admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:49:12 +00:00
parent d5392764c6
commit a64ab8fc0b
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
45 changed files with 3846 additions and 3846 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

188
2006/0xxx/CVE-2006-0236.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0236",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-assisted attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060117 Secunia Research: Mozilla Thunderbird Attachment SpoofingVulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/422148/100/0/threaded"
},
{
"name" : "http://secunia.com/secunia_research/2005-22/advisory",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2005-22/advisory"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=300246",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=300246"
},
{
"name" : "MDKSA-2006:021",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:021"
},
{
"name" : "16271",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16271"
},
{
"name" : "ADV-2006-0230",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0230"
},
{
"name" : "15907",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15907"
},
{
"name" : "thunderbird-attachment-ext-spoofing(24164)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24164"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-assisted attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16271",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16271"
},
{
"name": "MDKSA-2006:021",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:021"
},
{
"name": "thunderbird-attachment-ext-spoofing(24164)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24164"
},
{
"name": "http://secunia.com/secunia_research/2005-22/advisory",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-22/advisory"
},
{
"name": "20060117 Secunia Research: Mozilla Thunderbird Attachment SpoofingVulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422148/100/0/threaded"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=300246",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=300246"
},
{
"name": "ADV-2006-0230",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0230"
},
{
"name": "15907",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15907"
}
]
}
}

198
2006/0xxx/CVE-2006-0258.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0258",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Connection Manager component of Oracle Database server 8.1.7.4 and 9.0.1.5 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB03."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name" : "VU#545804",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/545804"
},
{
"name" : "16287",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16287"
},
{
"name" : "ADV-2006-0243",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0243"
},
{
"name" : "ADV-2006-0323",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name" : "1015499",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015499"
},
{
"name" : "18493",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18493"
},
{
"name" : "18608",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18608"
},
{
"name" : "oracle-january2006-update(24321)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Connection Manager component of Oracle Database server 8.1.7.4 and 9.0.1.5 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB03."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-january2006-update(24321)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "18493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "16287",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16287"
},
{
"name": "VU#545804",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"name": "1015499",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015499"
},
{
"name": "ADV-2006-0243",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18608"
}
]
}
}

168
2006/0xxx/CVE-2006-0497.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0497",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in PHP GEN before 1.4 allow remote attackers to inject arbitrary SQL commands via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.eyce.be/php_gen/NEWS",
"refsource" : "CONFIRM",
"url" : "http://www.eyce.be/php_gen/NEWS"
},
{
"name" : "15458",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15458"
},
{
"name" : "ADV-2006-0408",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0408"
},
{
"name" : "22885",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22885"
},
{
"name" : "18715",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18715"
},
{
"name" : "phpgen-multiple-sql-injection(24441)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24441"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in PHP GEN before 1.4 allow remote attackers to inject arbitrary SQL commands via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.eyce.be/php_gen/NEWS",
"refsource": "CONFIRM",
"url": "http://www.eyce.be/php_gen/NEWS"
},
{
"name": "18715",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18715"
},
{
"name": "phpgen-multiple-sql-injection(24441)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24441"
},
{
"name": "22885",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22885"
},
{
"name": "ADV-2006-0408",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0408"
},
{
"name": "15458",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15458"
}
]
}
}

358
2006/1xxx/CVE-2006-1526.json
View File

@ -1,182 +1,182 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1526",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a \"&\" instead of a \"*\" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-1526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[xorg] 20060502 [CVE-2006-1525] X.Org security advisory: Buffer overflow in the Xrender extension",
"refsource" : "MLIST",
"url" : "http://lists.freedesktop.org/archives/xorg/2006-May/015136.html"
},
{
"name" : "https://bugs.freedesktop.org/show_bug.cgi?id=6642",
"refsource" : "CONFIRM",
"url" : "https://bugs.freedesktop.org/show_bug.cgi?id=6642"
},
{
"name" : "FLSA:190777",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/436327/100/0/threaded"
},
{
"name" : "GLSA-200605-02",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200605-02.xml"
},
{
"name" : "MDKSA-2006:081",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:081"
},
{
"name" : "[3.8] 007: SECURITY FIX: May 2, 2006",
"refsource" : "OPENBSD",
"url" : "http://www.openbsd.org/errata38.html#xorg"
},
{
"name" : "RHSA-2006:0451",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0451.html"
},
{
"name" : "102339",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102339-1"
},
{
"name" : "SUSE-SA:2006:023",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_05_03.html"
},
{
"name" : "2006-0024",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2006/0024"
},
{
"name" : "USN-280-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/280-1/"
},
{
"name" : "VU#633257",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/633257"
},
{
"name" : "17795",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17795"
},
{
"name" : "oval:org.mitre.oval:def:9929",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9929"
},
{
"name" : "ADV-2006-1617",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1617"
},
{
"name" : "1016018",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016018"
},
{
"name" : "19915",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19915"
},
{
"name" : "19921",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19921"
},
{
"name" : "19943",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19943"
},
{
"name" : "19900",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19900"
},
{
"name" : "19916",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19916"
},
{
"name" : "19951",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19951"
},
{
"name" : "19956",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19956"
},
{
"name" : "19983",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19983"
},
{
"name" : "xorg-xrender-bo(26200)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26200"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a \"&\" instead of a \"*\" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2006:0451",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0451.html"
},
{
"name": "19921",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19921"
},
{
"name": "19943",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19943"
},
{
"name": "xorg-xrender-bo(26200)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26200"
},
{
"name": "19956",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19956"
},
{
"name": "MDKSA-2006:081",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:081"
},
{
"name": "ADV-2006-1617",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1617"
},
{
"name": "19951",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19951"
},
{
"name": "SUSE-SA:2006:023",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_05_03.html"
},
{
"name": "oval:org.mitre.oval:def:9929",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9929"
},
{
"name": "17795",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17795"
},
{
"name": "102339",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102339-1"
},
{
"name": "VU#633257",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/633257"
},
{
"name": "1016018",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016018"
},
{
"name": "GLSA-200605-02",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-02.xml"
},
{
"name": "19983",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19983"
},
{
"name": "[3.8] 007: SECURITY FIX: May 2, 2006",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata38.html#xorg"
},
{
"name": "2006-0024",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0024"
},
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=6642",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=6642"
},
{
"name": "19900",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19900"
},
{
"name": "USN-280-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/280-1/"
},
{
"name": "FLSA:190777",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/436327/100/0/threaded"
},
{
"name": "19915",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19915"
},
{
"name": "[xorg] 20060502 [CVE-2006-1525] X.Org security advisory: Buffer overflow in the Xrender extension",
"refsource": "MLIST",
"url": "http://lists.freedesktop.org/archives/xorg/2006-May/015136.html"
},
{
"name": "19916",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19916"
}
]
}
}

178
2006/1xxx/CVE-2006-1994.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1994",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in dForum 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DFORUM_PATH parameter to (1) about.php, (2) admin.php, (3) anmelden.php, (4) losethread.php, (5) config.php, (6) delpost.php, (7) delthread.php, (8) dfcode.php, (9) download.php, (10) editanoc.php, (11) forum.php, (12) login.php, (13) makethread.php, (14) menu.php, (15) newthread.php, (16) openthread.php, (17) overview.php, (18) post.php, (19) suchen.php, (20) user.php, (21) userconfig.php, (22) userinfo.php, and (23) verwalten.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060421 dForum <= 1.5 Multiple Remote File Inclusion Vulnerabilities.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/431758"
},
{
"name" : "20060421 dForum <= 1.5 Multiple Remote File Inclusion Vulnerabilities.",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045369.html"
},
{
"name" : "http://www.nukedx.com/?viewdoc=27",
"refsource" : "MISC",
"url" : "http://www.nukedx.com/?viewdoc=27"
},
{
"name" : "17650",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17650"
},
{
"name" : "ADV-2006-1482",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1482"
},
{
"name" : "19788",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19788"
},
{
"name" : "dforum-dforumpath-parameter-file-include(26035)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26035"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in dForum 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DFORUM_PATH parameter to (1) about.php, (2) admin.php, (3) anmelden.php, (4) losethread.php, (5) config.php, (6) delpost.php, (7) delthread.php, (8) dfcode.php, (9) download.php, (10) editanoc.php, (11) forum.php, (12) login.php, (13) makethread.php, (14) menu.php, (15) newthread.php, (16) openthread.php, (17) overview.php, (18) post.php, (19) suchen.php, (20) user.php, (21) userconfig.php, (22) userinfo.php, and (23) verwalten.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1482",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1482"
},
{
"name": "20060421 dForum <= 1.5 Multiple Remote File Inclusion Vulnerabilities.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431758"
},
{
"name": "19788",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19788"
},
{
"name": "20060421 dForum <= 1.5 Multiple Remote File Inclusion Vulnerabilities.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045369.html"
},
{
"name": "dforum-dforumpath-parameter-file-include(26035)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26035"
},
{
"name": "http://www.nukedx.com/?viewdoc=27",
"refsource": "MISC",
"url": "http://www.nukedx.com/?viewdoc=27"
},
{
"name": "17650",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17650"
}
]
}
}

158
2006/3xxx/CVE-2006-3898.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3898",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the Click method of the Internet.HHCtrl.1 ActiveX object before initializing the URL, which triggers a null dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://browserfun.blogspot.com/2006/07/mobb-22-internethhctrl-click.html",
"refsource" : "MISC",
"url" : "http://browserfun.blogspot.com/2006/07/mobb-22-internethhctrl-click.html"
},
{
"name" : "19109",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19109"
},
{
"name" : "ADV-2006-2952",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2952"
},
{
"name" : "27231",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27231"
},
{
"name" : "ie-hhctrl-dos(27929)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27929"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the Click method of the Internet.HHCtrl.1 ActiveX object before initializing the URL, which triggers a null dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27231",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27231"
},
{
"name": "ie-hhctrl-dos(27929)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27929"
},
{
"name": "ADV-2006-2952",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2952"
},
{
"name": "http://browserfun.blogspot.com/2006/07/mobb-22-internethhctrl-click.html",
"refsource": "MISC",
"url": "http://browserfun.blogspot.com/2006/07/mobb-22-internethhctrl-click.html"
},
{
"name": "19109",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19109"
}
]
}
}

228
2006/4xxx/CVE-2006-4046.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4046",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier for Windows, and 0.1.10_rc5 and earlier on Linux/BSD, allow remote attackers to execute arbitrary code via (1) a large .S3M file handled by the mpLoadS3M function, (2) a crafted .IT file handled by the itplayerclass::module::load function, (3) a crafted .ULT file handled by the mpLoadULT function, or (4) a crafted .AMS file handled by the mpLoadAMS function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060731 Multiple vulnerabilities in Open Cubic Player 2.6.0pre6 / 0.1.10_rc5",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441730/100/100/threaded"
},
{
"name" : "http://aluigi.altervista.org/adv/ocpbof-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/ocpbof-adv.txt"
},
{
"name" : "2094",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2094"
},
{
"name" : "19262",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19262"
},
{
"name" : "ADV-2006-3078",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3078"
},
{
"name" : "1016611",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016611"
},
{
"name" : "21267",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21267"
},
{
"name" : "1349",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1349"
},
{
"name" : "opencubicplayer-itplayerclassmoduleload-bo(28104)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28104"
},
{
"name" : "opencubicplayer-mploadams-bo(28106)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28106"
},
{
"name" : "opencubicplayer-mploads3m-bo(28103)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28103"
},
{
"name" : "opencubicplayer-mploadult-bo(28105)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28105"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier for Windows, and 0.1.10_rc5 and earlier on Linux/BSD, allow remote attackers to execute arbitrary code via (1) a large .S3M file handled by the mpLoadS3M function, (2) a crafted .IT file handled by the itplayerclass::module::load function, (3) a crafted .ULT file handled by the mpLoadULT function, or (4) a crafted .AMS file handled by the mpLoadAMS function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21267",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21267"
},
{
"name": "opencubicplayer-itplayerclassmoduleload-bo(28104)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28104"
},
{
"name": "1349",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1349"
},
{
"name": "19262",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19262"
},
{
"name": "2094",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2094"
},
{
"name": "20060731 Multiple vulnerabilities in Open Cubic Player 2.6.0pre6 / 0.1.10_rc5",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441730/100/100/threaded"
},
{
"name": "http://aluigi.altervista.org/adv/ocpbof-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/ocpbof-adv.txt"
},
{
"name": "ADV-2006-3078",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3078"
},
{
"name": "opencubicplayer-mploads3m-bo(28103)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28103"
},
{
"name": "opencubicplayer-mploadams-bo(28106)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28106"
},
{
"name": "1016611",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016611"
},
{
"name": "opencubicplayer-mploadult-bo(28105)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28105"
}
]
}
}

158
2006/4xxx/CVE-2006-4047.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4047",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Netious CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19419",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19419"
},
{
"name" : "ADV-2006-3167",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3167"
},
{
"name" : "27788",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27788"
},
{
"name" : "21347",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21347"
},
{
"name" : "netiouscms-index-sql-injection(28263)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28263"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Netious CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21347",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21347"
},
{
"name": "ADV-2006-3167",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3167"
},
{
"name": "19419",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19419"
},
{
"name": "27788",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27788"
},
{
"name": "netiouscms-index-sql-injection(28263)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28263"
}
]
}
}

128
2006/4xxx/CVE-2006-4265.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4265",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Kaspersky Anti-Hacker 1.8.180, when Stealth Mode is enabled, allows remote attackers to obtain responses to ICMP (1) timestamp and (2) netmask requests, which is inconsistent with the documented behavior of Stealth Mode."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060812 Kaspersky Anti-Hacker personal firewall unstealthy stealth mode",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/443180/100/100/threaded"
},
{
"name" : "1427",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1427"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kaspersky Anti-Hacker 1.8.180, when Stealth Mode is enabled, allows remote attackers to obtain responses to ICMP (1) timestamp and (2) netmask requests, which is inconsistent with the documented behavior of Stealth Mode."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060812 Kaspersky Anti-Hacker personal firewall unstealthy stealth mode",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443180/100/100/threaded"
},
{
"name": "1427",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1427"
}
]
}
}

208
2006/4xxx/CVE-2006-4425.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4425",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in phpCOIN 1.2.3 allow remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter in coin_includes scripts including (1) api.php, (2) common.php, (3) core.php, (4) custom.php, (5) db.php, (6) redirect.php or (7) session_set.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ADV-2006-3385",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3385"
},
{
"name" : "28219",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28219"
},
{
"name" : "28220",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28220"
},
{
"name" : "28221",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28221"
},
{
"name" : "28222",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28222"
},
{
"name" : "28223",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28223"
},
{
"name" : "28224",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28224"
},
{
"name" : "28225",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28225"
},
{
"name" : "21624",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21624"
},
{
"name" : "phpcoin-ccfgpkgpathincl-file-include(28572)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28572"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in phpCOIN 1.2.3 allow remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter in coin_includes scripts including (1) api.php, (2) common.php, (3) core.php, (4) custom.php, (5) db.php, (6) redirect.php or (7) session_set.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28224",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28224"
},
{
"name": "28221",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28221"
},
{
"name": "28222",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28222"
},
{
"name": "28220",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28220"
},
{
"name": "ADV-2006-3385",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3385"
},
{
"name": "28219",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28219"
},
{
"name": "21624",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21624"
},
{
"name": "phpcoin-ccfgpkgpathincl-file-include(28572)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28572"
},
{
"name": "28223",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28223"
},
{
"name": "28225",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28225"
}
]
}
}

128
2006/4xxx/CVE-2006-4756.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4756",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to execute arbitrary SQL commands via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ADV-2006-3562",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3562"
},
{
"name" : "21875",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21875"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to execute arbitrary SQL commands via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21875",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21875"
},
{
"name": "ADV-2006-3562",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3562"
}
]
}
}

128
2006/5xxx/CVE-2006-5810.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5810",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in modules/wfdownloads/newlist.php in XOOPS 1.0 allows remote attackers to inject arbitrary web script or HTML via the newdownloadshowdays parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://worldphantom.org/foro/index.php?PHPSESS=475e274a8eeb5ffa159e890b2a9cae64&topic=417.new",
"refsource" : "MISC",
"url" : "http://worldphantom.org/foro/index.php?PHPSESS=475e274a8eeb5ffa159e890b2a9cae64&topic=417.new"
},
{
"name" : "20927",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20927"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in modules/wfdownloads/newlist.php in XOOPS 1.0 allows remote attackers to inject arbitrary web script or HTML via the newdownloadshowdays parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://worldphantom.org/foro/index.php?PHPSESS=475e274a8eeb5ffa159e890b2a9cae64&topic=417.new",
"refsource": "MISC",
"url": "http://worldphantom.org/foro/index.php?PHPSESS=475e274a8eeb5ffa159e890b2a9cae64&topic=417.new"
},
{
"name": "20927",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20927"
}
]
}
}

178
2010/2xxx/CVE-2010-2029.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2029",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html",
"refsource" : "MISC",
"url" : "http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html"
},
{
"name" : "http://cybozu.co.jp/products/dl/notice/detail/0034.html",
"refsource" : "CONFIRM",
"url" : "http://cybozu.co.jp/products/dl/notice/detail/0034.html"
},
{
"name" : "JVN#87730223",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN87730223/index.html"
},
{
"name" : "JVNDB-2010-000016",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000016.html"
},
{
"name" : "63933",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/63933"
},
{
"name" : "39508",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39508"
},
{
"name" : "cybozu-office-dotsales-sec-bypass(57976)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57976"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39508",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39508"
},
{
"name": "http://cybozu.co.jp/products/dl/notice/detail/0034.html",
"refsource": "CONFIRM",
"url": "http://cybozu.co.jp/products/dl/notice/detail/0034.html"
},
{
"name": "JVNDB-2010-000016",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000016.html"
},
{
"name": "63933",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/63933"
},
{
"name": "cybozu-office-dotsales-sec-bypass(57976)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57976"
},
{
"name": "http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html",
"refsource": "MISC",
"url": "http://www.ipa.go.jp/security/english/vuln/201004_cybozu_en.html"
},
{
"name": "JVN#87730223",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN87730223/index.html"
}
]
}
}

128
2010/2xxx/CVE-2010-2035.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2035",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the Percha Gallery (com_perchagallery) component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1005-exploits/joomlaperchagl-lfi.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1005-exploits/joomlaperchagl-lfi.txt"
},
{
"name" : "40244",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40244"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the Percha Gallery (com_perchagallery) component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/1005-exploits/joomlaperchagl-lfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1005-exploits/joomlaperchagl-lfi.txt"
},
{
"name": "40244",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40244"
}
]
}
}

148
2010/2xxx/CVE-2010-2569.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2569",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka \"Size Value Heap Corruption in pubconv.dll Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-2569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS10-103",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-103"
},
{
"name" : "TA10-348A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
},
{
"name" : "oval:org.mitre.oval:def:11555",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11555"
},
{
"name" : "1024885",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024885"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka \"Size Value Heap Corruption in pubconv.dll Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA10-348A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
},
{
"name": "MS10-103",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-103"
},
{
"name": "oval:org.mitre.oval:def:11555",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11555"
},
{
"name": "1024885",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024885"
}
]
}
}

158
2010/2xxx/CVE-2010-2852.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2852",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in modules/headlines/magpierss/scripts/magpie_debug.php in RunCms 2.1, when the Headlines module is enabled, allows remote attackers to inject arbitrary web script or HTML via the url parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://cross-site-scripting.blogspot.com/2010/07/runcms-21-magpie-rss-module-reflected.html",
"refsource" : "MISC",
"url" : "http://cross-site-scripting.blogspot.com/2010/07/runcms-21-magpie-rss-module-reflected.html"
},
{
"name" : "41551",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41551"
},
{
"name" : "66244",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/66244"
},
{
"name" : "40521",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40521"
},
{
"name" : "runcms-magpiedebug-xss(60224)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60224"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in modules/headlines/magpierss/scripts/magpie_debug.php in RunCms 2.1, when the Headlines module is enabled, allows remote attackers to inject arbitrary web script or HTML via the url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "runcms-magpiedebug-xss(60224)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60224"
},
{
"name": "http://cross-site-scripting.blogspot.com/2010/07/runcms-21-magpie-rss-module-reflected.html",
"refsource": "MISC",
"url": "http://cross-site-scripting.blogspot.com/2010/07/runcms-21-magpie-rss-module-reflected.html"
},
{
"name": "66244",
"refsource": "OSVDB",
"url": "http://osvdb.org/66244"
},
{
"name": "41551",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41551"
},
{
"name": "40521",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40521"
}
]
}
}

138
2010/3xxx/CVE-2010-3729.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3729",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3729",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=55119",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=55119"
},
{
"name" : "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_17.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_17.html"
},
{
"name" : "oval:org.mitre.oval:def:7380",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7380"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SPDY protocol implementation in Google Chrome before 6.0.472.62 does not properly manage buffers, which might allow remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/chromium/issues/detail?id=55119",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=55119"
},
{
"name": "oval:org.mitre.oval:def:7380",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7380"
},
{
"name": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_17.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_17.html"
}
]
}
}

148
2010/3xxx/CVE-2010-3942.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3942",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka \"Win32k WriteAV Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-3942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS10-098",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-098"
},
{
"name" : "TA10-348A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
},
{
"name" : "oval:org.mitre.oval:def:11762",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11762"
},
{
"name" : "1024880",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024880"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka \"Win32k WriteAV Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA10-348A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
},
{
"name": "MS10-098",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-098"
},
{
"name": "1024880",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024880"
},
{
"name": "oval:org.mitre.oval:def:11762",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11762"
}
]
}
}

168
2010/3xxx/CVE-2010-3984.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3984",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in mng_core_com.dll in CA XOsoft Replication r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft High Availability r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft Content Distribution r12.0 SP1 and r12.5 SP2 rollup, and CA ARCserve Replication and High Availability (RHA) r15.0 SP1 allows remote attackers to execute arbitrary code via a crafted create_session_bab operation in a SOAP request to xosoapapi.asmx."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101209 CA20101209-01: Security Notice for CA XOsoft",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/515115/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-263/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-263/"
},
{
"name" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7bFEB41CE8-5023-46DF-B257-5299F492BF23%7d",
"refsource" : "CONFIRM",
"url" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7bFEB41CE8-5023-46DF-B257-5299F492BF23%7d"
},
{
"name" : "45317",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45317"
},
{
"name" : "1024852",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024852"
},
{
"name" : "42561",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42561"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in mng_core_com.dll in CA XOsoft Replication r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft High Availability r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft Content Distribution r12.0 SP1 and r12.5 SP2 rollup, and CA ARCserve Replication and High Availability (RHA) r15.0 SP1 allows remote attackers to execute arbitrary code via a crafted create_session_bab operation in a SOAP request to xosoapapi.asmx."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42561",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42561"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-263/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-263/"
},
{
"name": "20101209 CA20101209-01: Security Notice for CA XOsoft",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515115/100/0/threaded"
},
{
"name": "45317",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45317"
},
{
"name": "1024852",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024852"
},
{
"name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7bFEB41CE8-5023-46DF-B257-5299F492BF23%7d",
"refsource": "CONFIRM",
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7bFEB41CE8-5023-46DF-B257-5299F492BF23%7d"
}
]
}
}

438
2010/4xxx/CVE-2010-4008.json
View File

@ -1,222 +1,222 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4008",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-4008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[xml] 20101104 Release of libxml2-2.7.8",
"refsource" : "MLIST",
"url" : "http://mail.gnome.org/archives/xml/2010-November/msg00015.html"
},
{
"name" : "http://blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari/",
"refsource" : "MISC",
"url" : "http://blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari/"
},
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=58731",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=58731"
},
{
"name" : "http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html"
},
{
"name" : "http://support.apple.com/kb/HT4456",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4456"
},
{
"name" : "http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html",
"refsource" : "CONFIRM",
"url" : "http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html"
},
{
"name" : "http://support.apple.com/kb/HT4554",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4554"
},
{
"name" : "http://support.apple.com/kb/HT4566",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4566"
},
{
"name" : "http://support.apple.com/kb/HT4581",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4581"
},
{
"name" : "APPLE-SA-2010-11-22-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"name" : "APPLE-SA-2011-03-02-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html"
},
{
"name" : "APPLE-SA-2011-03-09-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
},
{
"name" : "APPLE-SA-2011-03-21-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name" : "DSA-2128",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2128"
},
{
"name" : "HPSBMA02662",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=130331363227777&w=2"
},
{
"name" : "SSRT100409",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=130331363227777&w=2"
},
{
"name" : "HPSBGN02970",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=139447903326211&w=2"
},
{
"name" : "MDVSA-2010:243",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:243"
},
{
"name" : "RHSA-2011:1749",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1749.html"
},
{
"name" : "RHSA-2013:0217",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0217.html"
},
{
"name" : "SUSE-SR:2010:023",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
},
{
"name" : "USN-1016-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1016-1"
},
{
"name" : "44779",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44779"
},
{
"name" : "oval:org.mitre.oval:def:12148",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12148"
},
{
"name" : "42109",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42109"
},
{
"name" : "42175",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42175"
},
{
"name" : "42314",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42314"
},
{
"name" : "42429",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42429"
},
{
"name" : "40775",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40775"
},
{
"name" : "ADV-2010-3046",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3046"
},
{
"name" : "ADV-2010-3076",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3076"
},
{
"name" : "ADV-2010-3100",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3100"
},
{
"name" : "ADV-2011-0230",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0230"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40775"
},
{
"name": "42175",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42175"
},
{
"name": "[xml] 20101104 Release of libxml2-2.7.8",
"refsource": "MLIST",
"url": "http://mail.gnome.org/archives/xml/2010-November/msg00015.html"
},
{
"name": "http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html"
},
{
"name": "HPSBMA02662",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130331363227777&w=2"
},
{
"name": "44779",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44779"
},
{
"name": "ADV-2011-0230",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0230"
},
{
"name": "ADV-2010-3046",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3046"
},
{
"name": "RHSA-2013:0217",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0217.html"
},
{
"name": "USN-1016-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1016-1"
},
{
"name": "http://blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari/",
"refsource": "MISC",
"url": "http://blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari/"
},
{
"name": "42109",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42109"
},
{
"name": "http://support.apple.com/kb/HT4566",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4566"
},
{
"name": "SUSE-SR:2010:023",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
},
{
"name": "RHSA-2011:1749",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1749.html"
},
{
"name": "APPLE-SA-2011-03-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name": "APPLE-SA-2011-03-02-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html"
},
{
"name": "http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html",
"refsource": "CONFIRM",
"url": "http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html"
},
{
"name": "ADV-2010-3100",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3100"
},
{
"name": "42314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42314"
},
{
"name": "http://support.apple.com/kb/HT4554",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4554"
},
{
"name": "DSA-2128",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2128"
},
{
"name": "MDVSA-2010:243",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:243"
},
{
"name": "APPLE-SA-2011-03-09-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html"
},
{
"name": "SSRT100409",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130331363227777&w=2"
},
{
"name": "ADV-2010-3076",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3076"
},
{
"name": "http://support.apple.com/kb/HT4456",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "oval:org.mitre.oval:def:12148",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12148"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=58731",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=58731"
},
{
"name": "HPSBGN02970",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=139447903326211&w=2"
},
{
"name": "42429",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42429"
},
{
"name": "APPLE-SA-2010-11-22-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"name": "http://support.apple.com/kb/HT4581",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4581"
}
]
}
}

178
2010/4xxx/CVE-2010-4693.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4693",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101228 [waraxe-2010-SA#079] - Reflected XSS in Coppermine 1.5.10",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/515479/100/0/threaded"
},
{
"name" : "http://www.waraxe.us/advisory-79.html",
"refsource" : "MISC",
"url" : "http://www.waraxe.us/advisory-79.html"
},
{
"name" : "45600",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45600"
},
{
"name" : "70173",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/70173"
},
{
"name" : "70174",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/70174"
},
{
"name" : "42751",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42751"
},
{
"name" : "coppermine-help-searchnew-xss(64344)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64344"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45600",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45600"
},
{
"name": "42751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42751"
},
{
"name": "70173",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70173"
},
{
"name": "20101228 [waraxe-2010-SA#079] - Reflected XSS in Coppermine 1.5.10",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515479/100/0/threaded"
},
{
"name": "70174",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70174"
},
{
"name": "coppermine-help-searchnew-xss(64344)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64344"
},
{
"name": "http://www.waraxe.us/advisory-79.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-79.html"
}
]
}
}

168
2010/4xxx/CVE-2010-4707.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4707",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The check_acl function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not verify that a certain ACL file is a regular file, which might allow local users to cause a denial of service (resource consumption) via a special file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20101004 Re: Minor security flaw with pam_xauth",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/10/03/1"
},
{
"name" : "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=Linux-PAM-1_1_2-2-gffe7058c70253d574b1963c7c93002bd410fddc9",
"refsource" : "CONFIRM",
"url" : "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=Linux-PAM-1_1_2-2-gffe7058c70253d574b1963c7c93002bd410fddc9"
},
{
"name" : "GLSA-201206-31",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"name" : "46045",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46045"
},
{
"name" : "49711",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49711"
},
{
"name" : "linuxpam-checkacl-dos(65036)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65036"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The check_acl function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not verify that a certain ACL file is a regular file, which might allow local users to cause a denial of service (resource consumption) via a special file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "linuxpam-checkacl-dos(65036)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65036"
},
{
"name": "GLSA-201206-31",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"name": "[oss-security] 20101004 Re: Minor security flaw with pam_xauth",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/10/03/1"
},
{
"name": "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=Linux-PAM-1_1_2-2-gffe7058c70253d574b1963c7c93002bd410fddc9",
"refsource": "CONFIRM",
"url": "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=Linux-PAM-1_1_2-2-gffe7058c70253d574b1963c7c93002bd410fddc9"
},
{
"name": "46045",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46045"
},
{
"name": "49711",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49711"
}
]
}
}

178
2010/4xxx/CVE-2010-4712.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4712",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a Content-Type header containing (1) multiple items separated by ; (semicolon) characters or (2) crafted string data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://zerodayinitiative.com/advisories/ZDI-10-237/",
"refsource" : "MISC",
"url" : "http://zerodayinitiative.com/advisories/ZDI-10-237/"
},
{
"name" : "http://zerodayinitiative.com/advisories/ZDI-10-238/",
"refsource" : "MISC",
"url" : "http://zerodayinitiative.com/advisories/ZDI-10-238/"
},
{
"name" : "http://www.facebook.com/note.php?note_id=477865030928",
"refsource" : "CONFIRM",
"url" : "http://www.facebook.com/note.php?note_id=477865030928"
},
{
"name" : "http://www.novell.com/support/viewContent.do?externalId=7007152&sliceId=1",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/viewContent.do?externalId=7007152&sliceId=1"
},
{
"name" : "http://www.novell.com/support/viewContent.do?externalId=7007153&sliceId=1",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/viewContent.do?externalId=7007153&sliceId=1"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=642336",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=642336"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=647757",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=647757"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a Content-Type header containing (1) multiple items separated by ; (semicolon) characters or (2) crafted string data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://zerodayinitiative.com/advisories/ZDI-10-238/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-238/"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=642336",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642336"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7007153&sliceId=1",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7007153&sliceId=1"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7007152&sliceId=1",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7007152&sliceId=1"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-10-237/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-237/"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=647757",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=647757"
},
{
"name": "http://www.facebook.com/note.php?note_id=477865030928",
"refsource": "CONFIRM",
"url": "http://www.facebook.com/note.php?note_id=477865030928"
}
]
}
}

178
2011/1xxx/CVE-2011-1280.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1280",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka \"XML External Entities Resolution Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1280",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS11-049",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049"
},
{
"name" : "48196",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/48196"
},
{
"name" : "oval:org.mitre.oval:def:12664",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664"
},
{
"name" : "1025646",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025646"
},
{
"name" : "1025647",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025647"
},
{
"name" : "1025648",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025648"
},
{
"name" : "44912",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44912"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka \"XML External Entities Resolution Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48196",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48196"
},
{
"name": "1025647",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025647"
},
{
"name": "1025648",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025648"
},
{
"name": "MS11-049",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049"
},
{
"name": "1025646",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025646"
},
{
"name": "oval:org.mitre.oval:def:12664",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664"
},
{
"name": "44912",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44912"
}
]
}
}

118
2011/5xxx/CVE-2011-5240.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5240",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Magento 1.5 and 1.6.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.unrest.ca/peerjacking",
"refsource" : "MISC",
"url" : "http://www.unrest.ca/peerjacking"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Magento 1.5 and 1.6.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.unrest.ca/peerjacking",
"refsource": "MISC",
"url": "http://www.unrest.ca/peerjacking"
}
]
}
}

158
2014/3xxx/CVE-2014-3197.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3197",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-3197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html"
},
{
"name" : "https://crbug.com/396544",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/396544"
},
{
"name" : "https://src.chromium.org/viewvc/blink?revision=179240&view=revision",
"refsource" : "CONFIRM",
"url" : "https://src.chromium.org/viewvc/blink?revision=179240&view=revision"
},
{
"name" : "RHSA-2014:1626",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1626.html"
},
{
"name" : "70273",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70273"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:1626",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1626.html"
},
{
"name": "https://crbug.com/396544",
"refsource": "CONFIRM",
"url": "https://crbug.com/396544"
},
{
"name": "https://src.chromium.org/viewvc/blink?revision=179240&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/blink?revision=179240&view=revision"
},
{
"name": "70273",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70273"
},
{
"name": "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html"
}
]
}
}

178
2014/3xxx/CVE-2014-3419.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3419",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Infoblox NetMRI before 6.8.5 has a default password of admin for the \"root\" MySQL database account, which makes it easier for local users to obtain access via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140709 Weak Local Database Credentials in Infoblox Network Automation",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/532710/100/0/threaded"
},
{
"name" : "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html",
"refsource" : "MISC",
"url" : "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html"
},
{
"name" : "http://packetstormsecurity.com/files/127410/Infoblox-6.8.4.x-Weak-MySQL-Password.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127410/Infoblox-6.8.4.x-Weak-MySQL-Password.html"
},
{
"name" : "https://github.com/depthsecurity/NetMRI-2014-3418",
"refsource" : "MISC",
"url" : "https://github.com/depthsecurity/NetMRI-2014-3418"
},
{
"name" : "68473",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68473"
},
{
"name" : "1030542",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030542"
},
{
"name" : "infoblox-cve20143419-default-account(94450)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94450"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Infoblox NetMRI before 6.8.5 has a default password of admin for the \"root\" MySQL database account, which makes it easier for local users to obtain access via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68473",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68473"
},
{
"name": "http://packetstormsecurity.com/files/127410/Infoblox-6.8.4.x-Weak-MySQL-Password.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127410/Infoblox-6.8.4.x-Weak-MySQL-Password.html"
},
{
"name": "20140709 Weak Local Database Credentials in Infoblox Network Automation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532710/100/0/threaded"
},
{
"name": "1030542",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030542"
},
{
"name": "infoblox-cve20143419-default-account(94450)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94450"
},
{
"name": "https://github.com/depthsecurity/NetMRI-2014-3418",
"refsource": "MISC",
"url": "https://github.com/depthsecurity/NetMRI-2014-3418"
},
{
"name": "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html",
"refsource": "MISC",
"url": "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html"
}
]
}
}

128
2014/3xxx/CVE-2014-3425.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3425",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NCSA Mosaic 2.0 and earlier allows local users to cause a denial of service (\"remote control\" outage) by creating a /tmp/xmosaic.pid file for every possible PID."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[emacs-diffs] 20140506 emacs-24 r117068: browse-url.el comment",
"refsource" : "MLIST",
"url" : "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00057.html"
},
{
"name" : "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/05/07/7"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NCSA Mosaic 2.0 and earlier allows local users to cause a denial of service (\"remote control\" outage) by creating a /tmp/xmosaic.pid file for every possible PID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/05/07/7"
},
{
"name": "[emacs-diffs] 20140506 emacs-24 r117068: browse-url.el comment",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00057.html"
}
]
}
}

198
2014/3xxx/CVE-2014-3698.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3698",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://hg.pidgin.im/pidgin/main/rev/ea46ab68f0dc",
"refsource" : "CONFIRM",
"url" : "http://hg.pidgin.im/pidgin/main/rev/ea46ab68f0dc"
},
{
"name" : "http://pidgin.im/news/security/?id=90",
"refsource" : "CONFIRM",
"url" : "http://pidgin.im/news/security/?id=90"
},
{
"name" : "DSA-3055",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3055"
},
{
"name" : "RHSA-2017:1854",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1854"
},
{
"name" : "openSUSE-SU-2014:1376",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html"
},
{
"name" : "openSUSE-SU-2014:1397",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html"
},
{
"name" : "USN-2390-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2390-1"
},
{
"name" : "60741",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60741"
},
{
"name" : "61968",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61968"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://hg.pidgin.im/pidgin/main/rev/ea46ab68f0dc",
"refsource": "CONFIRM",
"url": "http://hg.pidgin.im/pidgin/main/rev/ea46ab68f0dc"
},
{
"name": "http://pidgin.im/news/security/?id=90",
"refsource": "CONFIRM",
"url": "http://pidgin.im/news/security/?id=90"
},
{
"name": "RHSA-2017:1854",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1854"
},
{
"name": "USN-2390-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2390-1"
},
{
"name": "openSUSE-SU-2014:1376",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00023.html"
},
{
"name": "60741",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60741"
},
{
"name": "DSA-3055",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3055"
},
{
"name": "openSUSE-SU-2014:1397",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00037.html"
},
{
"name": "61968",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61968"
}
]
}
}

178
2014/4xxx/CVE-2014-4451.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4451",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/en-us/HT6590",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/en-us/HT6590"
},
{
"name" : "https://support.apple.com/en-us/HT204418",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/en-us/HT204418"
},
{
"name" : "APPLE-SA-2014-11-17-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html"
},
{
"name" : "71138",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71138"
},
{
"name" : "1031232",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031232"
},
{
"name" : "62504",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62504"
},
{
"name" : "appleios-cve20144451-sec-bypass(98776)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98776"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "appleios-cve20144451-sec-bypass(98776)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98776"
},
{
"name": "APPLE-SA-2014-11-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html"
},
{
"name": "https://support.apple.com/en-us/HT6590",
"refsource": "CONFIRM",
"url": "https://support.apple.com/en-us/HT6590"
},
{
"name": "62504",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62504"
},
{
"name": "71138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71138"
},
{
"name": "1031232",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031232"
},
{
"name": "https://support.apple.com/en-us/HT204418",
"refsource": "CONFIRM",
"url": "https://support.apple.com/en-us/HT204418"
}
]
}
}

138
2014/7xxx/CVE-2014-7788.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7788",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Best Free Giveaways (aka com.wIphone5GiveAways) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#663281",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/663281"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Best Free Giveaways (aka com.wIphone5GiveAways) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#663281",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/663281"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

138
2014/7xxx/CVE-2014-7896.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7896",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered Storage Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Replication Manager 6.x and 7.x before 7.6.1-06, and HP XP7 Global Link Manager Software (aka HGLM) 6.x through 8.x before 8.1.2-00, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2014-7896",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBST03274",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04582371"
},
{
"name" : "SSRT101954",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04582371"
},
{
"name" : "1031828",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031828"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered Storage Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Replication Manager 6.x and 7.x before 7.6.1-06, and HP XP7 Global Link Manager Software (aka HGLM) 6.x through 8.x before 8.1.2-00, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT101954",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04582371"
},
{
"name": "HPSBST03274",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04582371"
},
{
"name": "1031828",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031828"
}
]
}
}

138
2014/8xxx/CVE-2014-8659.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8659",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/",
"refsource" : "MISC",
"url" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/"
},
{
"name" : "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/",
"refsource" : "MISC",
"url" : "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/"
},
{
"name" : "http://service.sap.com/sap/support/notes/0002052082",
"refsource" : "MISC",
"url" : "http://service.sap.com/sap/support/notes/0002052082"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/",
"refsource": "MISC",
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/"
},
{
"name": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/",
"refsource": "MISC",
"url": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/"
},
{
"name": "http://service.sap.com/sap/support/notes/0002052082",
"refsource": "MISC",
"url": "http://service.sap.com/sap/support/notes/0002052082"
}
]
}
}

128
2014/8xxx/CVE-2014-8665.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8665",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/",
"refsource" : "MISC",
"url" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/"
},
{
"name" : "http://service.sap.com/sap/support/notes/0002018682",
"refsource" : "MISC",
"url" : "http://service.sap.com/sap/support/notes/0002018682"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://service.sap.com/sap/support/notes/0002018682",
"refsource": "MISC",
"url": "http://service.sap.com/sap/support/notes/0002018682"
},
{
"name": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/",
"refsource": "MISC",
"url": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/"
}
]
}
}

138
2014/9xxx/CVE-2014-9003.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9003",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as demonstrated by executing arbitrary commands using the c parameter in the rpc action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141112 Lantronix xPrintServer Code execution and CSRF vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Nov/24"
},
{
"name" : "http://packetstormsecurity.com/files/129091/Lantronix-xPrintServer-Remote-Command-Execution-CSRF.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129091/Lantronix-xPrintServer-Remote-Command-Execution-CSRF.html"
},
{
"name" : "xprintserver-version-csrf(98645)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98645"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as demonstrated by executing arbitrary commands using the c parameter in the rpc action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "xprintserver-version-csrf(98645)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98645"
},
{
"name": "20141112 Lantronix xPrintServer Code execution and CSRF vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/24"
},
{
"name": "http://packetstormsecurity.com/files/129091/Lantronix-xPrintServer-Remote-Command-Execution-CSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129091/Lantronix-xPrintServer-Remote-Command-Execution-CSRF.html"
}
]
}
}

148
2016/2xxx/CVE-2016-2062.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2062",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The adreno_perfcounter_query_group function in drivers/gpu/msm/adreno_perfcounter.c in the Adreno GPU driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, uses an incorrect integer data type, which allows attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and incorrect memory allocation) or possibly have unspecified other impact via a crafted IOCTL_KGSL_PERFCOUNTER_QUERY ioctl call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=27c95b64b2e4b5ff1288cbaa6e353dd803d71576",
"refsource" : "CONFIRM",
"url" : "https://codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=27c95b64b2e4b5ff1288cbaa6e353dd803d71576"
},
{
"name" : "https://www.codeaurora.org/buffer-overflow-adreno-gpu-msm-driver-cve-2016-2062",
"refsource" : "CONFIRM",
"url" : "https://www.codeaurora.org/buffer-overflow-adreno-gpu-msm-driver-cve-2016-2062"
},
{
"name" : "http://source.android.com/security/bulletin/2016-06-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-06-01.html"
},
{
"name" : "1035766",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035766"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The adreno_perfcounter_query_group function in drivers/gpu/msm/adreno_perfcounter.c in the Adreno GPU driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, uses an incorrect integer data type, which allows attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and incorrect memory allocation) or possibly have unspecified other impact via a crafted IOCTL_KGSL_PERFCOUNTER_QUERY ioctl call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=27c95b64b2e4b5ff1288cbaa6e353dd803d71576",
"refsource": "CONFIRM",
"url": "https://codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=27c95b64b2e4b5ff1288cbaa6e353dd803d71576"
},
{
"name": "https://www.codeaurora.org/buffer-overflow-adreno-gpu-msm-driver-cve-2016-2062",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/buffer-overflow-adreno-gpu-msm-driver-cve-2016-2062"
},
{
"name": "1035766",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035766"
},
{
"name": "http://source.android.com/security/bulletin/2016-06-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-06-01.html"
}
]
}
}

148
2016/2xxx/CVE-2016-2159.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"ID" : "CVE-2016-2159",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The save_submission function in mod/assign/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote authenticated users to bypass intended due-date restrictions by leveraging the student role for a web-service request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160321 moodle security release",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/03/21/1"
},
{
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52901",
"refsource" : "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52901"
},
{
"name" : "https://moodle.org/mod/forum/discuss.php?d=330182",
"refsource" : "CONFIRM",
"url" : "https://moodle.org/mod/forum/discuss.php?d=330182"
},
{
"name" : "1035333",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035333"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The save_submission function in mod/assign/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote authenticated users to bypass intended due-date restrictions by leveraging the student role for a web-service request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://moodle.org/mod/forum/discuss.php?d=330182",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=330182"
},
{
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52901",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52901"
},
{
"name": "[oss-security] 20160321 moodle security release",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/03/21/1"
},
{
"name": "1035333",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035333"
}
]
}
}

32
2016/2xxx/CVE-2016-2723.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2723",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2723",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

128
2016/6xxx/CVE-2016-6025.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6025",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstation to conduct a post-logoff session-reuse attack involving a modified URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991278",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991278"
},
{
"name" : "93345",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93345"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to obtain access by leveraging an unattended workstation to conduct a post-logoff session-reuse attack involving a modified URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93345",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93345"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991278",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991278"
}
]
}
}

334
2016/6xxx/CVE-2016-6563.json
View File

@ -1,170 +1,170 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-6563",
"STATE" : "PUBLIC",
"TITLE" : "D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DIR-823",
"version" : {
"version_data" : [
{
"affected" : "?",
"version_value" : "N/A"
}
]
}
},
{
"product_name" : "DIR-822",
"version" : {
"version_data" : [
{
"affected" : "?",
"version_value" : "N/A"
}
]
}
},
{
"product_name" : "DIR-818L(W)",
"version" : {
"version_data" : [
{
"affected" : "?",
"version_value" : "N/A"
}
]
}
},
{
"product_name" : "DIR-895L",
"version" : {
"version_data" : [
{
"affected" : "?",
"version_value" : "N/A"
}
]
}
},
{
"product_name" : "DIR-890L",
"version" : {
"version_data" : [
{
"affected" : "?",
"version_value" : "N/A"
}
]
}
},
{
"product_name" : "DIR-885L",
"version" : {
"version_data" : [
{
"affected" : "?",
"version_value" : "N/A"
}
]
}
},
{
"product_name" : "DIR-880L",
"version" : {
"version_data" : [
{
"affected" : "?",
"version_value" : "N/A"
}
]
}
},
{
"product_name" : "DIR-868L",
"version" : {
"version_data" : [
{
"affected" : "?",
"version_value" : "N/A"
}
]
}
},
{
"product_name" : "DIR-850L",
"version" : {
"version_data" : [
{
"affected" : "?",
"version_value" : "N/A"
}
]
}
}
]
},
"vendor_name" : "D-Link"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-121"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6563",
"STATE": "PUBLIC",
"TITLE": "D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DIR-823",
"version": {
"version_data": [
{
"affected": "?",
"version_value": "N/A"
}
]
}
},
{
"product_name": "DIR-822",
"version": {
"version_data": [
{
"affected": "?",
"version_value": "N/A"
}
]
}
},
{
"product_name": "DIR-818L(W)",
"version": {
"version_data": [
{
"affected": "?",
"version_value": "N/A"
}
]
}
},
{
"product_name": "DIR-895L",
"version": {
"version_data": [
{
"affected": "?",
"version_value": "N/A"
}
]
}
},
{
"product_name": "DIR-890L",
"version": {
"version_data": [
{
"affected": "?",
"version_value": "N/A"
}
]
}
},
{
"product_name": "DIR-885L",
"version": {
"version_data": [
{
"affected": "?",
"version_value": "N/A"
}
]
}
},
{
"product_name": "DIR-880L",
"version": {
"version_data": [
{
"affected": "?",
"version_value": "N/A"
}
]
}
},
{
"product_name": "DIR-868L",
"version": {
"version_data": [
{
"affected": "?",
"version_value": "N/A"
}
]
}
},
{
"product_name": "DIR-850L",
"version": {
"version_data": [
{
"affected": "?",
"version_value": "N/A"
}
]
}
}
]
},
"vendor_name": "D-Link"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "40805",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40805/"
},
{
"name" : "20161107 [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/Nov/38"
},
{
"name" : "VU#677427",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/677427"
},
{
"name" : "94130",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94130"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40805",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40805/"
},
{
"name": "VU#677427",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/677427"
},
{
"name": "94130",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94130"
},
{
"name": "20161107 [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Nov/38"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

128
2016/6xxx/CVE-2016-6901.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6901",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers with software before V200R007C00SPC900 allows remote authenticated users to cause a denial of service via format string specifiers in vectors involving partial commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-vrp-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-vrp-en"
},
{
"name" : "92618",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92618"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers with software before V200R007C00SPC900 allows remote authenticated users to cause a denial of service via format string specifiers in vectors involving partial commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92618",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92618"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-vrp-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-vrp-en"
}
]
}
}

158
2016/6xxx/CVE-2016-6987.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6987",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-6981."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-6987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html"
},
{
"name" : "GLSA-201610-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201610-10"
},
{
"name" : "RHSA-2016:2057",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2057.html"
},
{
"name" : "93492",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93492"
},
{
"name" : "1036985",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036985"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-6981."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201610-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-10"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html"
},
{
"name": "93492",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93492"
},
{
"name": "RHSA-2016:2057",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2057.html"
},
{
"name": "1036985",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036985"
}
]
}
}

168
2016/7xxx/CVE-2016-7155.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7155",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page count for descriptor rings."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160906 CVE request: Qemu: scsi: pvscsi: OOB read and infinite loop while setting descriptor rings",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/09/06/2"
},
{
"name" : "[oss-security] 20160906 Re: CVE request: Qemu: scsi: pvscsi: OOB read and infinite loop while setting descriptor rings",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/09/07/1"
},
{
"name" : "[qemu-devel] 20160901 [PATCH v3] scsi: check page count while initialising descriptor rings",
"refsource" : "MLIST",
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00050.html"
},
{
"name" : "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=7f61f4690dd153be98900a2a508b88989e692753",
"refsource" : "CONFIRM",
"url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=7f61f4690dd153be98900a2a508b88989e692753"
},
{
"name" : "92772",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92772"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page count for descriptor rings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160906 Re: CVE request: Qemu: scsi: pvscsi: OOB read and infinite loop while setting descriptor rings",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/07/1"
},
{
"name": "92772",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92772"
},
{
"name": "[qemu-devel] 20160901 [PATCH v3] scsi: check page count while initialising descriptor rings",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00050.html"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=7f61f4690dd153be98900a2a508b88989e692753",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=7f61f4690dd153be98900a2a508b88989e692753"
},
{
"name": "[oss-security] 20160906 CVE request: Qemu: scsi: pvscsi: OOB read and infinite loop while setting descriptor rings",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/06/2"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
]
}
}

150
2017/5xxx/CVE-2017-5379.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2017-5379",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "51"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. This vulnerability affects Firefox < 51."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use-after-free in Web Animations"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-5379",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "51"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1309198",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1309198"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-01/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-01/"
},
{
"name" : "95763",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95763"
},
{
"name" : "1037693",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037693"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. This vulnerability affects Firefox < 51."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free in Web Animations"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1309198",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1309198"
},
{
"name": "1037693",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037693"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-01/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
},
{
"name": "95763",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95763"
}
]
}
}

138
2017/5xxx/CVE-2017-5981.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5981",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (assertion failure and crash) via a crafted ZIP file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.gentoo.org/ago/2017/02/09/zziplib-assertion-failure-in-seeko-c/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2017/02/09/zziplib-assertion-failure-in-seeko-c/"
},
{
"name" : "DSA-3878",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3878"
},
{
"name" : "96268",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96268"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (assertion failure and crash) via a crafted ZIP file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96268",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96268"
},
{
"name": "https://blogs.gentoo.org/ago/2017/02/09/zziplib-assertion-failure-in-seeko-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/02/09/zziplib-assertion-failure-in-seeko-c/"
},
{
"name": "DSA-3878",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3878"
}
]
}
}