admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:21:22 +00:00
parent d6022390be
commit 9ed5a6fe2e
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
50 changed files with 3731 additions and 3731 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2006/0xxx/CVE-2006-0220.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0220",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the day parameter in calendar.php and (2) the input form in search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this issue is resultant from an SQL injection problem in CVE-2005-4227.3 and CVE-2005-4227.13."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060113 DCP Portal Cross-Site Scripting Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/421914/100/0/threaded"
},
{
"name" : "16232",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16232"
},
{
"name" : "dcpportal-calendar-search-xss(24153)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24153"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the day parameter in calendar.php and (2) the input form in search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this issue is resultant from an SQL injection problem in CVE-2005-4227.3 and CVE-2005-4227.13."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16232",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16232"
},
{
"name": "dcpportal-calendar-search-xss(24153)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24153"
},
{
"name": "20060113 DCP Portal Cross-Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421914/100/0/threaded"
}
]
}
}

170
2006/1xxx/CVE-2006-1418.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1418",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in default.asp in Caloris Planitia E-School Management System 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/03/e-school-management-system-xss-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/03/e-school-management-system-xss-vuln.html"
},
{
"name" : "17257",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17257"
},
{
"name" : "ADV-2006-1095",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1095"
},
{
"name" : "24128",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24128"
},
{
"name" : "19381",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19381"
},
{
"name" : "eschoolmanagementsystem-default-xss(25469)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25469"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in default.asp in Caloris Planitia E-School Management System 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "eschoolmanagementsystem-default-xss(25469)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25469"
},
{
"name": "24128",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24128"
},
{
"name": "17257",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17257"
},
{
"name": "ADV-2006-1095",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1095"
},
{
"name": "http://pridels0.blogspot.com/2006/03/e-school-management-system-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/03/e-school-management-system-xss-vuln.html"
},
{
"name": "19381",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19381"
}
]
}
}

230
2006/1xxx/CVE-2006-1652.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1652",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in (a) UltraVNC (aka Ultr@VNC) 1.0.1 and earlier and (b) tabbed_viewer 1.29 (1) allow user-assisted remote attackers to execute arbitrary code via a malicious server that sends a long string to a client that connects on TCP port 5900, which triggers an overflow in Log::ReallyPrint; and (2) allow remote attackers to cause a denial of service (server crash) via a long HTTP GET request to TCP port 5800, which triggers an overflow in VNCLog::ReallyPrint."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1652",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060404 Buffer-overflow in Ultr@VNC 1.0.1 viewer and server",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/429930/100/0/threaded"
},
{
"name" : "20060405 Re: Buffer-overflow in Ultr@VNC 1.0.1 viewer and server",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/430287/100/0/threaded"
},
{
"name" : "20060411 Re: Buffer-overflow in Ultr@VNC 1.0.1 viewer POC",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/430711/100/0/threaded"
},
{
"name" : "20060404 Buffer-overflow in Ultr@VNC 1.0.1 viewer and server",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/044901.html"
},
{
"name" : "1642",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1642"
},
{
"name" : "1643",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1643"
},
{
"name" : "17378",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17378"
},
{
"name" : "ADV-2006-1240",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1240"
},
{
"name" : "19513",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19513"
},
{
"name" : "674",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/674"
},
{
"name" : "ultr@vnc-vnclogreallyprint-bo(25650)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25650"
},
{
"name" : "untr@vnc-error-bo(25648)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25648"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in (a) UltraVNC (aka Ultr@VNC) 1.0.1 and earlier and (b) tabbed_viewer 1.29 (1) allow user-assisted remote attackers to execute arbitrary code via a malicious server that sends a long string to a client that connects on TCP port 5900, which triggers an overflow in Log::ReallyPrint; and (2) allow remote attackers to cause a denial of service (server crash) via a long HTTP GET request to TCP port 5800, which triggers an overflow in VNCLog::ReallyPrint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1642",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1642"
},
{
"name": "untr@vnc-error-bo(25648)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25648"
},
{
"name": "1643",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1643"
},
{
"name": "ultr@vnc-vnclogreallyprint-bo(25650)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25650"
},
{
"name": "19513",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19513"
},
{
"name": "20060411 Re: Buffer-overflow in Ultr@VNC 1.0.1 viewer POC",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430711/100/0/threaded"
},
{
"name": "20060405 Re: Buffer-overflow in Ultr@VNC 1.0.1 viewer and server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430287/100/0/threaded"
},
{
"name": "ADV-2006-1240",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1240"
},
{
"name": "674",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/674"
},
{
"name": "20060404 Buffer-overflow in Ultr@VNC 1.0.1 viewer and server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/429930/100/0/threaded"
},
{
"name": "20060404 Buffer-overflow in Ultr@VNC 1.0.1 viewer and server",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/044901.html"
},
{
"name": "17378",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17378"
}
]
}
}

170
2006/1xxx/CVE-2006-1980.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1980",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) SID parameter, or (3) ilang parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/04/w2b-online-banking-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/04/w2b-online-banking-vuln.html"
},
{
"name" : "17626",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17626"
},
{
"name" : "ADV-2006-1445",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1445"
},
{
"name" : "24759",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24759"
},
{
"name" : "19717",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19717"
},
{
"name" : "w2bonlinebanking-sid-xss(25947)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25947"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) SID parameter, or (3) ilang parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pridels0.blogspot.com/2006/04/w2b-online-banking-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/04/w2b-online-banking-vuln.html"
},
{
"name": "ADV-2006-1445",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1445"
},
{
"name": "24759",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24759"
},
{
"name": "19717",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19717"
},
{
"name": "w2bonlinebanking-sid-xss(25947)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25947"
},
{
"name": "17626",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17626"
}
]
}
}

200
2006/5xxx/CVE-2006-5159.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5159",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Stack-based buffer overflow in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving JavaScript. NOTE: the vendor and original researchers have released a follow-up comment disputing the severity of this issue, in which the researcher states that \"we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this... I have not succeeded in making this code do anything more than cause a crash and eat up system resources\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061001 0day in Firefox from ToorCon '06",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/447497/100/0/threaded"
},
{
"name" : "20061001 zero-day flaws in Firefox: about 30 unpatched Firefox flaws",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/447493/100/0/threaded"
},
{
"name" : "http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon/",
"refsource" : "MISC",
"url" : "http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon/"
},
{
"name" : "http://www.securitypronews.com/insiderreports/insider/spn-49-20061003FirefoxVulnerabilityClaimWasAJoke.html",
"refsource" : "MISC",
"url" : "http://www.securitypronews.com/insiderreports/insider/spn-49-20061003FirefoxVulnerabilityClaimWasAJoke.html"
},
{
"name" : "20282",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20282"
},
{
"name" : "20294",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20294"
},
{
"name" : "1016962",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016962"
},
{
"name" : "1678",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1678"
},
{
"name" : "firefox-multiple-javascript-bo(29317)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29317"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Stack-based buffer overflow in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving JavaScript. NOTE: the vendor and original researchers have released a follow-up comment disputing the severity of this issue, in which the researcher states that \"we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this... I have not succeeded in making this code do anything more than cause a crash and eat up system resources\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "firefox-multiple-javascript-bo(29317)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29317"
},
{
"name": "20282",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20282"
},
{
"name": "1016962",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016962"
},
{
"name": "http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon/",
"refsource": "MISC",
"url": "http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon/"
},
{
"name": "20061001 0day in Firefox from ToorCon '06",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447497/100/0/threaded"
},
{
"name": "1678",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1678"
},
{
"name": "http://www.securitypronews.com/insiderreports/insider/spn-49-20061003FirefoxVulnerabilityClaimWasAJoke.html",
"refsource": "MISC",
"url": "http://www.securitypronews.com/insiderreports/insider/spn-49-20061003FirefoxVulnerabilityClaimWasAJoke.html"
},
{
"name": "20061001 zero-day flaws in Firefox: about 30 unpatched Firefox flaws",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447493/100/0/threaded"
},
{
"name": "20294",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20294"
}
]
}
}

160
2006/5xxx/CVE-2006-5263.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5263",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2500",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2500"
},
{
"name" : "20453",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20453"
},
{
"name" : "ADV-2006-4005",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4005"
},
{
"name" : "22346",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22346"
},
{
"name" : "phpmyagenda-header-file-include(29413)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29413"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2500",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2500"
},
{
"name": "22346",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22346"
},
{
"name": "ADV-2006-4005",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4005"
},
{
"name": "20453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20453"
},
{
"name": "phpmyagenda-header-file-include(29413)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29413"
}
]
}
}

190
2006/5xxx/CVE-2006-5527.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5527",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in lib.editor.inc.php in Intelimen InteliEditor 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the sys_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061024 InteliEditor (sys_path) Remote File Include Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/449578/100/0/threaded"
},
{
"name" : "2630",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2630"
},
{
"name" : "20703",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20703"
},
{
"name" : "ADV-2006-4179",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4179"
},
{
"name" : "1017117",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017117"
},
{
"name" : "22428",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22428"
},
{
"name" : "1785",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1785"
},
{
"name" : "intelieditor-libeditor-file-include(29755)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29755"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in lib.editor.inc.php in Intelimen InteliEditor 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the sys_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017117",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017117"
},
{
"name": "22428",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22428"
},
{
"name": "1785",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1785"
},
{
"name": "ADV-2006-4179",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4179"
},
{
"name": "20703",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20703"
},
{
"name": "2630",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2630"
},
{
"name": "intelieditor-libeditor-file-include(29755)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29755"
},
{
"name": "20061024 InteliEditor (sys_path) Remote File Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449578/100/0/threaded"
}
]
}
}

34
2006/5xxx/CVE-2006-5686.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5686",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2006-5686",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
}
]
}
}

170
2006/5xxx/CVE-2006-5894.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5894",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2760",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2760"
},
{
"name" : "http://www.rahim.webd.pl/exploit127.html",
"refsource" : "MISC",
"url" : "http://www.rahim.webd.pl/exploit127.html"
},
{
"name" : "21009",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21009"
},
{
"name" : "ADV-2006-4473",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4473"
},
{
"name" : "22847",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22847"
},
{
"name" : "ramacms-lang-file-include(30183)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30183"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21009",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21009"
},
{
"name": "ADV-2006-4473",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4473"
},
{
"name": "22847",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22847"
},
{
"name": "2760",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2760"
},
{
"name": "http://www.rahim.webd.pl/exploit127.html",
"refsource": "MISC",
"url": "http://www.rahim.webd.pl/exploit127.html"
},
{
"name": "ramacms-lang-file-include(30183)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30183"
}
]
}
}

170
2007/2xxx/CVE-2007-2135.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2135",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ADI_BINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FND_DOCUMENTS table via the ADI_DISPLAY_REPORT function, when passed a certain parameter. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070418 ZDI-07-017: Oracle E-Business Suite Arbitrary Document Download Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/466215/100/0/threaded"
},
{
"name" : "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html",
"refsource" : "MISC",
"url" : "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html"
},
{
"name" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html",
"refsource" : "MISC",
"url" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-07-017.html",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-07-017.html"
},
{
"name" : "39959",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/39959"
},
{
"name" : "2612",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2612"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ADI_BINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FND_DOCUMENTS table via the ADI_DISPLAY_REPORT function, when passed a certain parameter. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html"
},
{
"name": "2612",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2612"
},
{
"name": "20070418 ZDI-07-017: Oracle E-Business Suite Arbitrary Document Download Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466215/100/0/threaded"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-017.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-017.html"
},
{
"name": "39959",
"refsource": "OSVDB",
"url": "http://osvdb.org/39959"
},
{
"name": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html"
}
]
}
}

190
2007/2xxx/CVE-2007-2224.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2224",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-2224",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070814 ZDI-07-048: Microsoft Internet Explorer substringData() Heap Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/476527/100/0/threaded"
},
{
"name" : "MS07-043",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-043"
},
{
"name" : "TA07-226A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-226A.html"
},
{
"name" : "25282",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25282"
},
{
"name" : "ADV-2007-2867",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2867"
},
{
"name" : "oval:org.mitre.oval:def:1248",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1248"
},
{
"name" : "1018560",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018560"
},
{
"name" : "26449",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26449"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS07-043",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-043"
},
{
"name": "26449",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26449"
},
{
"name": "1018560",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018560"
},
{
"name": "TA07-226A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-226A.html"
},
{
"name": "oval:org.mitre.oval:def:1248",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1248"
},
{
"name": "ADV-2007-2867",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2867"
},
{
"name": "20070814 ZDI-07-048: Microsoft Internet Explorer substringData() Heap Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/476527/100/0/threaded"
},
{
"name": "25282",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25282"
}
]
}
}

160
2007/2xxx/CVE-2007-2608.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2608",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in lib/smarty/SmartyFU.class.php in Miplex2 Alpha 1 allows remote attackers to execute arbitrary PHP code via a URL in the system[smarty][dir] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3878",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3878"
},
{
"name" : "23884",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23884"
},
{
"name" : "ADV-2007-1737",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1737"
},
{
"name" : "37789",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37789"
},
{
"name" : "miplex2-smartyfuclass-file-include(34172)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34172"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in lib/smarty/SmartyFU.class.php in Miplex2 Alpha 1 allows remote attackers to execute arbitrary PHP code via a URL in the system[smarty][dir] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37789",
"refsource": "OSVDB",
"url": "http://osvdb.org/37789"
},
{
"name": "ADV-2007-1737",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1737"
},
{
"name": "miplex2-smartyfuclass-file-include(34172)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34172"
},
{
"name": "23884",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23884"
},
{
"name": "3878",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3878"
}
]
}
}

170
2007/2xxx/CVE-2007-2804.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2804",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in scripts/prodList.asp in CandyPress Store 3.5.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) brand and (2) Msg parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels-team.blogspot.com/2007/05/candypress-store-xss-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels-team.blogspot.com/2007/05/candypress-store-xss-vuln.html"
},
{
"name" : "24069",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24069"
},
{
"name" : "36234",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36234"
},
{
"name" : "ADV-2007-1881",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1881"
},
{
"name" : "25370",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25370"
},
{
"name" : "candypress-prodlist-xss(34389)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34389"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in scripts/prodList.asp in CandyPress Store 3.5.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) brand and (2) Msg parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1881",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1881"
},
{
"name": "25370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25370"
},
{
"name": "candypress-prodlist-xss(34389)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34389"
},
{
"name": "24069",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24069"
},
{
"name": "36234",
"refsource": "OSVDB",
"url": "http://osvdb.org/36234"
},
{
"name": "http://pridels-team.blogspot.com/2007/05/candypress-store-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels-team.blogspot.com/2007/05/candypress-store-xss-vuln.html"
}
]
}
}

160
2010/0xxx/CVE-2010-0262.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0262",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka \"Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-0262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100309 Microsoft Excel FNGROUPNAME Record Uninitialized Memory Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=860"
},
{
"name" : "MS10-017",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"name" : "TA10-068A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"name" : "oval:org.mitre.oval:def:8562",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8562"
},
{
"name" : "1023698",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023698"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka \"Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100309 Microsoft Excel FNGROUPNAME Record Uninitialized Memory Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=860"
},
{
"name": "MS10-017",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
},
{
"name": "TA10-068A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
},
{
"name": "oval:org.mitre.oval:def:8562",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8562"
},
{
"name": "1023698",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023698"
}
]
}
}

120
2010/0xxx/CVE-2010-0334.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0334",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
]
}
}

380
2010/1xxx/CVE-2010-1039.json
View File

@ -1,192 +1,192 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1039",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2010-1039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100520 HP-UX, IBM AIX, SGI IRIX Remote Vulnerability - CVE-2010-1039",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/511405/100/0/threaded"
},
{
"name" : "http://www.checkpoint.com/defense/advisories/public/2010/cpai-13-May.html",
"refsource" : "MISC",
"url" : "http://www.checkpoint.com/defense/advisories/public/2010/cpai-13-May.html"
},
{
"name" : "http://aix.software.ibm.com/aix/efixes/security/pcnfsd_advisory.asc",
"refsource" : "CONFIRM",
"url" : "http://aix.software.ibm.com/aix/efixes/security/pcnfsd_advisory.asc"
},
{
"name" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=5088",
"refsource" : "CONFIRM",
"url" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=5088"
},
{
"name" : "IZ73590",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ73590"
},
{
"name" : "IZ73599",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ73599"
},
{
"name" : "IZ73681",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ73681"
},
{
"name" : "IZ73757",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ73757"
},
{
"name" : "IZ73874",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ73874"
},
{
"name" : "IZ75369",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ75369"
},
{
"name" : "IZ75440",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ75440"
},
{
"name" : "IZ75465",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ75465"
},
{
"name" : "HPSBUX02523",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=127428077629933&w=2"
},
{
"name" : "SSRT100036",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=127428077629933&w=2"
},
{
"name" : "40248",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40248"
},
{
"name" : "64729",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/64729"
},
{
"name" : "oval:org.mitre.oval:def:11986",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11986"
},
{
"name" : "oval:org.mitre.oval:def:12103",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12103"
},
{
"name" : "1024016",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024016"
},
{
"name" : "1023994",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023994"
},
{
"name" : "39835",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39835"
},
{
"name" : "39911",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39911"
},
{
"name" : "ADV-2010-1213",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1213"
},
{
"name" : "ADV-2010-1199",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1199"
},
{
"name" : "ADV-2010-1211",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1211"
},
{
"name" : "ADV-2010-1212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1212"
},
{
"name" : "hpux-nfsoncplus-privilege-escalation(58718)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58718"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64729",
"refsource": "OSVDB",
"url": "http://osvdb.org/64729"
},
{
"name": "IZ75440",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ75440"
},
{
"name": "39911",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39911"
},
{
"name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=5088",
"refsource": "CONFIRM",
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=5088"
},
{
"name": "oval:org.mitre.oval:def:11986",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11986"
},
{
"name": "40248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40248"
},
{
"name": "1023994",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023994"
},
{
"name": "IZ75369",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ75369"
},
{
"name": "ADV-2010-1213",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1213"
},
{
"name": "IZ73757",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ73757"
},
{
"name": "IZ73599",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ73599"
},
{
"name": "http://www.checkpoint.com/defense/advisories/public/2010/cpai-13-May.html",
"refsource": "MISC",
"url": "http://www.checkpoint.com/defense/advisories/public/2010/cpai-13-May.html"
},
{
"name": "20100520 HP-UX, IBM AIX, SGI IRIX Remote Vulnerability - CVE-2010-1039",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511405/100/0/threaded"
},
{
"name": "HPSBUX02523",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=127428077629933&w=2"
},
{
"name": "oval:org.mitre.oval:def:12103",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12103"
},
{
"name": "IZ75465",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ75465"
},
{
"name": "IZ73874",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ73874"
},
{
"name": "SSRT100036",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=127428077629933&w=2"
},
{
"name": "ADV-2010-1199",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1199"
},
{
"name": "39835",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39835"
},
{
"name": "hpux-nfsoncplus-privilege-escalation(58718)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58718"
},
{
"name": "1024016",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024016"
},
{
"name": "ADV-2010-1212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1212"
},
{
"name": "ADV-2010-1211",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1211"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/pcnfsd_advisory.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/pcnfsd_advisory.asc"
},
{
"name": "IZ73590",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ73590"
},
{
"name": "IZ73681",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ73681"
}
]
}
}

120
2010/1xxx/CVE-2010-1339.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1339",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in ts_other.php in the Teamsite Hack plugin 3.0 and earlier for WoltLab Burning Board allows remote attackers to inject arbitrary web script or HTML via the userid parameter in a modboard action, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "39009",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39009"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ts_other.php in the Teamsite Hack plugin 3.0 and earlier for WoltLab Burning Board allows remote attackers to inject arbitrary web script or HTML via the userid parameter in a modboard action, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39009",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39009"
}
]
}
}

34
2010/1xxx/CVE-2010-1484.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1484",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1484",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2010/1xxx/CVE-2010-1973.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1973",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Auditing subsystem in HP OpenVMS 8.3, 8.2, 7.3-2, and earlier on the ALPHA platform, and 8.3-1H1, 8.3, 8.2-1, and earlier on the Itanium platform, allows local users to gain privileges or obtain sensitive information via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2010-1973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBOV02539",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=127905660900687&w=2"
},
{
"name" : "SSRT090267",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=127905660900687&w=2"
},
{
"name" : "1024190",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024190"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Auditing subsystem in HP OpenVMS 8.3, 8.2, 7.3-2, and earlier on the ALPHA platform, and 8.3-1H1, 8.3, 8.2-1, and earlier on the Itanium platform, allows local users to gain privileges or obtain sensitive information via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBOV02539",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=127905660900687&w=2"
},
{
"name": "1024190",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024190"
},
{
"name": "SSRT090267",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=127905660900687&w=2"
}
]
}
}

34
2010/3xxx/CVE-2010-3953.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3953",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2010-3953",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}

34
2010/4xxx/CVE-2010-4245.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4245",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4245",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2010/4xxx/CVE-2010-4637.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4637",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in feedlist/handler_image.php in the FeedList plugin 2.61.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1011-exploits/wpfeedlist-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1011-exploits/wpfeedlist-xss.txt"
},
{
"name" : "http://www.johnleitch.net/Vulnerabilities/WordPress.Feed.List.2.61.01.Reflected.Cross-site.Scripting/56",
"refsource" : "MISC",
"url" : "http://www.johnleitch.net/Vulnerabilities/WordPress.Feed.List.2.61.01.Reflected.Cross-site.Scripting/56"
},
{
"name" : "69071",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/69071"
},
{
"name" : "42197",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42197"
},
{
"name" : "feedlist-handlerimage-xss(63055)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63055"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in feedlist/handler_image.php in the FeedList plugin 2.61.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42197",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42197"
},
{
"name": "http://packetstormsecurity.org/1011-exploits/wpfeedlist-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1011-exploits/wpfeedlist-xss.txt"
},
{
"name": "http://www.johnleitch.net/Vulnerabilities/WordPress.Feed.List.2.61.01.Reflected.Cross-site.Scripting/56",
"refsource": "MISC",
"url": "http://www.johnleitch.net/Vulnerabilities/WordPress.Feed.List.2.61.01.Reflected.Cross-site.Scripting/56"
},
{
"name": "feedlist-handlerimage-xss(63055)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63055"
},
{
"name": "69071",
"refsource": "OSVDB",
"url": "http://osvdb.org/69071"
}
]
}
}

270
2010/4xxx/CVE-2010-4704.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4704",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=3dde66752d59dfdd0f3727efd66e7202b3c75078",
"refsource" : "CONFIRM",
"url" : "http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=3dde66752d59dfdd0f3727efd66e7202b3c75078"
},
{
"name" : "https://roundup.ffmpeg.org/issue2322",
"refsource" : "CONFIRM",
"url" : "https://roundup.ffmpeg.org/issue2322"
},
{
"name" : "http://ffmpeg.mplayerhq.hu/",
"refsource" : "CONFIRM",
"url" : "http://ffmpeg.mplayerhq.hu/"
},
{
"name" : "DSA-2165",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2165"
},
{
"name" : "DSA-2306",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2306"
},
{
"name" : "MDVSA-2011:060",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060"
},
{
"name" : "MDVSA-2011:061",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
},
{
"name" : "MDVSA-2011:062",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062"
},
{
"name" : "MDVSA-2011:088",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088"
},
{
"name" : "MDVSA-2011:089",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089"
},
{
"name" : "MDVSA-2011:112",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112"
},
{
"name" : "MDVSA-2011:114",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114"
},
{
"name" : "USN-1104-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-1104-1/"
},
{
"name" : "46294",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46294"
},
{
"name" : "43323",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43323"
},
{
"name" : "ADV-2011-1241",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/1241"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:088",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088"
},
{
"name": "DSA-2306",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2306"
},
{
"name": "MDVSA-2011:061",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
},
{
"name": "https://roundup.ffmpeg.org/issue2322",
"refsource": "CONFIRM",
"url": "https://roundup.ffmpeg.org/issue2322"
},
{
"name": "MDVSA-2011:062",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062"
},
{
"name": "MDVSA-2011:112",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:112"
},
{
"name": "MDVSA-2011:114",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:114"
},
{
"name": "43323",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43323"
},
{
"name": "USN-1104-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-1104-1/"
},
{
"name": "MDVSA-2011:089",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089"
},
{
"name": "http://ffmpeg.mplayerhq.hu/",
"refsource": "CONFIRM",
"url": "http://ffmpeg.mplayerhq.hu/"
},
{
"name": "http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=3dde66752d59dfdd0f3727efd66e7202b3c75078",
"refsource": "CONFIRM",
"url": "http://git.ffmpeg.org/?p=ffmpeg.git;a=commit;h=3dde66752d59dfdd0f3727efd66e7202b3c75078"
},
{
"name": "DSA-2165",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2165"
},
{
"name": "ADV-2011-1241",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1241"
},
{
"name": "46294",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46294"
},
{
"name": "MDVSA-2011:060",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060"
}
]
}
}

190
2010/4xxx/CVE-2010-4780.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4780",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the check_banlist function in includes/sessions.php in Enano CMS 1.1.7pl1; 1.0.6pl2; and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2 allows remote attackers to execute arbitrary SQL commands via the email parameter to index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15645",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15645"
},
{
"name" : "http://packetstormsecurity.org/files/view/96229/enanocms-sqldisclose.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/view/96229/enanocms-sqldisclose.txt"
},
{
"name" : "http://www.htbridge.ch/advisory/sql_injection_in_enano_cms.html",
"refsource" : "MISC",
"url" : "http://www.htbridge.ch/advisory/sql_injection_in_enano_cms.html"
},
{
"name" : "http://enanocms.org/News:Article/2010/11/16/Enano_1.1.8.2c_1.0.6pl3.2c_and_1.1.7pl2_released",
"refsource" : "CONFIRM",
"url" : "http://enanocms.org/News:Article/2010/11/16/Enano_1.1.8.2c_1.0.6pl3.2c_and_1.1.7pl2_released"
},
{
"name" : "45120",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45120"
},
{
"name" : "69537",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/69537"
},
{
"name" : "42375",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42375"
},
{
"name" : "8183",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8183"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the check_banlist function in includes/sessions.php in Enano CMS 1.1.7pl1; 1.0.6pl2; and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2 allows remote attackers to execute arbitrary SQL commands via the email parameter to index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15645",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15645"
},
{
"name": "42375",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42375"
},
{
"name": "http://enanocms.org/News:Article/2010/11/16/Enano_1.1.8.2c_1.0.6pl3.2c_and_1.1.7pl2_released",
"refsource": "CONFIRM",
"url": "http://enanocms.org/News:Article/2010/11/16/Enano_1.1.8.2c_1.0.6pl3.2c_and_1.1.7pl2_released"
},
{
"name": "http://packetstormsecurity.org/files/view/96229/enanocms-sqldisclose.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/96229/enanocms-sqldisclose.txt"
},
{
"name": "http://www.htbridge.ch/advisory/sql_injection_in_enano_cms.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/sql_injection_in_enano_cms.html"
},
{
"name": "69537",
"refsource": "OSVDB",
"url": "http://osvdb.org/69537"
},
{
"name": "8183",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8183"
},
{
"name": "45120",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45120"
}
]
}
}

170
2010/4xxx/CVE-2010-4781.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4781",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "index.php in Enano CMS 1.1.7pl1, and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2, allows remote attackers to obtain sensitive information via a crafted title parameter, which reveals the installation path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4781",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15645",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15645"
},
{
"name" : "http://packetstormsecurity.org/files/view/96229/enanocms-sqldisclose.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/view/96229/enanocms-sqldisclose.txt"
},
{
"name" : "http://www.htbridge.ch/advisory/path_disclosure_in_enano_cms.html",
"refsource" : "MISC",
"url" : "http://www.htbridge.ch/advisory/path_disclosure_in_enano_cms.html"
},
{
"name" : "http://enanocms.org/News:Article/2010/11/16/Enano_1.1.8.2c_1.0.6pl3.2c_and_1.1.7pl2_released",
"refsource" : "CONFIRM",
"url" : "http://enanocms.org/News:Article/2010/11/16/Enano_1.1.8.2c_1.0.6pl3.2c_and_1.1.7pl2_released"
},
{
"name" : "45120",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45120"
},
{
"name" : "8183",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8183"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "index.php in Enano CMS 1.1.7pl1, and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2, allows remote attackers to obtain sensitive information via a crafted title parameter, which reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15645",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15645"
},
{
"name": "http://enanocms.org/News:Article/2010/11/16/Enano_1.1.8.2c_1.0.6pl3.2c_and_1.1.7pl2_released",
"refsource": "CONFIRM",
"url": "http://enanocms.org/News:Article/2010/11/16/Enano_1.1.8.2c_1.0.6pl3.2c_and_1.1.7pl2_released"
},
{
"name": "http://www.htbridge.ch/advisory/path_disclosure_in_enano_cms.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/path_disclosure_in_enano_cms.html"
},
{
"name": "http://packetstormsecurity.org/files/view/96229/enanocms-sqldisclose.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/96229/enanocms-sqldisclose.txt"
},
{
"name": "8183",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8183"
},
{
"name": "45120",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45120"
}
]
}
}

190
2014/0xxx/CVE-2014-0004.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0004",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[devkit-devel] 20140310 udisks 2.1.3 / 1.0.5 security updates",
"refsource" : "MLIST",
"url" : "http://lists.freedesktop.org/archives/devkit-devel/2014-March/001568.html"
},
{
"name" : "DSA-2872",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2872"
},
{
"name" : "RHSA-2014:0293",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0293.html"
},
{
"name" : "openSUSE-SU-2014:0388",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00051.html"
},
{
"name" : "openSUSE-SU-2014:0389",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00052.html"
},
{
"name" : "openSUSE-SU-2014:0390",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00053.html"
},
{
"name" : "USN-2142-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2142-1"
},
{
"name" : "66081",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66081"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:0390",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00053.html"
},
{
"name": "openSUSE-SU-2014:0389",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00052.html"
},
{
"name": "openSUSE-SU-2014:0388",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00051.html"
},
{
"name": "RHSA-2014:0293",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0293.html"
},
{
"name": "[devkit-devel] 20140310 udisks 2.1.3 / 1.0.5 security updates",
"refsource": "MLIST",
"url": "http://lists.freedesktop.org/archives/devkit-devel/2014-March/001568.html"
},
{
"name": "USN-2142-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2142-1"
},
{
"name": "66081",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66081"
},
{
"name": "DSA-2872",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2872"
}
]
}
}

200
2014/0xxx/CVE-2014-0034.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0034",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://cxf.apache.org/security-advisories.data/CVE-2014-0034.txt.asc",
"refsource" : "CONFIRM",
"url" : "http://cxf.apache.org/security-advisories.data/CVE-2014-0034.txt.asc"
},
{
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1551228",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1551228"
},
{
"name" : "RHSA-2014:0797",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0797.html"
},
{
"name" : "RHSA-2014:0798",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0798.html"
},
{
"name" : "RHSA-2014:0799",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0799.html"
},
{
"name" : "RHSA-2014:1351",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1351.html"
},
{
"name" : "RHSA-2015:0850",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0850.html"
},
{
"name" : "RHSA-2015:0851",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0851.html"
},
{
"name" : "68441",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68441"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:0798",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0798.html"
},
{
"name": "http://cxf.apache.org/security-advisories.data/CVE-2014-0034.txt.asc",
"refsource": "CONFIRM",
"url": "http://cxf.apache.org/security-advisories.data/CVE-2014-0034.txt.asc"
},
{
"name": "68441",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68441"
},
{
"name": "http://svn.apache.org/viewvc?view=revision&revision=1551228",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1551228"
},
{
"name": "RHSA-2015:0850",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0850.html"
},
{
"name": "RHSA-2014:0797",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0797.html"
},
{
"name": "RHSA-2015:0851",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0851.html"
},
{
"name": "RHSA-2014:0799",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0799.html"
},
{
"name": "RHSA-2014:1351",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html"
}
]
}
}

120
2014/0xxx/CVE-2014-0725.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0725",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a \"file storage location,\" aka Bug ID CSCum05337."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-0725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140212 Cisco Unified Communications Manager WAR File Availability Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0725"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a \"file storage location,\" aka Bug ID CSCum05337."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140212 Cisco Unified Communications Manager WAR File Availability Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0725"
}
]
}
}

130
2014/0xxx/CVE-2014-0967.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0967",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677300",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677300"
},
{
"name" : "ibm-imdm-cve20140967-xss(92882)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92882"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677300",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677300"
},
{
"name": "ibm-imdm-cve20140967-xss(92882)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92882"
}
]
}
}

190
2014/4xxx/CVE-2014-4372.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4372",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT6441",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT6441"
},
{
"name" : "http://support.apple.com/kb/HT6442",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT6442"
},
{
"name" : "APPLE-SA-2014-09-17-1",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html"
},
{
"name" : "APPLE-SA-2014-09-17-2",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html"
},
{
"name" : "69882",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69882"
},
{
"name" : "69923",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69923"
},
{
"name" : "1030866",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030866"
},
{
"name" : "appleios-cve20144372-symlink(96082)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96082"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT6441",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6441"
},
{
"name": "1030866",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030866"
},
{
"name": "http://support.apple.com/kb/HT6442",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6442"
},
{
"name": "APPLE-SA-2014-09-17-2",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html"
},
{
"name": "69882",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69882"
},
{
"name": "APPLE-SA-2014-09-17-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html"
},
{
"name": "69923",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69923"
},
{
"name": "appleios-cve20144372-symlink(96082)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96082"
}
]
}
}

34
2014/8xxx/CVE-2014-8575.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8575",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-8575",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

34
2014/8xxx/CVE-2014-8984.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8984",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-8984",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

190
2014/9xxx/CVE-2014-9402.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9402",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-9402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141217 Re: CVE request: glibc",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/12/18/1"
},
{
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=17630",
"refsource" : "CONFIRM",
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=17630"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name" : "GLSA-201602-02",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201602-02"
},
{
"name" : "RHSA-2018:0805",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0805"
},
{
"name" : "openSUSE-SU-2015:0351",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html"
},
{
"name" : "USN-2519-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2519-1"
},
{
"name" : "71670",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71670"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=17630",
"refsource": "CONFIRM",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=17630"
},
{
"name": "openSUSE-SU-2015:0351",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html"
},
{
"name": "GLSA-201602-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201602-02"
},
{
"name": "[oss-security] 20141217 Re: CVE request: glibc",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/12/18/1"
},
{
"name": "USN-2519-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2519-1"
},
{
"name": "71670",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71670"
},
{
"name": "RHSA-2018:0805",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0805"
}
]
}
}

120
2014/9xxx/CVE-2014-9695.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2014-9695",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Tecal E9000 Chassis V100R001C00SPC160 and earlier versions",
"version" : {
"version_data" : [
{
"version_value" : "Tecal E9000 Chassis V100R001C00SPC160 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions could allow a non-super-domain user who accesses HMM through SNMPv3 to perform operations on a server as a super-domain user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Privilege Escalation"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2014-9695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tecal E9000 Chassis V100R001C00SPC160 and earlier versions",
"version": {
"version_data": [
{
"version_value": "Tecal E9000 Chassis V100R001C00SPC160 and earlier versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/hw-408118",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/hw-408118"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions could allow a non-super-domain user who accesses HMM through SNMPv3 to perform operations on a server as a super-domain user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/hw-408118",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-408118"
}
]
}
}

230
2014/9xxx/CVE-2014-9715.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9715",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[netfilter-devel] 20140526 OOPS NULL pointer dereference in nf_nat_setup_info+0x471 (reproductible, 3.14.4)",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=netfilter-devel&m=140112364215200&w=2"
},
{
"name" : "[oss-security] 20150407 CVE request netfilter connection tracking accounting.",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/04/08/1"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=223b02d923ecd7c84cf9780bb3686f455d279279",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=223b02d923ecd7c84cf9780bb3686f455d279279"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1208684",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1208684"
},
{
"name" : "https://github.com/torvalds/linux/commit/223b02d923ecd7c84cf9780bb3686f455d279279",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/223b02d923ecd7c84cf9780bb3686f455d279279"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name" : "DSA-3237",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3237"
},
{
"name" : "RHSA-2015:1564",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1564.html"
},
{
"name" : "RHSA-2015:1534",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1534.html"
},
{
"name" : "73953",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/73953"
},
{
"name" : "1032415",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032415"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "73953",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73953"
},
{
"name": "https://github.com/torvalds/linux/commit/223b02d923ecd7c84cf9780bb3686f455d279279",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/223b02d923ecd7c84cf9780bb3686f455d279279"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5"
},
{
"name": "[netfilter-devel] 20140526 OOPS NULL pointer dereference in nf_nat_setup_info+0x471 (reproductible, 3.14.4)",
"refsource": "MLIST",
"url": "http://marc.info/?l=netfilter-devel&m=140112364215200&w=2"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "[oss-security] 20150407 CVE request netfilter connection tracking accounting.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/04/08/1"
},
{
"name": "DSA-3237",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3237"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=223b02d923ecd7c84cf9780bb3686f455d279279",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=223b02d923ecd7c84cf9780bb3686f455d279279"
},
{
"name": "1032415",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032415"
},
{
"name": "RHSA-2015:1534",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1534.html"
},
{
"name": "RHSA-2015:1564",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1564.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1208684",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208684"
}
]
}
}

200
2014/9xxx/CVE-2014-9862.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9862",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://android.googlesource.com/platform/external/bsdiff/+/4d054795b673855e3a7556c6f2f7ab99ca509998",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/external/bsdiff/+/4d054795b673855e3a7556c6f2f7ab99ca509998"
},
{
"name" : "https://bugs.chromium.org/p/chromium/issues/detail?id=372525",
"refsource" : "CONFIRM",
"url" : "https://bugs.chromium.org/p/chromium/issues/detail?id=372525"
},
{
"name" : "https://chromium.googlesource.com/chromiumos/third_party/bsdiff/+/d0307d1711bd74e51b783a49f9160775aa22e659",
"refsource" : "CONFIRM",
"url" : "https://chromium.googlesource.com/chromiumos/third_party/bsdiff/+/d0307d1711bd74e51b783a49f9160775aa22e659"
},
{
"name" : "https://support.apple.com/HT206903",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT206903"
},
{
"name" : "APPLE-SA-2016-07-18-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name" : "FreeBSD-SA-16:25",
"refsource" : "FREEBSD",
"url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:25.bspatch.asc"
},
{
"name" : "openSUSE-SU-2016:1977",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00026.html"
},
{
"name" : "91824",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91824"
},
{
"name" : "1036438",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036438"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91824",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91824"
},
{
"name": "FreeBSD-SA-16:25",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:25.bspatch.asc"
},
{
"name": "https://android.googlesource.com/platform/external/bsdiff/+/4d054795b673855e3a7556c6f2f7ab99ca509998",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/external/bsdiff/+/4d054795b673855e3a7556c6f2f7ab99ca509998"
},
{
"name": "https://chromium.googlesource.com/chromiumos/third_party/bsdiff/+/d0307d1711bd74e51b783a49f9160775aa22e659",
"refsource": "CONFIRM",
"url": "https://chromium.googlesource.com/chromiumos/third_party/bsdiff/+/d0307d1711bd74e51b783a49f9160775aa22e659"
},
{
"name": "APPLE-SA-2016-07-18-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
},
{
"name": "1036438",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036438"
},
{
"name": "https://bugs.chromium.org/p/chromium/issues/detail?id=372525",
"refsource": "CONFIRM",
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=372525"
},
{
"name": "https://support.apple.com/HT206903",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206903"
},
{
"name": "openSUSE-SU-2016:1977",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00026.html"
}
]
}
}

140
2016/3xxx/CVE-2016-3355.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3355",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka \"GDI Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3355",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-106",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-106"
},
{
"name" : "92787",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92787"
},
{
"name" : "1036786",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036786"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka \"GDI Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036786",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036786"
},
{
"name": "MS16-106",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-106"
},
{
"name": "92787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92787"
}
]
}
}

170
2016/3xxx/CVE-2016-3374.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3374",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka \"PDF Library Information Disclosure Vulnerability,\" a different vulnerability than CVE-2016-3370."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3374",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html",
"refsource" : "MISC",
"url" : "http://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html"
},
{
"name" : "http://srcincite.io/advisories/src-2016-39/",
"refsource" : "MISC",
"url" : "http://srcincite.io/advisories/src-2016-39/"
},
{
"name" : "MS16-105",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105"
},
{
"name" : "MS16-115",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-115"
},
{
"name" : "92838",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92838"
},
{
"name" : "1036789",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036789"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka \"PDF Library Information Disclosure Vulnerability,\" a different vulnerability than CVE-2016-3370."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036789",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036789"
},
{
"name": "MS16-115",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-115"
},
{
"name": "http://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html",
"refsource": "MISC",
"url": "http://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html"
},
{
"name": "92838",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92838"
},
{
"name": "http://srcincite.io/advisories/src-2016-39/",
"refsource": "MISC",
"url": "http://srcincite.io/advisories/src-2016-39/"
},
{
"name": "MS16-105",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105"
}
]
}
}

170
2016/3xxx/CVE-2016-3594.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3594",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3595, and CVE-2016-3596."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988009",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988009"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988718",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988718"
},
{
"name" : "91787",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91787"
},
{
"name" : "91939",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91939"
},
{
"name" : "1036370",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036370"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3595, and CVE-2016-3596."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21988009",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988009"
},
{
"name": "91939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91939"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21988718",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988718"
},
{
"name": "1036370",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036370"
}
]
}
}

34
2016/3xxx/CVE-2016-3692.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3692",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3692",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2016/3xxx/CVE-2016-3872.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3872",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows attackers to gain privileges via a crafted application, aka internal bug 29421675."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-09-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-09-01.html"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/av/+/630ed150f7201ddadb00b8b8ce0c55c4cc6e8742",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/av/+/630ed150f7201ddadb00b8b8ce0c55c4cc6e8742"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/av/+/9f9ba255a0c59544f3555c9c45512c3a2fac5fad",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/av/+/9f9ba255a0c59544f3555c9c45512c3a2fac5fad"
},
{
"name" : "1036763",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036763"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows attackers to gain privileges via a crafted application, aka internal bug 29421675."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/630ed150f7201ddadb00b8b8ce0c55c4cc6e8742",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/630ed150f7201ddadb00b8b8ce0c55c4cc6e8742"
},
{
"name": "http://source.android.com/security/bulletin/2016-09-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-09-01.html"
},
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/9f9ba255a0c59544f3555c9c45512c3a2fac5fad",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/9f9ba255a0c59544f3555c9c45512c3a2fac5fad"
},
{
"name": "1036763",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036763"
}
]
}
}

200
2016/6xxx/CVE-2016-6153.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6153",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160701 Re: SQLite Tempdir Selection Vulnerability",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/07/01/2"
},
{
"name" : "[oss-security] 20160701 SQLite Tempdir Selection Vulnerability",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/07/01/1"
},
{
"name" : "https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt",
"refsource" : "MISC",
"url" : "https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt"
},
{
"name" : "http://www.sqlite.org/cgi/src/info/67985761aa93fb61",
"refsource" : "CONFIRM",
"url" : "http://www.sqlite.org/cgi/src/info/67985761aa93fb61"
},
{
"name" : "https://www.sqlite.org/releaselog/3_13_0.html",
"refsource" : "CONFIRM",
"url" : "https://www.sqlite.org/releaselog/3_13_0.html"
},
{
"name" : "https://www.tenable.com/security/tns-2016-20",
"refsource" : "CONFIRM",
"url" : "https://www.tenable.com/security/tns-2016-20"
},
{
"name" : "FEDORA-2016-0138339b54",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGQTH7V45QVHFDXJAEECHEO3HHD644WZ/"
},
{
"name" : "openSUSE-SU-2016:2041",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html"
},
{
"name" : "91546",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91546"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/tns-2016-20",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"name": "openSUSE-SU-2016:2041",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html"
},
{
"name": "https://www.sqlite.org/releaselog/3_13_0.html",
"refsource": "CONFIRM",
"url": "https://www.sqlite.org/releaselog/3_13_0.html"
},
{
"name": "[oss-security] 20160701 Re: SQLite Tempdir Selection Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/01/2"
},
{
"name": "91546",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91546"
},
{
"name": "http://www.sqlite.org/cgi/src/info/67985761aa93fb61",
"refsource": "CONFIRM",
"url": "http://www.sqlite.org/cgi/src/info/67985761aa93fb61"
},
{
"name": "FEDORA-2016-0138339b54",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGQTH7V45QVHFDXJAEECHEO3HHD644WZ/"
},
{
"name": "https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt",
"refsource": "MISC",
"url": "https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt"
},
{
"name": "[oss-security] 20160701 SQLite Tempdir Selection Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/01/1"
}
]
}
}

140
2016/6xxx/CVE-2016-6422.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6422",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS 12.2(33)SXJ9 on Supervisor Engine 32 and 720 modules for 6500 and 7600 devices mishandles certain operators, flags, and keywords in TCAM share ACLs, which allows remote attackers to bypass intended access restrictions by sending packets that should have been recognized by a filter, aka Bug ID CSCuy64806."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20161005 Cisco IOS Software for Cisco Catalyst 6500 Series Switches and 7600 Series Routers ACL Bypass Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-catalyst"
},
{
"name" : "93404",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93404"
},
{
"name" : "1036954",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036954"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS 12.2(33)SXJ9 on Supervisor Engine 32 and 720 modules for 6500 and 7600 devices mishandles certain operators, flags, and keywords in TCAM share ACLs, which allows remote attackers to bypass intended access restrictions by sending packets that should have been recognized by a filter, aka Bug ID CSCuy64806."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20161005 Cisco IOS Software for Cisco Catalyst 6500 Series Switches and 7600 Series Routers ACL Bypass Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-catalyst"
},
{
"name": "1036954",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036954"
},
{
"name": "93404",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93404"
}
]
}
}

130
2016/6xxx/CVE-2016-6444.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2016-6444",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Meeting Server 1.8, 1.9, 2.0",
"version" : {
"version_data" : [
{
"version_value" : "Cisco Meeting Server 1.8, 1.9, 2.0"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a Web Bridge user. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unspecified"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Meeting Server 1.8, 1.9, 2.0",
"version": {
"version_data": [
{
"version_value": "Cisco Meeting Server 1.8, 1.9, 2.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-cms",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-cms"
},
{
"name" : "93785",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93785"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a Web Bridge user. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93785",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93785"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-cms",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-cms"
}
]
}
}

136
2016/6xxx/CVE-2016-6751.json
View File

@ -1,70 +1,70 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2016-6751",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Kernel-3.10"
},
{
"version_value" : "Kernel-3.18"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30902162. References: Qualcomm QC-CR#1062271."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-6751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Kernel-3.10"
},
{
"version_value": "Kernel-3.18"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name" : "94139",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94139"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Android ID: A-30902162. References: Qualcomm QC-CR#1062271."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name": "94139",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94139"
}
]
}
}

34
2016/7xxx/CVE-2016-7455.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7455",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7455",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2016/8xxx/CVE-2016-8110.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8110",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8110",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2016/8xxx/CVE-2016-8725.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"ID" : "CVE-2016-8725",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client",
"version" : {
"version_data" : [
{
"version_value" : "1.1"
}
]
}
}
]
},
"vendor_name" : "Moxa"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without authentication can reveal sensitive information to an attacker."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2016-8725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client",
"version": {
"version_data": [
{
"version_value": "1.1"
}
]
}
}
]
},
"vendor_name": "Moxa"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.talosintelligence.com/reports/TALOS-2016-0239/",
"refsource" : "MISC",
"url" : "http://www.talosintelligence.com/reports/TALOS-2016-0239/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without authentication can reveal sensitive information to an attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0239/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0239/"
}
]
}
}

200
2016/8xxx/CVE-2016-8870.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8870",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "40637",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40637/"
},
{
"name" : "http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc",
"refsource" : "MISC",
"url" : "http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc"
},
{
"name" : "https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html",
"refsource" : "MISC",
"url" : "https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html"
},
{
"name" : "https://medium.com/@showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r",
"refsource" : "MISC",
"url" : "https://medium.com/@showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r"
},
{
"name" : "https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html",
"refsource" : "CONFIRM",
"url" : "https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html"
},
{
"name" : "https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf",
"refsource" : "CONFIRM",
"url" : "https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf"
},
{
"name" : "93876",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93876"
},
{
"name" : "1037108",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037108"
},
{
"name" : "1037107",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037107"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93876",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93876"
},
{
"name": "https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html",
"refsource": "MISC",
"url": "https://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html"
},
{
"name": "https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html",
"refsource": "CONFIRM",
"url": "https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html"
},
{
"name": "http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc",
"refsource": "MISC",
"url": "http://www.rapid7.com/db/modules/auxiliary/admin/http/joomla_registration_privesc"
},
{
"name": "40637",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40637/"
},
{
"name": "1037108",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037108"
},
{
"name": "1037107",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037107"
},
{
"name": "https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf",
"refsource": "CONFIRM",
"url": "https://github.com/joomla/joomla-cms/commit/bae1d43938c878480cfd73671e4945211538fdcf"
},
{
"name": "https://medium.com/@showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r",
"refsource": "MISC",
"url": "https://medium.com/@showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r"
}
]
}
}

200
2016/8xxx/CVE-2016-8909.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8909",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161024 CVE request Qemu: audio: intel-hda: infinite loop in processing dma buffer stream",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/24/1"
},
{
"name" : "[oss-security] 20161024 Re: CVE request Qemu: audio: intel-hda: infinite loop in processing dma buffer stream",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/24/4"
},
{
"name" : "[qemu-devel] 20161020 [PATCH] audio: intel-hda: check stream entry count during transfer",
"refsource" : "MLIST",
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg04682.html"
},
{
"name" : "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name" : "GLSA-201611-11",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201611-11"
},
{
"name" : "RHSA-2017:2392",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name" : "RHSA-2017:2408",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name" : "openSUSE-SU-2016:3237",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name" : "93842",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93842"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20161024 Re: CVE request Qemu: audio: intel-hda: infinite loop in processing dma buffer stream",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/24/4"
},
{
"name": "GLSA-201611-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-11"
},
{
"name": "[oss-security] 20161024 CVE request Qemu: audio: intel-hda: infinite loop in processing dma buffer stream",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/24/1"
},
{
"name": "RHSA-2017:2392",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "openSUSE-SU-2016:3237",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00140.html"
},
{
"name": "[qemu-devel] 20161020 [PATCH] audio: intel-hda: check stream entry count during transfer",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg04682.html"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "RHSA-2017:2408",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "93842",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93842"
}
]
}
}