admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:44:54 +00:00
parent 855b435227
commit 9d31f04d77
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
56 changed files with 4300 additions and 4300 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

250
2006/0xxx/CVE-2006-0032.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0032",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-0032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061001 Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/447511/100/0/threaded"
},
{
"name" : "20061002 IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053])",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/447509/100/0/threaded"
},
{
"name" : "http://www.geocities.jp/ptrs_sec/advisory09e.html",
"refsource" : "MISC",
"url" : "http://www.geocities.jp/ptrs_sec/advisory09e.html"
},
{
"name" : "HPSBST02134",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/446630/100/100/threaded"
},
{
"name" : "SSRT061187",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/446630/100/100/threaded"
},
{
"name" : "MS06-053",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-053"
},
{
"name" : "TA06-255A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-255A.html"
},
{
"name" : "VU#108884",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/108884"
},
{
"name" : "19927",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19927"
},
{
"name" : "ADV-2006-3564",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3564"
},
{
"name" : "oval:org.mitre.oval:def:535",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A535"
},
{
"name" : "1016826",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016826"
},
{
"name" : "21861",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21861"
},
{
"name" : "ms-indexing-service-xss(28651)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28651"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061002 IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053])",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447509/100/0/threaded"
},
{
"name": "ms-indexing-service-xss(28651)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28651"
},
{
"name": "oval:org.mitre.oval:def:535",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A535"
},
{
"name": "ADV-2006-3564",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3564"
},
{
"name": "VU#108884",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/108884"
},
{
"name": "1016826",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016826"
},
{
"name": "TA06-255A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-255A.html"
},
{
"name": "MS06-053",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-053"
},
{
"name": "20061001 Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447511/100/0/threaded"
},
{
"name": "http://www.geocities.jp/ptrs_sec/advisory09e.html",
"refsource": "MISC",
"url": "http://www.geocities.jp/ptrs_sec/advisory09e.html"
},
{
"name": "19927",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19927"
},
{
"name": "SSRT061187",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446630/100/100/threaded"
},
{
"name": "21861",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21861"
},
{
"name": "HPSBST02134",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446630/100/100/threaded"
}
]
}
}

200
2006/0xxx/CVE-2006-0104.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0104",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in TinyPHPForum 3.6 and earlier allows remote attackers to create a new user account, create a new topic, or view the profile of a user account, as demonstrated via a .. (dot dot) in the uname parameter to profile.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060105 [eVuln] TinyPHPForum Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/420933/100/0/threaded"
},
{
"name" : "http://evuln.com/vulns/14/exploit.html",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/14/exploit.html"
},
{
"name" : "http://evuln.com/vulns/14/summary.html",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/14/summary.html"
},
{
"name" : "16163",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16163"
},
{
"name" : "ADV-2006-0054",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0054"
},
{
"name" : "22258",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22258"
},
{
"name" : "1015436",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015436"
},
{
"name" : "18293",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18293"
},
{
"name" : "320",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/320"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in TinyPHPForum 3.6 and earlier allows remote attackers to create a new user account, create a new topic, or view the profile of a user account, as demonstrated via a .. (dot dot) in the uname parameter to profile.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://evuln.com/vulns/14/exploit.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/14/exploit.html"
},
{
"name": "1015436",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015436"
},
{
"name": "20060105 [eVuln] TinyPHPForum Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420933/100/0/threaded"
},
{
"name": "ADV-2006-0054",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0054"
},
{
"name": "18293",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18293"
},
{
"name": "320",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/320"
},
{
"name": "http://evuln.com/vulns/14/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/14/summary.html"
},
{
"name": "16163",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16163"
},
{
"name": "22258",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22258"
}
]
}
}

190
2006/0xxx/CVE-2006-0482.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0482",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Linux kernel 2.6.15.1 and earlier, when running on SPARC architectures, allows local users to cause a denial of service (hang) via a \"date -s\" command, which causes invalid sign extended arguments to be provided to the get_compat_timespec function call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-sparc] 20060128 `date -s' on sparc64",
"refsource" : "MLIST",
"url" : "http://lists.debian.org/debian-sparc/2006/01/msg00129.html"
},
{
"name" : "[linux-sparc] 20060130 Attempts to set date with 'date -s' hang the machine",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=linux-sparc&m=113861010514065&w=2"
},
{
"name" : "[linux-sparc] 20060130 Re: Attempts to set date with 'date -s' hang the machine",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=linux-sparc&m=113861287813463&w=2"
},
{
"name" : "DSA-1017",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1017"
},
{
"name" : "ADV-2006-0418",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0418"
},
{
"name" : "17216",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17216"
},
{
"name" : "19374",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19374"
},
{
"name" : "kernel-date-s-dos(24475)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24475"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linux kernel 2.6.15.1 and earlier, when running on SPARC architectures, allows local users to cause a denial of service (hang) via a \"date -s\" command, which causes invalid sign extended arguments to be provided to the get_compat_timespec function call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[linux-sparc] 20060130 Attempts to set date with 'date -s' hang the machine",
"refsource": "MLIST",
"url": "http://marc.info/?l=linux-sparc&m=113861010514065&w=2"
},
{
"name": "[linux-sparc] 20060130 Re: Attempts to set date with 'date -s' hang the machine",
"refsource": "MLIST",
"url": "http://marc.info/?l=linux-sparc&m=113861287813463&w=2"
},
{
"name": "[debian-sparc] 20060128 `date -s' on sparc64",
"refsource": "MLIST",
"url": "http://lists.debian.org/debian-sparc/2006/01/msg00129.html"
},
{
"name": "kernel-date-s-dos(24475)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24475"
},
{
"name": "17216",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17216"
},
{
"name": "ADV-2006-0418",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0418"
},
{
"name": "DSA-1017",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1017"
},
{
"name": "19374",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19374"
}
]
}
}

320
2006/0xxx/CVE-2006-0855.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0855",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the fullpath function in misc.c for zoo 2.10 and earlier, as used in products such as Barracuda Spam Firewall, allows user-assisted attackers to execute arbitrary code via a crafted ZOO file that causes the combine function to return a longer string than expected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060223 zoo contains exploitable buffer overflows",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/425887/100/0/threaded"
},
{
"name" : "http://www.guay-leroux.com/projects/zoo-advisory.txt",
"refsource" : "MISC",
"url" : "http://www.guay-leroux.com/projects/zoo-advisory.txt"
},
{
"name" : "20060403 Barracuda ZOO archiver security bug leads to remote compromise",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-04/0061.html"
},
{
"name" : "http://www.guay-leroux.com/projects/barracuda-advisory-ZOO.txt",
"refsource" : "MISC",
"url" : "http://www.guay-leroux.com/projects/barracuda-advisory-ZOO.txt"
},
{
"name" : "DSA-991",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-991"
},
{
"name" : "GLSA-200603-05",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200603-05.xml"
},
{
"name" : "SUSE-SR:2006:005",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
},
{
"name" : "SUSE-SR:2006:006",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_06_sr.html"
},
{
"name" : "16790",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16790"
},
{
"name" : "ADV-2006-0705",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0705"
},
{
"name" : "ADV-2006-1220",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1220"
},
{
"name" : "1015668",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015668"
},
{
"name" : "1015866",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015866"
},
{
"name" : "19002",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19002"
},
{
"name" : "19130",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19130"
},
{
"name" : "19148",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19148"
},
{
"name" : "19166",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19166"
},
{
"name" : "19408",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19408"
},
{
"name" : "19514",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19514"
},
{
"name" : "546",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/546"
},
{
"name" : "zoo-misc-bo(24904)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24904"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the fullpath function in misc.c for zoo 2.10 and earlier, as used in products such as Barracuda Spam Firewall, allows user-assisted attackers to execute arbitrary code via a crafted ZOO file that causes the combine function to return a longer string than expected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015866",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015866"
},
{
"name": "19408",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19408"
},
{
"name": "SUSE-SR:2006:005",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
},
{
"name": "19166",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19166"
},
{
"name": "SUSE-SR:2006:006",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_06_sr.html"
},
{
"name": "ADV-2006-1220",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1220"
},
{
"name": "19514",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19514"
},
{
"name": "546",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/546"
},
{
"name": "GLSA-200603-05",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-05.xml"
},
{
"name": "1015668",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015668"
},
{
"name": "http://www.guay-leroux.com/projects/barracuda-advisory-ZOO.txt",
"refsource": "MISC",
"url": "http://www.guay-leroux.com/projects/barracuda-advisory-ZOO.txt"
},
{
"name": "19130",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19130"
},
{
"name": "zoo-misc-bo(24904)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24904"
},
{
"name": "ADV-2006-0705",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0705"
},
{
"name": "http://www.guay-leroux.com/projects/zoo-advisory.txt",
"refsource": "MISC",
"url": "http://www.guay-leroux.com/projects/zoo-advisory.txt"
},
{
"name": "DSA-991",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-991"
},
{
"name": "20060403 Barracuda ZOO archiver security bug leads to remote compromise",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-04/0061.html"
},
{
"name": "20060223 zoo contains exploitable buffer overflows",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425887/100/0/threaded"
},
{
"name": "19002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19002"
},
{
"name": "19148",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19148"
},
{
"name": "16790",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16790"
}
]
}
}

150
2006/1xxx/CVE-2006-1321.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1321",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in webcheck before 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the (1) url, (2) title, or (3) author name in a crawled page, which is not properly sanitized in the tooltips of a report."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://ch.tudelft.nl/~arthur/webcheck/news.html#20060130",
"refsource" : "CONFIRM",
"url" : "http://ch.tudelft.nl/~arthur/webcheck/news.html#20060130"
},
{
"name" : "17212",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17212"
},
{
"name" : "19309",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19309"
},
{
"name" : "webcheck-content-xss(25428)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25428"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in webcheck before 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the (1) url, (2) title, or (3) author name in a crawled page, which is not properly sanitized in the tooltips of a report."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19309",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19309"
},
{
"name": "webcheck-content-xss(25428)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25428"
},
{
"name": "http://ch.tudelft.nl/~arthur/webcheck/news.html#20060130",
"refsource": "CONFIRM",
"url": "http://ch.tudelft.nl/~arthur/webcheck/news.html#20060130"
},
{
"name": "17212",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17212"
}
]
}
}

140
2006/1xxx/CVE-2006-1687.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1687",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to inject arbitrary web script or HTML via the message parameter, probably involving the basket functionality."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/04/apt-webshop-system-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/04/apt-webshop-system-vuln.html"
},
{
"name" : "ADV-2006-1293",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1293"
},
{
"name" : "19592",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19592"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to inject arbitrary web script or HTML via the message parameter, probably involving the basket functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19592",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19592"
},
{
"name": "http://pridels0.blogspot.com/2006/04/apt-webshop-system-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/04/apt-webshop-system-vuln.html"
},
{
"name": "ADV-2006-1293",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1293"
}
]
}
}

190
2006/1xxx/CVE-2006-1711.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1711",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://svn.plone.org/svn/plone/PloneHotfix20060410/trunk/README.txt",
"refsource" : "CONFIRM",
"url" : "https://svn.plone.org/svn/plone/PloneHotfix20060410/trunk/README.txt"
},
{
"name" : "http://dev.plone.org/plone/ticket/5432",
"refsource" : "MISC",
"url" : "http://dev.plone.org/plone/ticket/5432"
},
{
"name" : "DSA-1032",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1032"
},
{
"name" : "17484",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17484"
},
{
"name" : "ADV-2006-1340",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1340"
},
{
"name" : "19633",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19633"
},
{
"name" : "19640",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19640"
},
{
"name" : "plone-memberid-data-manipulation(25781)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25781"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dev.plone.org/plone/ticket/5432",
"refsource": "MISC",
"url": "http://dev.plone.org/plone/ticket/5432"
},
{
"name": "19633",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19633"
},
{
"name": "17484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17484"
},
{
"name": "DSA-1032",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1032"
},
{
"name": "19640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19640"
},
{
"name": "ADV-2006-1340",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1340"
},
{
"name": "https://svn.plone.org/svn/plone/PloneHotfix20060410/trunk/README.txt",
"refsource": "CONFIRM",
"url": "https://svn.plone.org/svn/plone/PloneHotfix20060410/trunk/README.txt"
},
{
"name": "plone-memberid-data-manipulation(25781)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25781"
}
]
}
}

190
2006/1xxx/CVE-2006-1787.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1787",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Document Server for Reader Extensions 6.0 includes a user's session (jsession) ID in the HTTP Referer header, which allows remote attackers to gain access to PDF files that are being processed within that session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060413 Secunia Research: Adobe Document Server for Reader ExtensionsMultiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/430869/100/0/threaded"
},
{
"name" : "http://secunia.com/secunia_research/2005-68/advisory/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2005-68/advisory/"
},
{
"name" : "http://www.adobe.com/support/techdocs/322699.html",
"refsource" : "MISC",
"url" : "http://www.adobe.com/support/techdocs/322699.html"
},
{
"name" : "http://www.adobe.com/support/techdocs/331915.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/techdocs/331915.html"
},
{
"name" : "17500",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17500"
},
{
"name" : "ADV-2006-1342",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1342"
},
{
"name" : "15924",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15924"
},
{
"name" : "adobe-jsessionid-information-disclosure(25773)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25773"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Document Server for Reader Extensions 6.0 includes a user's session (jsession) ID in the HTTP Referer header, which allows remote attackers to gain access to PDF files that are being processed within that session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060413 Secunia Research: Adobe Document Server for Reader ExtensionsMultiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430869/100/0/threaded"
},
{
"name": "http://www.adobe.com/support/techdocs/331915.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/techdocs/331915.html"
},
{
"name": "adobe-jsessionid-information-disclosure(25773)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25773"
},
{
"name": "http://www.adobe.com/support/techdocs/322699.html",
"refsource": "MISC",
"url": "http://www.adobe.com/support/techdocs/322699.html"
},
{
"name": "15924",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15924"
},
{
"name": "http://secunia.com/secunia_research/2005-68/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-68/advisory/"
},
{
"name": "ADV-2006-1342",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1342"
},
{
"name": "17500",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17500"
}
]
}
}

150
2006/5xxx/CVE-2006-5103.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5103",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in admin/index2.php in bbsNew 2.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the \"right\" parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061015 bbsNew ( File Include Vulnerability Exploit )",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-10/0244.html"
},
{
"name" : "20061028 bbsNew => 2.0.1 Remote File Include Vulnerability Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/450027/100/100/threaded"
},
{
"name" : "20204",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20204"
},
{
"name" : "bbsnew-index2-file-include(29580)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29580"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in admin/index2.php in bbsNew 2.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the \"right\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061015 bbsNew ( File Include Vulnerability Exploit )",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-10/0244.html"
},
{
"name": "20204",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20204"
},
{
"name": "bbsnew-index2-file-include(29580)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29580"
},
{
"name": "20061028 bbsNew => 2.0.1 Remote File Include Vulnerability Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450027/100/100/threaded"
}
]
}
}

150
2006/5xxx/CVE-2006-5148.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5148",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including (1) search.php, (2) message.php, (3) member.php, (4) mail.php, (5) lostpassword.php, (6) gesfil.php, (7) forum82lib.php3, and other unspecified scripts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2459",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2459"
},
{
"name" : "20291",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20291"
},
{
"name" : "ADV-2006-3865",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3865"
},
{
"name" : "22214",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22214"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including (1) search.php, (2) message.php, (3) member.php, (4) mail.php, (5) lostpassword.php, (6) gesfil.php, (7) forum82lib.php3, and other unspecified scripts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20291",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20291"
},
{
"name": "22214",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22214"
},
{
"name": "ADV-2006-3865",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3865"
},
{
"name": "2459",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2459"
}
]
}
}

160
2006/5xxx/CVE-2006-5150.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5150",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the reports system in OpenBiblio before 0.5.2 allows remote attackers with report privileges to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=451780",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=451780"
},
{
"name" : "20301",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20301"
},
{
"name" : "ADV-2006-3867",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3867"
},
{
"name" : "22238",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22238"
},
{
"name" : "openbiblio-report-sql-injection(29318)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29318"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the reports system in OpenBiblio before 0.5.2 allows remote attackers with report privileges to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openbiblio-report-sql-injection(29318)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29318"
},
{
"name": "ADV-2006-3867",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3867"
},
{
"name": "22238",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22238"
},
{
"name": "20301",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20301"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=451780",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=451780"
}
]
}
}

160
2006/5xxx/CVE-2006-5204.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5204",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061004 Invision Power Board Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/447710/100/0/threaded"
},
{
"name" : "http://forums.invisionpower.com/index.php?showtopic=227937",
"refsource" : "CONFIRM",
"url" : "http://forums.invisionpower.com/index.php?showtopic=227937"
},
{
"name" : "ADV-2006-3927",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3927"
},
{
"name" : "22272",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22272"
},
{
"name" : "ipb-avatar-image-xss(29351)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29351"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3927",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3927"
},
{
"name": "ipb-avatar-image-xss(29351)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29351"
},
{
"name": "22272",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22272"
},
{
"name": "http://forums.invisionpower.com/index.php?showtopic=227937",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=227937"
},
{
"name": "20061004 Invision Power Board Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447710/100/0/threaded"
}
]
}
}

150
2006/5xxx/CVE-2006-5937.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5937",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in Grisoft AVG Anti-Virus before 7.1.407 allow remote attackers to execute arbitrary code via crafted (1) CAB or (2) RAR archives that trigger a heap-based buffer overflow. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061113 AVG Anti-Virus - Arbitrary Code Execution (remote)",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=116343152030074&w=2"
},
{
"name" : "http://www.grisoft.com/doc/36365/lng/us/tpl/tpl01",
"refsource" : "CONFIRM",
"url" : "http://www.grisoft.com/doc/36365/lng/us/tpl/tpl01"
},
{
"name" : "ADV-2006-4498",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4498"
},
{
"name" : "22811",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22811"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in Grisoft AVG Anti-Virus before 7.1.407 allow remote attackers to execute arbitrary code via crafted (1) CAB or (2) RAR archives that trigger a heap-based buffer overflow. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.grisoft.com/doc/36365/lng/us/tpl/tpl01",
"refsource": "CONFIRM",
"url": "http://www.grisoft.com/doc/36365/lng/us/tpl/tpl01"
},
{
"name": "20061113 AVG Anti-Virus - Arbitrary Code Execution (remote)",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=116343152030074&w=2"
},
{
"name": "ADV-2006-4498",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4498"
},
{
"name": "22811",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22811"
}
]
}
}

150
2007/2xxx/CVE-2007-2746.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2746",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain Black WebGUI before 7.3.14 does not properly use data structures containing privilege information, which allows remote authenticated users to obtain sensitive information or possibly have other unspecified impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2746",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.plainblack.com/bugs/tracker/dataform-security-bug",
"refsource" : "CONFIRM",
"url" : "http://www.plainblack.com/bugs/tracker/dataform-security-bug"
},
{
"name" : "ADV-2007-1840",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1840"
},
{
"name" : "36566",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36566"
},
{
"name" : "25355",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25355"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain Black WebGUI before 7.3.14 does not properly use data structures containing privilege information, which allows remote authenticated users to obtain sensitive information or possibly have other unspecified impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25355",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25355"
},
{
"name": "http://www.plainblack.com/bugs/tracker/dataform-security-bug",
"refsource": "CONFIRM",
"url": "http://www.plainblack.com/bugs/tracker/dataform-security-bug"
},
{
"name": "36566",
"refsource": "OSVDB",
"url": "http://osvdb.org/36566"
},
{
"name": "ADV-2007-1840",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1840"
}
]
}
}

190
2007/2xxx/CVE-2007-2865.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2865",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070522 phpPgAdmin XSS Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=117987658110713&w=2"
},
{
"name" : "DSA-1693",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1693"
},
{
"name" : "SUSE-SR:2007:024",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_24_sr.html"
},
{
"name" : "24115",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24115"
},
{
"name" : "38138",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38138"
},
{
"name" : "27756",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27756"
},
{
"name" : "33263",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33263"
},
{
"name" : "phppgadmin-sqledit-xss(34456)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34456"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phppgadmin-sqledit-xss(34456)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34456"
},
{
"name": "38138",
"refsource": "OSVDB",
"url": "http://osvdb.org/38138"
},
{
"name": "27756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27756"
},
{
"name": "24115",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24115"
},
{
"name": "20070522 phpPgAdmin XSS Vulnerability",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=117987658110713&w=2"
},
{
"name": "SUSE-SR:2007:024",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_24_sr.html"
},
{
"name": "33263",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33263"
},
{
"name": "DSA-1693",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1693"
}
]
}
}

150
2010/0xxx/CVE-2010-0060.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0060",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDMC encoding."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-0060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4077",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4077"
},
{
"name" : "APPLE-SA-2010-03-29-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name" : "APPLE-SA-2010-03-30-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html"
},
{
"name" : "oval:org.mitre.oval:def:7513",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7513"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDMC encoding."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "APPLE-SA-2010-03-30-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "oval:org.mitre.oval:def:7513",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7513"
}
]
}
}

150
2010/0xxx/CVE-2010-0480.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0480",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka \"MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-0480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS10-026",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-026"
},
{
"name" : "TA10-103A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-103A.html"
},
{
"name" : "oval:org.mitre.oval:def:7441",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7441"
},
{
"name" : "8336",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8336"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka \"MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8336",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8336"
},
{
"name": "oval:org.mitre.oval:def:7441",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7441"
},
{
"name": "MS10-026",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-026"
},
{
"name": "TA10-103A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-103A.html"
}
]
}
}

130
2010/0xxx/CVE-2010-0536.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0536",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-0536",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2010-03-30-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html"
},
{
"name" : "oval:org.mitre.oval:def:6969",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6969"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-03-30-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html"
},
{
"name": "oval:org.mitre.oval:def:6969",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6969"
}
]
}
}

160
2010/0xxx/CVE-2010-0663.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0663",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ParamTraits<SkBitmap>::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not initialize the memory locations that will hold bitmap data, which might allow remote attackers to obtain potentially sensitive information from process memory by providing insufficient data, related to use of a (1) thumbnail database or (2) HTML canvas."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=31307",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=31307"
},
{
"name" : "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html"
},
{
"name" : "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs",
"refsource" : "CONFIRM",
"url" : "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs"
},
{
"name" : "oval:org.mitre.oval:def:14002",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14002"
},
{
"name" : "1023506",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023506"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ParamTraits<SkBitmap>::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not initialize the memory locations that will hold bitmap data, which might allow remote attackers to obtain potentially sensitive information from process memory by providing insufficient data, related to use of a (1) thumbnail database or (2) HTML canvas."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:14002",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14002"
},
{
"name": "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html"
},
{
"name": "1023506",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023506"
},
{
"name": "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs",
"refsource": "CONFIRM",
"url": "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=31307",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=31307"
}
]
}
}

250
2010/0xxx/CVE-2010-0738.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0738",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=574105",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"name" : "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35",
"refsource" : "CONFIRM",
"url" : "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35"
},
{
"name" : "HPSBMU02714",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=132129312609324&w=2"
},
{
"name" : "SSRT100244",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=132129312609324&w=2"
},
{
"name" : "RHSA-2010:0376",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0376.html"
},
{
"name" : "RHSA-2010:0377",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0377.html"
},
{
"name" : "RHSA-2010:0378",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0378.html"
},
{
"name" : "RHSA-2010:0379",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0379.html"
},
{
"name" : "39710",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39710"
},
{
"name" : "1023918",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023918"
},
{
"name" : "39563",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39563"
},
{
"name" : "8408",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8408"
},
{
"name" : "ADV-2010-0992",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0992"
},
{
"name" : "jboss-jmxconsole-security-bypass(58147)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58147"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2010:0379",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0379.html"
},
{
"name": "RHSA-2010:0378",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0378.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=574105",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105"
},
{
"name": "RHSA-2010:0376",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0376.html"
},
{
"name": "8408",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8408"
},
{
"name": "RHSA-2010:0377",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0377.html"
},
{
"name": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35",
"refsource": "CONFIRM",
"url": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35"
},
{
"name": "ADV-2010-0992",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0992"
},
{
"name": "HPSBMU02714",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=132129312609324&w=2"
},
{
"name": "jboss-jmxconsole-security-bypass(58147)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58147"
},
{
"name": "SSRT100244",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=132129312609324&w=2"
},
{
"name": "39710",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39710"
},
{
"name": "39563",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39563"
},
{
"name": "1023918",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023918"
}
]
}
}

140
2010/2xxx/CVE-2010-2777.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2777",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to execute arbitrary code via a long mailbox name in a CREATE command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://zerodayinitiative.com/advisories/ZDI-10-129/",
"refsource" : "MISC",
"url" : "http://zerodayinitiative.com/advisories/ZDI-10-129/"
},
{
"name" : "http://www.novell.com/support/viewContent.do?externalId=7006374&sliceId=1",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/viewContent.do?externalId=7006374&sliceId=1"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=597331",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=597331"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to execute arbitrary code via a long mailbox name in a CREATE command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=597331",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=597331"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-10-129/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-129/"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7006374&sliceId=1",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7006374&sliceId=1"
}
]
}
}

190
2010/3xxx/CVE-2010-3025.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3025",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) excerpt parameter to application/modules/admin/controllers/posts.php, as reachable by admin/posts/edit; and the (2) content parameter to application/modules/admin/controllers/pages.php, as reachable by admin/posts/edit."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100805 XSS vulnerability in Open Blog",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/512895/100/0/threaded"
},
{
"name" : "20100805 XSS vulnerability in Open blog",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/512901/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.org/1008-exploits/openblog-xssxsrf.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1008-exploits/openblog-xssxsrf.txt"
},
{
"name" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_open_blog.html",
"refsource" : "MISC",
"url" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_open_blog.html"
},
{
"name" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_open_blog_1.html",
"refsource" : "MISC",
"url" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_open_blog_1.html"
},
{
"name" : "42255",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/42255"
},
{
"name" : "40876",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40876"
},
{
"name" : "openblog-users-xss(60942)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60942"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) excerpt parameter to application/modules/admin/controllers/posts.php, as reachable by admin/posts/edit; and the (2) content parameter to application/modules/admin/controllers/pages.php, as reachable by admin/posts/edit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100805 XSS vulnerability in Open blog",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/512901/100/0/threaded"
},
{
"name": "42255",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42255"
},
{
"name": "openblog-users-xss(60942)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60942"
},
{
"name": "http://www.htbridge.ch/advisory/xss_vulnerability_in_open_blog.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_open_blog.html"
},
{
"name": "http://packetstormsecurity.org/1008-exploits/openblog-xssxsrf.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1008-exploits/openblog-xssxsrf.txt"
},
{
"name": "20100805 XSS vulnerability in Open Blog",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/512895/100/0/threaded"
},
{
"name": "40876",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40876"
},
{
"name": "http://www.htbridge.ch/advisory/xss_vulnerability_in_open_blog_1.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_open_blog_1.html"
}
]
}
}

160
2010/3xxx/CVE-2010-3201.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3201",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101004 NetWin Surgemail XSS vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/514115/100/0/threaded"
},
{
"name" : "34797",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/34797/"
},
{
"name" : "http://ictsec.se/?p=108",
"refsource" : "MISC",
"url" : "http://ictsec.se/?p=108"
},
{
"name" : "43679",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43679"
},
{
"name" : "41685",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41685"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34797",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/34797/"
},
{
"name": "20101004 NetWin Surgemail XSS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514115/100/0/threaded"
},
{
"name": "http://ictsec.se/?p=108",
"refsource": "MISC",
"url": "http://ictsec.se/?p=108"
},
{
"name": "43679",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43679"
},
{
"name": "41685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41685"
}
]
}
}

34
2010/3xxx/CVE-2010-3339.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3339",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2010-3339",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}

34
2010/3xxx/CVE-2010-3673.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3673",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3673",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

230
2010/3xxx/CVE-2010-3706.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3706",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[dovecot] 20101002 ACL handling bugs in v1.2.8+ and v2.0",
"refsource" : "MLIST",
"url" : "http://www.dovecot.org/list/dovecot/2010-October/053452.html"
},
{
"name" : "[dovecot] 20101002 v1.2.15 released",
"refsource" : "MLIST",
"url" : "http://www.dovecot.org/list/dovecot/2010-October/053450.html"
},
{
"name" : "[dovecot] 20101002 v2.0.5 released",
"refsource" : "MLIST",
"url" : "http://www.dovecot.org/list/dovecot/2010-October/053451.html"
},
{
"name" : "[oss-security] 20101004 CVE Request: more dovecot ACL issues",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=128620520732377&w=2"
},
{
"name" : "[oss-security] 20101004 Re: CVE Request: more dovecot ACL issues",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=128622064325688&w=2"
},
{
"name" : "MDVSA-2010:217",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:217"
},
{
"name" : "SUSE-SR:2010:020",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html"
},
{
"name" : "USN-1059-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1059-1"
},
{
"name" : "43220",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43220"
},
{
"name" : "ADV-2010-2572",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2572"
},
{
"name" : "ADV-2010-2840",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2840"
},
{
"name" : "ADV-2011-0301",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0301"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20101004 Re: CVE Request: more dovecot ACL issues",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=128622064325688&w=2"
},
{
"name": "USN-1059-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1059-1"
},
{
"name": "SUSE-SR:2010:020",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html"
},
{
"name": "ADV-2010-2572",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2572"
},
{
"name": "[oss-security] 20101004 CVE Request: more dovecot ACL issues",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=128620520732377&w=2"
},
{
"name": "MDVSA-2010:217",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:217"
},
{
"name": "43220",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43220"
},
{
"name": "ADV-2011-0301",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0301"
},
{
"name": "[dovecot] 20101002 v1.2.15 released",
"refsource": "MLIST",
"url": "http://www.dovecot.org/list/dovecot/2010-October/053450.html"
},
{
"name": "[dovecot] 20101002 ACL handling bugs in v1.2.8+ and v2.0",
"refsource": "MLIST",
"url": "http://www.dovecot.org/list/dovecot/2010-October/053452.html"
},
{
"name": "ADV-2010-2840",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2840"
},
{
"name": "[dovecot] 20101002 v2.0.5 released",
"refsource": "MLIST",
"url": "http://www.dovecot.org/list/dovecot/2010-October/053451.html"
}
]
}
}

150
2010/3xxx/CVE-2010-3890.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3890",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to inject arbitrary web script or HTML via the command parameter to the administration interface, as demonstrated by the command parameter to ESAdmin/collection.do."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101109 IBM OmniFind - several vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/514688/100/0/threaded"
},
{
"name" : "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt",
"refsource" : "MISC",
"url" : "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt"
},
{
"name" : "44740",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44740"
},
{
"name" : "ADV-2010-2933",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2933"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to inject arbitrary web script or HTML via the command parameter to the administration interface, as demonstrated by the command parameter to ESAdmin/collection.do."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20101109 IBM OmniFind - several vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514688/100/0/threaded"
},
{
"name": "44740",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44740"
},
{
"name": "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt",
"refsource": "MISC",
"url": "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt"
},
{
"name": "ADV-2010-2933",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2933"
}
]
}
}

200
2010/4xxx/CVE-2010-4176.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4176",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4176",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=654489",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=654489"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=654935",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=654935"
},
{
"name" : "FEDORA-2010-17912",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051755.html"
},
{
"name" : "FEDORA-2010-17930",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051418.html"
},
{
"name" : "45046",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45046"
},
{
"name" : "42342",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42342"
},
{
"name" : "42451",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42451"
},
{
"name" : "ADV-2010-3062",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3062"
},
{
"name" : "ADV-2010-3110",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3110"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45046"
},
{
"name": "FEDORA-2010-17912",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051755.html"
},
{
"name": "42342",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42342"
},
{
"name": "42451",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42451"
},
{
"name": "FEDORA-2010-17930",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051418.html"
},
{
"name": "ADV-2010-3110",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3110"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=654489",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=654489"
},
{
"name": "ADV-2010-3062",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3062"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=654935",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=654935"
}
]
}
}

210
2010/4xxx/CVE-2010-4262.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4262",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a FIG image with a crafted color definition."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20101203 CVE Request -- Xfig: Stack-based buffer overflow by processing FIG image with crafted color definition",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/12/03/2"
},
{
"name" : "[oss-security] 20101206 Re: CVE Request -- Xfig: Stack-based buffer overflow by processing FIG image with crafted color definition",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/12/06/8"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=657981",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=657981"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=659676",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=659676"
},
{
"name" : "FEDORA-2010-18589",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052247.html"
},
{
"name" : "MDVSA-2011:010",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:010"
},
{
"name" : "45177",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45177"
},
{
"name" : "42579",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42579"
},
{
"name" : "ADV-2010-3232",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3232"
},
{
"name" : "ADV-2011-0108",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0108"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a FIG image with a crafted color definition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20101206 Re: CVE Request -- Xfig: Stack-based buffer overflow by processing FIG image with crafted color definition",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/12/06/8"
},
{
"name": "ADV-2010-3232",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3232"
},
{
"name": "42579",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42579"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=659676",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=659676"
},
{
"name": "MDVSA-2011:010",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:010"
},
{
"name": "45177",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45177"
},
{
"name": "ADV-2011-0108",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0108"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=657981",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=657981"
},
{
"name": "FEDORA-2010-18589",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052247.html"
},
{
"name": "[oss-security] 20101203 CVE Request -- Xfig: Stack-based buffer overflow by processing FIG image with crafted color definition",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/12/03/2"
}
]
}
}

380
2010/4xxx/CVE-2010-4345.json
View File

@ -1,192 +1,192 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4345",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101213 Exim security issue in historical release",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/515172/100/0/threaded"
},
{
"name" : "[exim-dev] 20101207 Remote root vulnerability in Exim",
"refsource" : "MLIST",
"url" : "http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html"
},
{
"name" : "[exim-dev] 20101209 Re: [Exim-maintainers] Remote root vulnerability in Exim",
"refsource" : "MLIST",
"url" : "http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html"
},
{
"name" : "[exim-dev] 20101210 Re: Remote root vulnerability in Exim",
"refsource" : "MLIST",
"url" : "http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html"
},
{
"name" : "[oss-security] 20101210 Exim remote root",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/12/10/1"
},
{
"name" : "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format",
"refsource" : "MISC",
"url" : "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format"
},
{
"name" : "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/",
"refsource" : "MISC",
"url" : "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/"
},
{
"name" : "http://bugs.exim.org/show_bug.cgi?id=1044",
"refsource" : "CONFIRM",
"url" : "http://bugs.exim.org/show_bug.cgi?id=1044"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=662012",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=662012"
},
{
"name" : "http://www.cpanel.net/2010/12/critical-exim-security-update.html",
"refsource" : "CONFIRM",
"url" : "http://www.cpanel.net/2010/12/critical-exim-security-update.html"
},
{
"name" : "DSA-2131",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2131"
},
{
"name" : "DSA-2154",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2154"
},
{
"name" : "RHSA-2011:0153",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0153.html"
},
{
"name" : "SUSE-SA:2010:059",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html"
},
{
"name" : "USN-1060-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1060-1"
},
{
"name" : "VU#758489",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/758489"
},
{
"name" : "45341",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45341"
},
{
"name" : "1024859",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024859"
},
{
"name" : "42576",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42576"
},
{
"name" : "42930",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42930"
},
{
"name" : "43128",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43128"
},
{
"name" : "43243",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43243"
},
{
"name" : "ADV-2010-3171",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3171"
},
{
"name" : "ADV-2010-3204",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3204"
},
{
"name" : "ADV-2011-0135",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0135"
},
{
"name" : "ADV-2011-0245",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0245"
},
{
"name" : "ADV-2011-0364",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0364"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43128",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43128"
},
{
"name": "SUSE-SA:2010:059",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html"
},
{
"name": "[exim-dev] 20101209 Re: [Exim-maintainers] Remote root vulnerability in Exim",
"refsource": "MLIST",
"url": "http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html"
},
{
"name": "VU#758489",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/758489"
},
{
"name": "[exim-dev] 20101207 Remote root vulnerability in Exim",
"refsource": "MLIST",
"url": "http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=662012",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=662012"
},
{
"name": "ADV-2011-0364",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0364"
},
{
"name": "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format",
"refsource": "MISC",
"url": "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format"
},
{
"name": "RHSA-2011:0153",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0153.html"
},
{
"name": "45341",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45341"
},
{
"name": "42930",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42930"
},
{
"name": "42576",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42576"
},
{
"name": "43243",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43243"
},
{
"name": "1024859",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024859"
},
{
"name": "[exim-dev] 20101210 Re: Remote root vulnerability in Exim",
"refsource": "MLIST",
"url": "http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html"
},
{
"name": "DSA-2154",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2154"
},
{
"name": "20101213 Exim security issue in historical release",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515172/100/0/threaded"
},
{
"name": "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/",
"refsource": "MISC",
"url": "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/"
},
{
"name": "ADV-2011-0245",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0245"
},
{
"name": "ADV-2011-0135",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0135"
},
{
"name": "USN-1060-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1060-1"
},
{
"name": "ADV-2010-3204",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3204"
},
{
"name": "http://bugs.exim.org/show_bug.cgi?id=1044",
"refsource": "CONFIRM",
"url": "http://bugs.exim.org/show_bug.cgi?id=1044"
},
{
"name": "DSA-2131",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2131"
},
{
"name": "ADV-2010-3171",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3171"
},
{
"name": "http://www.cpanel.net/2010/12/critical-exim-security-update.html",
"refsource": "CONFIRM",
"url": "http://www.cpanel.net/2010/12/critical-exim-security-update.html"
},
{
"name": "[oss-security] 20101210 Exim remote root",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/12/10/1"
}
]
}
}

140
2010/4xxx/CVE-2010-4687.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4687",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly handle multiple calls to a shared line, which allows remote attackers to cause a denial of service (port hang) by simultaneously ending two calls that were controlled by CallManager Express (CME), aka Bug ID CSCtd42552."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf"
},
{
"name" : "45769",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45769"
},
{
"name" : "ciscoios-stcapp-dos(64584)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64584"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly handle multiple calls to a shared line, which allows remote attackers to cause a denial of service (port hang) by simultaneously ending two calls that were controlled by CallManager Express (CME), aka Bug ID CSCtd42552."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ciscoios-stcapp-dos(64584)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64584"
},
{
"name": "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf"
},
{
"name": "45769",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45769"
}
]
}
}

300
2014/0xxx/CVE-2014-0032.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0032",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the \"svn ls http://svn.example.com\" command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[subversion-dev] 20140110 2 Re: Segfault in mod_dav_svn with repositories on /",
"refsource" : "MLIST",
"url" : "http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3C52D328AB.8090502@reser.org%3E"
},
{
"name" : "[subversion-dev] 20140110 Re: Segfault in mod_dav_svn with repositories on /",
"refsource" : "MLIST",
"url" : "http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3C871u0gqb0d.fsf@ntlworld.com%3E"
},
{
"name" : "[subversion-dev] 20140110 Sin mod_dav_svn with repositories on /",
"refsource" : "MLIST",
"url" : "http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3CCANvU9scLHr2yOLABW8q6_wNzhEf7pWM=NiavGcobqvUuyhKyAA@mail.gmail.com%3E"
},
{
"name" : "http://svn.apache.org/repos/asf/subversion/tags/1.7.15/CHANGES",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/repos/asf/subversion/tags/1.7.15/CHANGES"
},
{
"name" : "http://svn.apache.org/repos/asf/subversion/tags/1.8.6/CHANGES",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/repos/asf/subversion/tags/1.8.6/CHANGES"
},
{
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1557320",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1557320"
},
{
"name" : "http://support.apple.com/kb/HT6444",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT6444"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name" : "GLSA-201610-05",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201610-05"
},
{
"name" : "RHSA-2014:0255",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0255.html"
},
{
"name" : "openSUSE-SU-2014:0307",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-02/msg00086.html"
},
{
"name" : "openSUSE-SU-2014:0334",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00011.html"
},
{
"name" : "USN-2316-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2316-1"
},
{
"name" : "65434",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65434"
},
{
"name" : "102927",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/102927"
},
{
"name" : "56822",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56822"
},
{
"name" : "60722",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60722"
},
{
"name" : "61321",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61321"
},
{
"name" : "apache-subversion-cve20140032-dos(90986)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90986"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the \"svn ls http://svn.example.com\" command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://svn.apache.org/repos/asf/subversion/tags/1.8.6/CHANGES",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/repos/asf/subversion/tags/1.8.6/CHANGES"
},
{
"name": "56822",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56822"
},
{
"name": "61321",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61321"
},
{
"name": "USN-2316-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2316-1"
},
{
"name": "102927",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/102927"
},
{
"name": "RHSA-2014:0255",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0255.html"
},
{
"name": "[subversion-dev] 20140110 2 Re: Segfault in mod_dav_svn with repositories on /",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3C52D328AB.8090502@reser.org%3E"
},
{
"name": "http://svn.apache.org/viewvc?view=revision&revision=1557320",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1557320"
},
{
"name": "65434",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65434"
},
{
"name": "http://support.apple.com/kb/HT6444",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6444"
},
{
"name": "[subversion-dev] 20140110 Sin mod_dav_svn with repositories on /",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3CCANvU9scLHr2yOLABW8q6_wNzhEf7pWM=NiavGcobqvUuyhKyAA@mail.gmail.com%3E"
},
{
"name": "openSUSE-SU-2014:0307",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00086.html"
},
{
"name": "60722",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60722"
},
{
"name": "[subversion-dev] 20140110 Re: Segfault in mod_dav_svn with repositories on /",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3C871u0gqb0d.fsf@ntlworld.com%3E"
},
{
"name": "http://svn.apache.org/repos/asf/subversion/tags/1.7.15/CHANGES",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/repos/asf/subversion/tags/1.7.15/CHANGES"
},
{
"name": "apache-subversion-cve20140032-dos(90986)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90986"
},
{
"name": "openSUSE-SU-2014:0334",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00011.html"
},
{
"name": "GLSA-201610-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-05"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
]
}
}

130
2014/0xxx/CVE-2014-0906.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0906",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by leveraging possession of a (1) expired or (2) invalidated cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21671201",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21671201"
},
{
"name" : "sametime-cve20140906-cookie-validity(91854)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91854"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by leveraging possession of a (1) expired or (2) invalidated cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sametime-cve20140906-cookie-validity(91854)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91854"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21671201",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671201"
}
]
}
}

34
2014/32xxx/CVE-2014-32537.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-32537",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2354. Reason: This candidate is a duplicate of CVE-2014-2354. The wrong ID was used. Notes: All CVE users should reference CVE-2014-2354 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-32537",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2354. Reason: This candidate is a duplicate of CVE-2014-2354. The wrong ID was used. Notes: All CVE users should reference CVE-2014-2354 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

150
2014/4xxx/CVE-2014-4287.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4287",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-4287",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name" : "SUSE-SU-2015:0743",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
},
{
"name" : "70517",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70517"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70517",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70517"
},
{
"name": "SUSE-SU-2015:0743",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
]
}
}

170
2014/4xxx/CVE-2014-4384.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4384",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT6441",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT6441"
},
{
"name" : "APPLE-SA-2014-09-17-1",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html"
},
{
"name" : "69882",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69882"
},
{
"name" : "69940",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69940"
},
{
"name" : "1030866",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030866"
},
{
"name" : "appleios-cve20144384-priv-esc(96087)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96087"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the App Installation feature in Apple iOS before 8 allows local users to install unverified apps by triggering code-signature validation of an unintended bundle."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT6441",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6441"
},
{
"name": "1030866",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030866"
},
{
"name": "69940",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69940"
},
{
"name": "69882",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69882"
},
{
"name": "appleios-cve20144384-priv-esc(96087)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96087"
},
{
"name": "APPLE-SA-2014-09-17-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html"
}
]
}
}

130
2014/4xxx/CVE-2014-4765.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4765",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attackers to obtain sensitive directory information by reading an unspecified error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685289",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685289"
},
{
"name" : "ibm-maximo-cve20144765-error-message(94757)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94757"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote attackers to obtain sensitive directory information by reading an unspecified error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685289",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685289"
},
{
"name": "ibm-maximo-cve20144765-error-message(94757)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94757"
}
]
}
}

260
2014/8xxx/CVE-2014-8127.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8127",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/01/24/15"
},
{
"name" : "http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt",
"refsource" : "MISC",
"url" : "http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt"
},
{
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2484",
"refsource" : "CONFIRM",
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2484"
},
{
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2485",
"refsource" : "CONFIRM",
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2485"
},
{
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2486",
"refsource" : "CONFIRM",
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2486"
},
{
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2496",
"refsource" : "CONFIRM",
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2496"
},
{
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2497",
"refsource" : "CONFIRM",
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2497"
},
{
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2500",
"refsource" : "CONFIRM",
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2500"
},
{
"name" : "DSA-3273",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3273"
},
{
"name" : "GLSA-201701-16",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-16"
},
{
"name" : "RHSA-2016:1546",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
},
{
"name" : "RHSA-2016:1547",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
},
{
"name" : "openSUSE-SU-2015:0450",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00022.html"
},
{
"name" : "72323",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72323"
},
{
"name" : "1032760",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032760"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2015:0450",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00022.html"
},
{
"name": "72323",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72323"
},
{
"name": "RHSA-2016:1547",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
},
{
"name": "GLSA-201701-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-16"
},
{
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2497",
"refsource": "CONFIRM",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2497"
},
{
"name": "1032760",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032760"
},
{
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2496",
"refsource": "CONFIRM",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2496"
},
{
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2486",
"refsource": "CONFIRM",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2486"
},
{
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2484",
"refsource": "CONFIRM",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2484"
},
{
"name": "DSA-3273",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3273"
},
{
"name": "RHSA-2016:1546",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
},
{
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2485",
"refsource": "CONFIRM",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2485"
},
{
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2500",
"refsource": "CONFIRM",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2500"
},
{
"name": "http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt",
"refsource": "MISC",
"url": "http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt"
},
{
"name": "[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/24/15"
}
]
}
}

34
2014/8xxx/CVE-2014-8251.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8251",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8251",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

260
2014/8xxx/CVE-2014-8484.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8484",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141023 Re: strings / libbfd crasher",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/10/23/5"
},
{
"name" : "[oss-security] 20141026 Re: strings / libbfd crasher",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/10/26/2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1156272",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1156272"
},
{
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=17509",
"refsource" : "CONFIRM",
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=17509"
},
{
"name" : "https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd25671c6f202c4a5108883caa2adb24ff6f361f",
"refsource" : "CONFIRM",
"url" : "https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd25671c6f202c4a5108883caa2adb24ff6f361f"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name" : "FEDORA-2014-14838",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html"
},
{
"name" : "FEDORA-2014-14963",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html"
},
{
"name" : "FEDORA-2014-14995",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html"
},
{
"name" : "GLSA-201612-24",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201612-24"
},
{
"name" : "MDVSA-2015:029",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029"
},
{
"name" : "USN-2496-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2496-1"
},
{
"name" : "70714",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70714"
},
{
"name" : "62241",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62241"
},
{
"name" : "62746",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62746"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62241",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62241"
},
{
"name": "MDVSA-2015:029",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:029"
},
{
"name": "USN-2496-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2496-1"
},
{
"name": "FEDORA-2014-14995",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html"
},
{
"name": "[oss-security] 20141023 Re: strings / libbfd crasher",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/10/23/5"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=17509",
"refsource": "CONFIRM",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=17509"
},
{
"name": "70714",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70714"
},
{
"name": "[oss-security] 20141026 Re: strings / libbfd crasher",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/10/26/2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1156272",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1156272"
},
{
"name": "FEDORA-2014-14963",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html"
},
{
"name": "62746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62746"
},
{
"name": "FEDORA-2014-14838",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html"
},
{
"name": "https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd25671c6f202c4a5108883caa2adb24ff6f361f",
"refsource": "CONFIRM",
"url": "https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd25671c6f202c4a5108883caa2adb24ff6f361f"
},
{
"name": "GLSA-201612-24",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-24"
}
]
}
}

130
2014/9xxx/CVE-2014-9006.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9006",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Monstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which allows remote attackers to conduct brute force login attacks by deleting the login_attempts cookie or setting it to certain values."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/129082/Monstra-3.0.1-Bruteforce-Mitigation-Bypass.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129082/Monstra-3.0.1-Bruteforce-Mitigation-Bypass.html"
},
{
"name" : "monstra-index-brute-force(98649)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98649"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Monstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which allows remote attackers to conduct brute force login attacks by deleting the login_attempts cookie or setting it to certain values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "monstra-index-brute-force(98649)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98649"
},
{
"name": "http://packetstormsecurity.com/files/129082/Monstra-3.0.1-Bruteforce-Mitigation-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129082/Monstra-3.0.1-Bruteforce-Mitigation-Bypass.html"
}
]
}
}

200
2014/9xxx/CVE-2014-9031.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9031",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141120 WordPress 3 persistent script injection",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Nov/62"
},
{
"name" : "[oss-security] 20141125 Re: WordPress 4.0.1 Security Release",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/11/25/12"
},
{
"name" : "http://klikki.fi/adv/wordpress.html",
"refsource" : "MISC",
"url" : "http://klikki.fi/adv/wordpress.html"
},
{
"name" : "https://wordpress.org/news/2014/11/wordpress-4-0-1/",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/news/2014/11/wordpress-4-0-1/"
},
{
"name" : "http://advisories.mageia.org/MGASA-2014-0493.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2014-0493.html"
},
{
"name" : "DSA-3085",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3085"
},
{
"name" : "MDVSA-2014:233",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:233"
},
{
"name" : "71237",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71237"
},
{
"name" : "1031243",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031243"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141120 WordPress 3 persistent script injection",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/62"
},
{
"name": "DSA-3085",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3085"
},
{
"name": "[oss-security] 20141125 Re: WordPress 4.0.1 Security Release",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/11/25/12"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0493.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0493.html"
},
{
"name": "http://klikki.fi/adv/wordpress.html",
"refsource": "MISC",
"url": "http://klikki.fi/adv/wordpress.html"
},
{
"name": "1031243",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031243"
},
{
"name": "71237",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71237"
},
{
"name": "MDVSA-2014:233",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:233"
},
{
"name": "https://wordpress.org/news/2014/11/wordpress-4-0-1/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/news/2014/11/wordpress-4-0-1/"
}
]
}
}

130
2014/9xxx/CVE-2014-9204.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9204",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in OPCTest.exe in Rockwell Automation RSLinx Classic before 3.73.00 allows remote attackers to execute arbitrary code via a crafted CSV file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-9204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-111-02",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-111-02"
},
{
"name" : "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/646324",
"refsource" : "MISC",
"url" : "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/646324"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in OPCTest.exe in Rockwell Automation RSLinx Classic before 3.73.00 allows remote attackers to execute arbitrary code via a crafted CSV file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-111-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-111-02"
},
{
"name": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/646324",
"refsource": "MISC",
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/646324"
}
]
}
}

34
2016/2xxx/CVE-2016-2592.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2592",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2592",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/2xxx/CVE-2016-2612.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2612",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2612",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/2xxx/CVE-2016-2652.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2652",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2652",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/6xxx/CVE-2016-6007.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6007",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6007",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2016/6xxx/CVE-2016-6235.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6235",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted jpeg file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160717 Re: multiple memory corruption issues in lepton",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/07/17/6"
},
{
"name" : "https://github.com/dropbox/lepton/issues/26",
"refsource" : "CONFIRM",
"url" : "https://github.com/dropbox/lepton/issues/26"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted jpeg file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dropbox/lepton/issues/26",
"refsource": "CONFIRM",
"url": "https://github.com/dropbox/lepton/issues/26"
},
{
"name": "[oss-security] 20160717 Re: multiple memory corruption issues in lepton",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/17/6"
}
]
}
}

34
2016/6xxx/CVE-2016-6533.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6533",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6533",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2016/6xxx/CVE-2016-6650.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security_alert@emc.com",
"ID" : "CVE-2016-6650",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0",
"version" : {
"version_data" : [
{
"version_value" : "EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to compromise the affected system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SSL Stripping Vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2016-6650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0",
"version": {
"version_data": [
{
"version_value": "EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.securityfocus.com/archive/1/540303/30/0/threaded",
"refsource" : "CONFIRM",
"url" : "http://www.securityfocus.com/archive/1/540303/30/0/threaded"
},
{
"name" : "96156",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96156"
},
{
"name" : "1038066",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038066"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to compromise the affected system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SSL Stripping Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038066",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038066"
},
{
"name": "http://www.securityfocus.com/archive/1/540303/30/0/threaded",
"refsource": "CONFIRM",
"url": "http://www.securityfocus.com/archive/1/540303/30/0/threaded"
},
{
"name": "96156",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96156"
}
]
}
}

140
2016/7xxx/CVE-2016-7082.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7082",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via an EMF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2016-0014.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2016-0014.html"
},
{
"name" : "92934",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92934"
},
{
"name" : "1036805",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036805"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via an EMF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2016-0014.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0014.html"
},
{
"name": "1036805",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036805"
},
{
"name": "92934",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92934"
}
]
}
}

140
2016/7xxx/CVE-2016-7194.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2016-7194",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3386, CVE-2016-3389, and CVE-2016-7190."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-119",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119"
},
{
"name" : "93399",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93399"
},
{
"name" : "1036993",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036993"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3386, CVE-2016-3389, and CVE-2016-7190."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-119",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119"
},
{
"name": "1036993",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036993"
},
{
"name": "93399",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93399"
}
]
}
}

34
2016/7xxx/CVE-2016-7207.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7207",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7207",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

170
2016/7xxx/CVE-2016-7444.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7444",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-7444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[gnutls-devel] 20160902 OCSP certificate check",
"refsource" : "MLIST",
"url" : "https://lists.gnupg.org/pipermail/gnutls-devel/2016-September/008146.html"
},
{
"name" : "https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9",
"refsource" : "CONFIRM",
"url" : "https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9"
},
{
"name" : "https://www.gnutls.org/security.html",
"refsource" : "CONFIRM",
"url" : "https://www.gnutls.org/security.html"
},
{
"name" : "RHSA-2017:2292",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"name" : "openSUSE-SU-2017:0386",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html"
},
{
"name" : "92893",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92893"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92893",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92893"
},
{
"name": "https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9"
},
{
"name": "RHSA-2017:2292",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"name": "openSUSE-SU-2017:0386",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html"
},
{
"name": "[gnutls-devel] 20160902 OCSP certificate check",
"refsource": "MLIST",
"url": "https://lists.gnupg.org/pipermail/gnutls-devel/2016-September/008146.html"
},
{
"name": "https://www.gnutls.org/security.html",
"refsource": "CONFIRM",
"url": "https://www.gnutls.org/security.html"
}
]
}
}

150
2016/7xxx/CVE-2016-7633.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2016-7633",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Directory Services\" component. It allows local users to gain privileges or cause a denial of service (use-after-free) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-7633",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "40954",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40954/"
},
{
"name" : "https://support.apple.com/HT207423",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207423"
},
{
"name" : "94903",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94903"
},
{
"name" : "1037469",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037469"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Directory Services\" component. It allows local users to gain privileges or cause a denial of service (use-after-free) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40954",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40954/"
},
{
"name": "94903",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94903"
},
{
"name": "1037469",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037469"
},
{
"name": "https://support.apple.com/HT207423",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207423"
}
]
}
}

150
2016/7xxx/CVE-2016-7888.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2016-7888",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Digital Editions 4.5.2 and earlier",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Digital Editions 4.5.2 and earlier"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Digital Editions versions 4.5.2 and earlier has an important vulnerability that could lead to memory address leak."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory Leak"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-7888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Digital Editions 4.5.2 and earlier",
"version": {
"version_data": [
{
"version_value": "Adobe Digital Editions 4.5.2 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-636",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-636"
},
{
"name" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb16-45.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb16-45.html"
},
{
"name" : "94880",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94880"
},
{
"name" : "1037466",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037466"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Digital Editions versions 4.5.2 and earlier has an important vulnerability that could lead to memory address leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb16-45.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb16-45.html"
},
{
"name": "94880",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94880"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-636",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-636"
},
{
"name": "1037466",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037466"
}
]
}
}