417736606982/roleMgmt.do."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150202 [CVE-2014-9331] ManageEngine Desktop Central CSRF vulnerability to add an Admin user advisory",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534604/100/0/threaded"
},
{
"name" : "35980",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/35980"
},
{
"name" : "http://packetstormsecurity.com/files/130219/ManageEngine-Desktop-Central-9-Cross-Site-Request-Forgery.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/130219/ManageEngine-Desktop-Central-9-Cross-Site-Request-Forgery.html"
},
{
"name" : "http://www.manageengine.com/products/desktop-central/cve20149331-cross-site-request-forgery.html",
"refsource" : "CONFIRM",
"url" : "http://www.manageengine.com/products/desktop-central/cve20149331-cross-site-request-forgery.html"
},
{
"name" : "72464",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72464"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine Desktop Central before 9 build 90130 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an addUser action to STATE_ID/1417736606982/roleMgmt.do."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.manageengine.com/products/desktop-central/cve20149331-cross-site-request-forgery.html",
"refsource": "CONFIRM",
"url": "http://www.manageengine.com/products/desktop-central/cve20149331-cross-site-request-forgery.html"
},
{
"name": "72464",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72464"
},
{
"name": "35980",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35980"
},
{
"name": "20150202 [CVE-2014-9331] ManageEngine Desktop Central CSRF vulnerability to add an Admin user advisory",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534604/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/130219/ManageEngine-Desktop-Central-9-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130219/ManageEngine-Desktop-Central-9-Cross-Site-Request-Forgery.html"
}
]
}
}

130
2014/9xxx/CVE-2014-9372.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9372",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the UploadAccountActivities servlet in ManageEngine Password Manager Pro (PMP) before 7103 allows remote attackers to delete arbitrary files via a .. (dot dot) in a filename."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-421/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-421/"
},
{
"name" : "http://www.manageengine.com/products/passwordmanagerpro/release-notes.html",
"refsource" : "CONFIRM",
"url" : "http://www.manageengine.com/products/passwordmanagerpro/release-notes.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the UploadAccountActivities servlet in ManageEngine Password Manager Pro (PMP) before 7103 allows remote attackers to delete arbitrary files via a .. (dot dot) in a filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-421/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-421/"
},
{
"name": "http://www.manageengine.com/products/passwordmanagerpro/release-notes.html",
"refsource": "CONFIRM",
"url": "http://www.manageengine.com/products/passwordmanagerpro/release-notes.html"
}
]
}
}

290
2014/9xxx/CVE-2014-9683.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9683",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150217 Re: CVE request: Linux kernel ecryptfs 1-byte overwrite",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/02/17/9"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=942080643bce061c3dd9d5718d3b745dcb39a8bc",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=942080643bce061c3dd9d5718d3b745dcb39a8bc"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1193830",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1193830"
},
{
"name" : "https://github.com/torvalds/linux/commit/942080643bce061c3dd9d5718d3b745dcb39a8bc",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/942080643bce061c3dd9d5718d3b745dcb39a8bc"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name" : "DSA-3170",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3170"
},
{
"name" : "MDVSA-2015:058",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:058"
},
{
"name" : "RHSA-2015:1272",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1272.html"
},
{
"name" : "SUSE-SU-2015:1478",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html"
},
{
"name" : "USN-2515-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2515-1"
},
{
"name" : "USN-2516-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2516-1"
},
{
"name" : "USN-2517-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2517-1"
},
{
"name" : "USN-2518-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2518-1"
},
{
"name" : "USN-2541-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2541-1"
},
{
"name" : "USN-2542-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2542-1"
},
{
"name" : "72643",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72643"
},
{
"name" : "1031860",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031860"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=942080643bce061c3dd9d5718d3b745dcb39a8bc",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=942080643bce061c3dd9d5718d3b745dcb39a8bc"
},
{
"name": "USN-2515-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2515-1"
},
{
"name": "DSA-3170",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3170"
},
{
"name": "USN-2542-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2542-1"
},
{
"name": "https://github.com/torvalds/linux/commit/942080643bce061c3dd9d5718d3b745dcb39a8bc",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/942080643bce061c3dd9d5718d3b745dcb39a8bc"
},
{
"name": "USN-2541-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2541-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "USN-2518-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2518-1"
},
{
"name": "MDVSA-2015:058",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:058"
},
{
"name": "[oss-security] 20150217 Re: CVE request: Linux kernel ecryptfs 1-byte overwrite",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/02/17/9"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2"
},
{
"name": "SUSE-SU-2015:1478",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html"
},
{
"name": "72643",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72643"
},
{
"name": "USN-2517-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2517-1"
},
{
"name": "USN-2516-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2516-1"
},
{
"name": "1031860",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031860"
},
{
"name": "RHSA-2015:1272",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1272.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1193830",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1193830"
}
]
}
}

140
2014/9xxx/CVE-2014-9874.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9874",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, related to arch/arm/mach-msm/qdsp6v2/audio_utils.c and sound/soc/msm/qdsp6v2/q6asm.c, aka Android internal bug 28751152 and Qualcomm internal bug CR563086."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2014-9874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=56ff68b1f93eaf22e5e0284648fd862dc08c9236",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=56ff68b1f93eaf22e5e0284648fd862dc08c9236"
},
{
"name" : "92219",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92219"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, related to arch/arm/mach-msm/qdsp6v2/audio_utils.c and sound/soc/msm/qdsp6v2/q6asm.c, aka Android internal bug 28751152 and Qualcomm internal bug CR563086."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name": "92219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92219"
},
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=56ff68b1f93eaf22e5e0284648fd862dc08c9236",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=56ff68b1f93eaf22e5e0284648fd862dc08c9236"
}
]
}
}

120
2016/2xxx/CVE-2016-2009.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2009",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05103564"
}
]
}
}

130
2016/2xxx/CVE-2016-2340.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2340",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The AMF framework in Granite Data Services 3.1.1-SNAPSHOT allows remote authenticated users to read arbitrary files, send TCP requests to intranet servers, or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2340",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#279472",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/279472"
},
{
"name" : "85426",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/85426"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AMF framework in Granite Data Services 3.1.1-SNAPSHOT allows remote authenticated users to read arbitrary files, send TCP requests to intranet servers, or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "85426",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/85426"
},
{
"name": "VU#279472",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/279472"
}
]
}
}

140
2016/2xxx/CVE-2016-2355.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2355",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2355",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://dotcms.com/security/SI-35",
"refsource" : "CONFIRM",
"url" : "http://dotcms.com/security/SI-35"
},
{
"name" : "https://github.com/dotCMS/core/issues/8848",
"refsource" : "CONFIRM",
"url" : "https://github.com/dotCMS/core/issues/8848"
},
{
"name" : "94992",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94992"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dotcms.com/security/SI-35",
"refsource": "CONFIRM",
"url": "http://dotcms.com/security/SI-35"
},
{
"name": "94992",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94992"
},
{
"name": "https://github.com/dotCMS/core/issues/8848",
"refsource": "CONFIRM",
"url": "https://github.com/dotCMS/core/issues/8848"
}
]
}
}

34
2016/2xxx/CVE-2016-2598.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2598",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2598",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

140
2016/3xxx/CVE-2016-3261.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3261",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information via a crafted web site, aka \"Internet Explorer Information Disclosure Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-084",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-084"
},
{
"name" : "91575",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91575"
},
{
"name" : "1036283",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036283"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information via a crafted web site, aka \"Internet Explorer Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036283",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036283"
},
{
"name": "MS16-084",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-084"
},
{
"name": "91575",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91575"
}
]
}
}

34
2016/6xxx/CVE-2016-6002.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6002",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6002",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

154
2016/6xxx/CVE-2016-6104.json
View File

@ -1,79 +1,79 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-6104",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Key Lifecycle Manager",
"version" : {
"version_data" : [
{
"version_value" : "2.5"
},
{
"version_value" : "1.0"
},
{
"version_value" : "2.0"
},
{
"version_value" : "2.0.1"
},
{
"version_value" : "2.6"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Key Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "2.5"
},
{
"version_value": "1.0"
},
{
"version_value": "2.0"
},
{
"version_value": "2.0.1"
},
{
"version_value": "2.6"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21997988",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21997988"
},
{
"name" : "95980",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95980"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21997988",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997988"
},
{
"name": "95980",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95980"
}
]
}
}

34
2016/6xxx/CVE-2016-6475.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6475",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6475",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2016/6xxx/CVE-2016-6629.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6629",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.phpmyadmin.net/security/PMASA-2016-52",
"refsource" : "CONFIRM",
"url" : "https://www.phpmyadmin.net/security/PMASA-2016-52"
},
{
"name" : "GLSA-201701-32",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-32"
},
{
"name" : "92493",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92493"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.phpmyadmin.net/security/PMASA-2016-52",
"refsource": "CONFIRM",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-52"
},
{
"name": "92493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92493"
},
{
"name": "GLSA-201701-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-32"
}
]
}
}

140
2016/6xxx/CVE-2016-6706.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6706",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-31385713."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-6706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://android.googlesource.com/platform/frameworks/av/+/1d4feebdb85db46e138530f360d9ff2490e14353",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/av/+/1d4feebdb85db46e138530f360d9ff2490e14353"
},
{
"name" : "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name" : "94134",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94134"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-31385713."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name": "94134",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94134"
},
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/1d4feebdb85db46e138530f360d9ff2490e14353",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/1d4feebdb85db46e138530f360d9ff2490e14353"
}
]
}
}

172
2016/7xxx/CVE-2016-7073.json
View File

@ -1,88 +1,88 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "anemec@redhat.com",
"ID" : "CVE-2016-7073",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "pdns",
"version" : {
"version_data" : [
{
"version_value" : "3.4.11"
},
{
"version_value" : "4.0.2"
},
{
"version_value" : "4.0.4"
}
]
}
}
]
},
"vendor_name" : "Open-Xchange"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found in AXFRRetriever, leading to a possible replay attack."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-7073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pdns",
"version": {
"version_data": [
{
"version_value": "3.4.11"
},
{
"version_value": "4.0.2"
},
{
"version_value": "4.0.4"
}
]
}
}
]
},
"vendor_name": "Open-Xchange"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7073",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7073"
},
{
"name" : "https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/",
"refsource" : "CONFIRM",
"url" : "https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/"
},
{
"name" : "DSA-3764",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3764"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found in AXFRRetriever, leading to a possible replay attack."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7073",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7073"
},
{
"name": "DSA-3764",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3764"
},
{
"name": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/",
"refsource": "CONFIRM",
"url": "https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/"
}
]
}
}

130
2016/7xxx/CVE-2016-7453.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7453",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/exponentcms/exponent-cms/commit/c1092f167cc6c78dc8bf9bf149946c5219413df3",
"refsource" : "CONFIRM",
"url" : "https://github.com/exponentcms/exponent-cms/commit/c1092f167cc6c78dc8bf9bf149946c5219413df3"
},
{
"name" : "93045",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93045"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93045",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93045"
},
{
"name": "https://github.com/exponentcms/exponent-cms/commit/c1092f167cc6c78dc8bf9bf149946c5219413df3",
"refsource": "CONFIRM",
"url": "https://github.com/exponentcms/exponent-cms/commit/c1092f167cc6c78dc8bf9bf149946c5219413df3"
}
]
}
}

130
2016/7xxx/CVE-2016-7547.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7547",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/rapid7/metasploit-framework/pull/8216/commits/0f07875a2ddb0bfbb4e985ab074e9fc56da1dcf6",
"refsource" : "MISC",
"url" : "https://github.com/rapid7/metasploit-framework/pull/8216/commits/0f07875a2ddb0bfbb4e985ab074e9fc56da1dcf6"
},
{
"name" : "97610",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97610"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97610",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97610"
},
{
"name": "https://github.com/rapid7/metasploit-framework/pull/8216/commits/0f07875a2ddb0bfbb4e985ab074e9fc56da1dcf6",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/8216/commits/0f07875a2ddb0bfbb4e985ab074e9fc56da1dcf6"
}
]
}
}

180
2016/7xxx/CVE-2016-7646.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2016-7646",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-7646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207421",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207421"
},
{
"name" : "https://support.apple.com/HT207422",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207422"
},
{
"name" : "https://support.apple.com/HT207424",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207424"
},
{
"name" : "https://support.apple.com/HT207427",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207427"
},
{
"name" : "GLSA-201706-15",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201706-15"
},
{
"name" : "94907",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94907"
},
{
"name" : "1037459",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037459"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT207427",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207427"
},
{
"name": "94907",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94907"
},
{
"name": "https://support.apple.com/HT207421",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207421"
},
{
"name": "1037459",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037459"
},
{
"name": "https://support.apple.com/HT207422",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207422"
},
{
"name": "GLSA-201706-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-15"
},
{
"name": "https://support.apple.com/HT207424",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207424"
}
]
}
}

170
2016/7xxx/CVE-2016-7983.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7983",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print()."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html",
"refsource" : "CONFIRM",
"url" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html"
},
{
"name" : "DSA-3775",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3775"
},
{
"name" : "GLSA-201702-30",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-30"
},
{
"name" : "RHSA-2017:1871",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1871"
},
{
"name" : "95852",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95852"
},
{
"name" : "1037755",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037755"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037755",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037755"
},
{
"name": "DSA-3775",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3775"
},
{
"name": "RHSA-2017:1871",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1871"
},
{
"name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html",
"refsource": "CONFIRM",
"url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html"
},
{
"name": "95852",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95852"
},
{
"name": "GLSA-201702-30",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-30"
}
]
}
}