admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:01:40 +00:00
parent df1a0ba43d
commit aeb6922d47
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 4273 additions and 4273 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
2006/0xxx/CVE-2006-0273.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0273", "ID": "CVE-2006-0273",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Portal component of Oracle Application Server 9.0.4.2 and 10.1.2.0 has unspecified impact and attack vectors, as identified by Oracle Vuln# AS01."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Portal component of Oracle Application Server 9.0.4.2 and 10.1.2.0 has unspecified impact and attack vectors, as identified by Oracle Vuln# AS01."
{ }
"name" : "VU#545804", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/545804" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16287", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16287" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-0243", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/0243" ]
}, },
{ "references": {
"name" : "ADV-2006-0323", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0323" "name": "oracle-january2006-update(24321)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
"name" : "1015499", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015499" "name": "18493",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18493"
"name" : "18493", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18493" "name": "ADV-2006-0323",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/0323"
"name" : "18608", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18608" "name": "16287",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/16287"
"name" : "oracle-january2006-update(24321)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" "name": "VU#545804",
} "refsource": "CERT-VN",
] "url": "http://www.kb.cert.org/vuls/id/545804"
} },
} {
"name": "1015499",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015499"
},
{
"name": "ADV-2006-0243",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18608"
}
]
}
}

150
2006/0xxx/CVE-2006-0445.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0445", "ID": "CVE-2006-0445",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "index.php in Phpclanwebsite 1.23.1 allows remote authenticated users to obtain the installation path by specifying an invalid file name to the uploader page, as demonstrated by \"\\\", which will display the full path of uploader.php. NOTE: this might be the result of a file inclusion vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060125 HYSA-2006-002 Phpclanwebsite 1.23.1 Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/423145/100/0/threaded" "lang": "eng",
}, "value": "index.php in Phpclanwebsite 1.23.1 allows remote authenticated users to obtain the installation path by specifying an invalid file name to the uploader page, as demonstrated by \"\\\", which will display the full path of uploader.php. NOTE: this might be the result of a file inclusion vulnerability."
{ }
"name" : "http://www.h4cky0u.org/advisories/HYSA-2006-002-phpclan.txt", ]
"refsource" : "MISC", },
"url" : "http://www.h4cky0u.org/advisories/HYSA-2006-002-phpclan.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16391", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16391" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "22721", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/22721" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20060125 HYSA-2006-002 Phpclanwebsite 1.23.1 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423145/100/0/threaded"
},
{
"name": "16391",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16391"
},
{
"name": "http://www.h4cky0u.org/advisories/HYSA-2006-002-phpclan.txt",
"refsource": "MISC",
"url": "http://www.h4cky0u.org/advisories/HYSA-2006-002-phpclan.txt"
},
{
"name": "22721",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22721"
}
]
}
}

160
2006/0xxx/CVE-2006-0477.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0477", "ID": "CVE-2006-0477",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in git-checkout-index in GIT before 1.1.5 allows remote attackers to execute arbitrary code via an index file with a long symbolic link."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://lwn.net/Articles/169623/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://lwn.net/Articles/169623/" "lang": "eng",
}, "value": "Buffer overflow in git-checkout-index in GIT before 1.1.5 allows remote attackers to execute arbitrary code via an index file with a long symbolic link."
{ }
"name" : "16417", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/16417" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-0367", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0367" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "18643", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/18643" ]
}, },
{ "references": {
"name" : "git-gitcheckoutindex-bo(24360)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24360" "name": "http://lwn.net/Articles/169623/",
} "refsource": "CONFIRM",
] "url": "http://lwn.net/Articles/169623/"
} },
} {
"name": "18643",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18643"
},
{
"name": "16417",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16417"
},
{
"name": "git-gitcheckoutindex-bo(24360)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24360"
},
{
"name": "ADV-2006-0367",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0367"
}
]
}
}

180
2006/0xxx/CVE-2006-0624.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0624", "ID": "CVE-2006-0624",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in check.asp in Whomp Real Estate Manager XP 2005 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060208 Whomp Real Estate Manager XP 2005 Sql Injection", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/424389/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in check.asp in Whomp Real Estate Manager XP 2005 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters."
{ }
"name" : "16544", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/16544" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-0489", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0489" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "22969", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/22969" ]
}, },
{ "references": {
"name" : "18780", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18780" "name": "22969",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/22969"
"name" : "418", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/418" "name": "18780",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18780"
"name" : "whomp-login-sql-injection(24592)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24592" "name": "ADV-2006-0489",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/0489"
} },
} {
"name": "418",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/418"
},
{
"name": "20060208 Whomp Real Estate Manager XP 2005 Sql Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424389/100/0/threaded"
},
{
"name": "16544",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16544"
},
{
"name": "whomp-login-sql-injection(24592)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24592"
}
]
}
}

140
2006/1xxx/CVE-2006-1287.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1287", "ID": "CVE-2006-1287",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060130 allows remote attackers to steal cookies and probably conduct other activities when the victim is using Internet Explorer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://forums.invisionpower.com/index.php?showtopic=206790", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://forums.invisionpower.com/index.php?showtopic=206790" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060130 allows remote attackers to steal cookies and probably conduct other activities when the victim is using Internet Explorer."
{ }
"name" : "ADV-2006-0861", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2006/0861" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "19141", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19141" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "19141",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19141"
},
{
"name": "ADV-2006-0861",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0861"
},
{
"name": "http://forums.invisionpower.com/index.php?showtopic=206790",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=206790"
}
]
}
}

170
2006/1xxx/CVE-2006-1327.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1327", "ID": "CVE-2006-1327",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in reg.php in SoftBB 0.1 allows remote attackers to execute arbitrary SQL commands via the mail parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "1594", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/1594" "lang": "eng",
}, "value": "SQL injection vulnerability in reg.php in SoftBB 0.1 allows remote attackers to execute arbitrary SQL commands via the mail parameter."
{ }
"name" : "17160", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/17160" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-1002", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1002" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "23999", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/23999" ]
}, },
{ "references": {
"name" : "19283", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19283" "name": "23999",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/23999"
"name" : "softbb-reg-sql-injection(25320)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25320" "name": "1594",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/1594"
} },
} {
"name": "softbb-reg-sql-injection(25320)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25320"
},
{
"name": "17160",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17160"
},
{
"name": "19283",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19283"
},
{
"name": "ADV-2006-1002",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1002"
}
]
}
}

360
2006/3xxx/CVE-2006-3193.json
View File

@ -1,182 +1,182 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3193", "ID": "CVE-2006-3193",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS 1.1.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) includes/content/contact_content.php; multiple files in adminpanel/includes/add_forms/ including (2) addbioform.php, (3) addfliersform.php, (4) addgenmerchform.php, (5) addinterviewsform.php, (6) addlinksform.php, (7) addlyricsform.php, (8) addmembioform.php, (9) addmerchform.php, (10) addmerchpicform.php, (11) addnewsform.php, (12) addphotosform.php, (13) addreleaseform.php, (14) addreleasepicform.php, (15) addrelmerchform.php, (16) addreviewsform.php, (17) addshowsform.php, (18) addwearmerchform.php; (19) adminpanel/includes/mailinglist/disphtmltbl.php, and (20) adminpanel/includes/mailinglist/dispxls.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "1933", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/1933" "lang": "eng",
}, "value": "Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS 1.1.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) includes/content/contact_content.php; multiple files in adminpanel/includes/add_forms/ including (2) addbioform.php, (3) addfliersform.php, (4) addgenmerchform.php, (5) addinterviewsform.php, (6) addlinksform.php, (7) addlyricsform.php, (8) addmembioform.php, (9) addmerchform.php, (10) addmerchpicform.php, (11) addnewsform.php, (12) addphotosform.php, (13) addreleaseform.php, (14) addreleasepicform.php, (15) addrelmerchform.php, (16) addreviewsform.php, (17) addshowsform.php, (18) addwearmerchform.php; (19) adminpanel/includes/mailinglist/disphtmltbl.php, and (20) adminpanel/includes/mailinglist/dispxls.php."
{ }
"name" : "http://sourceforge.net/project/shownotes.php?release_id=428062", ]
"refsource" : "CONFIRM", },
"url" : "http://sourceforge.net/project/shownotes.php?release_id=428062" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "18555", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/18555" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-2462", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/2462" ]
}, },
{ "references": {
"name" : "27240", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27240" "name": "27251",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/27251"
"name" : "27241", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27241" "name": "27242",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/27242"
"name" : "27242", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27242" "name": "http://sourceforge.net/project/shownotes.php?release_id=428062",
}, "refsource": "CONFIRM",
{ "url": "http://sourceforge.net/project/shownotes.php?release_id=428062"
"name" : "27243", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27243" "name": "27245",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/27245"
"name" : "27244", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27244" "name": "27238",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/27238"
"name" : "27245", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27245" "name": "27250",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/27250"
"name" : "27247", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27247" "name": "27252",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/27252"
"name" : "27248", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27248" "name": "27240",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/27240"
"name" : "27249", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27249" "name": "27241",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/27241"
"name" : "27250", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27250" "name": "27244",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/27244"
"name" : "27251", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27251" "name": "27246",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/27246"
"name" : "27252", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27252" "name": "27235",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/27235"
"name" : "27233", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27233" "name": "18555",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/18555"
"name" : "27234", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27234" "name": "27233",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/27233"
"name" : "27235", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27235" "name": "27234",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/27234"
"name" : "27236", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27236" "name": "27236",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/27236"
"name" : "27237", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27237" "name": "1933",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/1933"
"name" : "27238", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27238" "name": "27239",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/27239"
"name" : "27239", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27239" "name": "27248",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/27248"
"name" : "27246", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27246" "name": "27249",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/27249"
"name" : "20768", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20768" "name": "27237",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/27237"
} },
} {
"name": "20768",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20768"
},
{
"name": "ADV-2006-2462",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2462"
},
{
"name": "27247",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27247"
},
{
"name": "27243",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27243"
}
]
}
}

210
2006/3xxx/CVE-2006-3274.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3274", "ID": "CVE-2006-3274",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \\ (backslash) characters in the URL to certain directories under the web root, such as the image directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060623 [SNS Advisory No.88] Webmin Directory Traversal Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/438149/100/0/threaded" "lang": "eng",
}, "value": "Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \\ (backslash) characters in the URL to certain directories under the web root, such as the image directory."
{ }
"name" : "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html", ]
"refsource" : "MISC", },
"url" : "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.webmin.com/changes.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.webmin.com/changes.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "JVN#67974490", ]
"refsource" : "JVN", }
"url" : "http://jvn.jp/jp/JVN%2367974490/index.html" ]
}, },
{ "references": {
"name" : "18613", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/18613" "name": "20060623 [SNS Advisory No.88] Webmin Directory Traversal Vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/438149/100/0/threaded"
"name" : "ADV-2006-2493", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2493" "name": "webmin-backslash-directory-traversal(27366)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27366"
"name" : "1016375", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016375" "name": "http://www.webmin.com/changes.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.webmin.com/changes.html"
"name" : "20777", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20777" "name": "1161",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/1161"
"name" : "1161", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1161" "name": "1016375",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016375"
"name" : "webmin-backslash-directory-traversal(27366)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27366" "name": "20777",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/20777"
} },
} {
"name": "ADV-2006-2493",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2493"
},
{
"name": "JVN#67974490",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2367974490/index.html"
},
{
"name": "18613",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18613"
},
{
"name": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html",
"refsource": "MISC",
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html"
}
]
}
}

210
2006/3xxx/CVE-2006-3955.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3955", "ID": "CVE-2006-3955",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) news.php, (2) search.php, or (3) whosOnline.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060720 MiniBB Forum <= 1.5a Remote File Include (news.php)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/440875/100/100/threaded" "lang": "eng",
}, "value": "Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) news.php, (2) search.php, or (3) whosOnline.php."
{ }
"name" : "20060721 MiniBB Forum <= 1.5a Remote File Include (search.php-whosOnline.php)", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/440839/100/100/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "19095", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/19095" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "28674", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/28674" ]
}, },
{ "references": {
"name" : "28675", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/28675" "name": "1315",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/1315"
"name" : "28676", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/28676" "name": "1016557",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016557"
"name" : "1016557", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016557" "name": "28675",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/28675"
"name" : "1016558", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016558" "name": "1016558",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016558"
"name" : "1315", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1315" "name": "28676",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/28676"
"name" : "minibb-multiple-scripts-file-include(27905)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27905" "name": "20060720 MiniBB Forum <= 1.5a Remote File Include (news.php)",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/440875/100/100/threaded"
} },
} {
"name": "28674",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28674"
},
{
"name": "19095",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19095"
},
{
"name": "20060721 MiniBB Forum <= 1.5a Remote File Include (search.php-whosOnline.php)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440839/100/100/threaded"
},
{
"name": "minibb-multiple-scripts-file-include(27905)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27905"
}
]
}
}

200
2006/4xxx/CVE-2006-4126.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4126", "ID": "CVE-2006-4126",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dc_chat function in cmd.dc.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to cause a denial of service (application crash) by sending a client message before providing the nickname, which triggers a null pointer dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060806 Multiple vulnerabilities in DConnect Daemon 0.7.0 (CVS 30 Jul 2006)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/442440/100/0/threaded" "lang": "eng",
}, "value": "The dc_chat function in cmd.dc.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to cause a denial of service (application crash) by sending a client message before providing the nickname, which triggers a null pointer dereference."
{ }
"name" : "http://www.dc.ds.pg.gda.pl/", ]
"refsource" : "CONFIRM", },
"url" : "http://www.dc.ds.pg.gda.pl/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.dc.ds.pg.gda.pl/?page=doc&doc=changelog", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.dc.ds.pg.gda.pl/?page=doc&doc=changelog" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "19370", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/19370" ]
}, },
{ "references": {
"name" : "ADV-2006-3181", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3181" "name": "20060806 Multiple vulnerabilities in DConnect Daemon 0.7.0 (CVS 30 Jul 2006)",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/442440/100/0/threaded"
"name" : "1016641", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016641" "name": "ADV-2006-3181",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3181"
"name" : "21384", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21384" "name": "dconnect-daemon-dcchat-dos(28279)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28279"
"name" : "1377", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1377" "name": "21384",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21384"
"name" : "dconnect-daemon-dcchat-dos(28279)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28279" "name": "19370",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/19370"
} },
} {
"name": "1377",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1377"
},
{
"name": "http://www.dc.ds.pg.gda.pl/",
"refsource": "CONFIRM",
"url": "http://www.dc.ds.pg.gda.pl/"
},
{
"name": "1016641",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016641"
},
{
"name": "http://www.dc.ds.pg.gda.pl/?page=doc&doc=changelog",
"refsource": "CONFIRM",
"url": "http://www.dc.ds.pg.gda.pl/?page=doc&doc=changelog"
}
]
}
}

160
2006/4xxx/CVE-2006-4186.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4186", "ID": "CVE-2006-4186",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes passwords in plaintext to a log file, which allows local users to obtain passwords by reading the file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973826.htm", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973826.htm" "lang": "eng",
}, "value": "The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes passwords in plaintext to a log file, which allows local users to obtain passwords by reading the file."
{ }
"name" : "19499", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/19499" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "28370", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/28370" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1016695", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1016695" ]
}, },
{ "references": {
"name" : "21496", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21496" "name": "19499",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/19499"
} },
} {
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973826.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973826.htm"
},
{
"name": "1016695",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016695"
},
{
"name": "21496",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21496"
},
{
"name": "28370",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28370"
}
]
}
}

850
2006/4xxx/CVE-2006-4340.json
View File

@ -1,427 +1,427 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2006-4340", "ID": "CVE-2006-4340",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060915 rPSA-2006-0169-1 firefox thunderbird", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/446140/100/0/threaded" "lang": "eng",
}, "value": "Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462."
{ }
"name" : "[ietf-openpgp] 20060827 Bleichenbacher's RSA signature forgery based on implementation error", ]
"refsource" : "MLIST", },
"url" : "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/", "description": [
"refsource" : "MISC", {
"url" : "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html", ]
"refsource" : "MISC", }
"url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html" ]
}, },
{ "references": {
"name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html" "name": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/",
}, "refsource": "MISC",
{ "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm", },
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm" "name": "1016858",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016858"
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm", },
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm" "name": "22992",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22992"
"name" : "https://issues.rpath.com/browse/RPL-640", },
"refsource" : "CONFIRM", {
"url" : "https://issues.rpath.com/browse/RPL-640" "name": "ADV-2006-3748",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3748"
"name" : "DSA-1191", },
"refsource" : "DEBIAN", {
"url" : "http://www.us.debian.org/security/2006/dsa-1191" "name": "1016859",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016859"
"name" : "DSA-1192", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1192" "name": "RHSA-2006:0676",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html"
"name" : "DSA-1210", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1210" "name": "23883",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/23883"
"name" : "GLSA-200609-19", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200609-19.xml" "name": "ADV-2006-3899",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3899"
"name" : "GLSA-200610-01", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200610-01.xml" "name": "22044",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22044"
"name" : "GLSA-200610-06", },
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml" "name": "22055",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22055"
"name" : "HPSBUX02153", },
"refsource" : "HP", {
"url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" "name": "22195",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22195"
"name" : "SSRT061181", },
"refsource" : "HP", {
"url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" "name": "USN-361-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-361-1"
"name" : "MDKSA-2006:168", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168" "name": "USN-352-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-352-1"
"name" : "MDKSA-2006:169", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169" "name": "22446",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22446"
"name" : "RHSA-2006:0676", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0676.html" "name": "21950",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21950"
"name" : "RHSA-2006:0677", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0677.html" "name": "USN-351-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-351-1"
"name" : "RHSA-2006:0675", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0675.html" "name": "22025",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22025"
"name" : "20060901-01-P", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc" "name": "22056",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22056"
"name" : "102648", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1" "name": "[ietf-openpgp] 20060827 Bleichenbacher's RSA signature forgery based on implementation error",
}, "refsource": "MLIST",
{ "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
"name" : "102781", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1" "name": "TA06-312A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA06-312A.html"
"name" : "SUSE-SA:2006:054", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html" "name": "22247",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22247"
"name" : "SUSE-SA:2006:055", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2006_55_ssl.html" "name": "MDKSA-2006:168",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"
"name" : "USN-350-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-350-1" "name": "DSA-1191",
}, "refsource": "DEBIAN",
{ "url": "http://www.us.debian.org/security/2006/dsa-1191"
"name" : "USN-351-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-351-1" "name": "ADV-2007-0293",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/0293"
"name" : "USN-352-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-352-1" "name": "22210",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22210"
"name" : "USN-354-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-354-1" "name": "DSA-1210",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1210"
"name" : "USN-361-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-361-1" "name": "24711",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/24711"
"name" : "TA06-312A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-312A.html" "name": "ADV-2006-3622",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3622"
"name" : "oval:org.mitre.oval:def:11007", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007" "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html"
"name" : "ADV-2006-3617", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3617" "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm"
"name" : "ADV-2006-3622", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3622" "name": "1016860",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016860"
"name" : "ADV-2006-3899", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3899" "name": "22849",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22849"
"name" : "ADV-2007-0293", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/0293" "name": "ADV-2008-0083",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/0083"
"name" : "ADV-2007-1198", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/1198" "name": "20060901-01-P",
}, "refsource": "SGI",
{ "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
"name" : "ADV-2006-3748", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3748" "name": "21939",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21939"
"name" : "ADV-2008-0083", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0083" "name": "ADV-2006-3617",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3617"
"name" : "1016858", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016858" "name": "GLSA-200610-06",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml"
"name" : "1016859", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016859" "name": "21915",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21915"
"name" : "1016860", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016860" "name": "ADV-2007-1198",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/1198"
"name" : "21906", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21906" "name": "RHSA-2006:0677",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html"
"name" : "21949", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21949" "name": "DSA-1192",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1192"
"name" : "21903", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21903" "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm"
"name" : "21915", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21915" "name": "GLSA-200609-19",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200609-19.xml"
"name" : "21916", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21916" "name": "SSRT061181",
}, "refsource": "HP",
{ "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
"name" : "21939", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21939" "name": "22274",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22274"
"name" : "21940", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21940" "name": "RHSA-2006:0675",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html"
"name" : "21950", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21950" "name": "21940",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21940"
"name" : "22036", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22036" "name": "mozilla-nss-security-bypass(30098)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30098"
"name" : "22001", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22001" "name": "102648",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1"
"name" : "22025", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22025" "name": "22001",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22001"
"name" : "22055", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22055" "name": "20060915 rPSA-2006-0169-1 firefox thunderbird",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded"
"name" : "22074", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22074" "name": "21903",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21903"
"name" : "22088", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22088" "name": "USN-350-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-350-1"
"name" : "22210", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22210" "name": "21906",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21906"
"name" : "22226", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22226" "name": "HPSBUX02153",
}, "refsource": "HP",
{ "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
"name" : "22247", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22247" "name": "22342",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22342"
"name" : "22274", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22274" "name": "GLSA-200610-01",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml"
"name" : "22299", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22299" "name": "22074",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22074"
"name" : "22342", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22342" "name": "22226",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22226"
"name" : "22422", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22422" "name": "22066",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22066"
"name" : "22446", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22446" "name": "22088",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22088"
"name" : "22849", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22849" "name": "21949",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21949"
"name" : "22056", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22056" "name": "SUSE-SA:2006:054",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
"name" : "22195", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22195" "name": "https://issues.rpath.com/browse/RPL-640",
}, "refsource": "CONFIRM",
{ "url": "https://issues.rpath.com/browse/RPL-640"
"name" : "22992", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22992" "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html",
}, "refsource": "MISC",
{ "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html"
"name" : "23883", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23883" "name": "22036",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22036"
"name" : "22044", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22044" "name": "SUSE-SA:2006:055",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2006_55_ssl.html"
"name" : "24711", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/24711" "name": "oval:org.mitre.oval:def:11007",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007"
"name" : "22066", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22066" "name": "USN-354-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-354-1"
"name" : "mozilla-nss-security-bypass(30098)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30098" "name": "102781",
} "refsource": "SUNALERT",
] "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1"
} },
} {
"name": "22422",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22422"
},
{
"name": "22299",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22299"
},
{
"name": "MDKSA-2006:169",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169"
},
{
"name": "21916",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21916"
}
]
}
}

200
2006/4xxx/CVE-2006-4631.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4631", "ID": "CVE-2006-4631",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Direct static code injection vulnerability in admin/save_opt.php in SoftBB 0.1, and possibly earlier, allows remote authenticated users to upload and execute arbitrary PHP code via the cache_forum parameter, which saves the code to info_options.php, which is accessible via a direct request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060904 SoftBB 0.1 Remote PHP Code Execution Exploit", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/445087/100/0/threaded" "lang": "eng",
}, "value": "Direct static code injection vulnerability in admin/save_opt.php in SoftBB 0.1, and possibly earlier, allows remote authenticated users to upload and execute arbitrary PHP code via the cache_forum parameter, which saves the code to info_options.php, which is accessible via a direct request."
{ }
"name" : "http://acid-root.new.fr/advisories/10060904.txt", ]
"refsource" : "MISC", },
"url" : "http://acid-root.new.fr/advisories/10060904.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "2300", "description": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2300" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-3478", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/3478" ]
}, },
{ "references": {
"name" : "28579", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/28579" "name": "2300",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/2300"
"name" : "1016785", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016785" "name": "21761",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21761"
"name" : "21761", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21761" "name": "28579",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/28579"
"name" : "1521", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1521" "name": "ADV-2006-3478",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3478"
"name" : "softbb-admin-file-include(28749)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28749" "name": "1016785",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1016785"
} },
} {
"name": "1521",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1521"
},
{
"name": "http://acid-root.new.fr/advisories/10060904.txt",
"refsource": "MISC",
"url": "http://acid-root.new.fr/advisories/10060904.txt"
},
{
"name": "softbb-admin-file-include(28749)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28749"
},
{
"name": "20060904 SoftBB 0.1 Remote PHP Code Execution Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445087/100/0/threaded"
}
]
}
}

130
2006/4xxx/CVE-2006-4749.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4749", "ID": "CVE-2006-4749",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpATM) 1.20 allow remote attackers to execute arbitrary PHP code via the include_location parameter in (1) activate.php, (2) configure.php, (3) fileop.php, (4) getimg.php, (5) ipblocked.php, (6) register.php, (7) showrecent.php, (8) showtophits.php, (9) usrmanag.php, (10) viewer_bottom.php, (11) viewer_content.php, and (12) viewer_top.php. NOTE: The login.php and confirm.php vectors are already covered by CVE-2006-4594."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060910 PHP Advanced Transfer Manager v1.20 ; Multiple Remote File Include Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/445742/100/0/threaded" "lang": "eng",
}, "value": "Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpATM) 1.20 allow remote attackers to execute arbitrary PHP code via the include_location parameter in (1) activate.php, (2) configure.php, (3) fileop.php, (4) getimg.php, (5) ipblocked.php, (6) register.php, (7) showrecent.php, (8) showtophits.php, (9) usrmanag.php, (10) viewer_bottom.php, (11) viewer_content.php, and (12) viewer_top.php. NOTE: The login.php and confirm.php vectors are already covered by CVE-2006-4594."
{ }
"name" : "atm-include-file-include(28874)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28874" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060910 PHP Advanced Transfer Manager v1.20 ; Multiple Remote File Include Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445742/100/0/threaded"
},
{
"name": "atm-include-file-include(28874)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28874"
}
]
}
}

130
2010/2xxx/CVE-2010-2269.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2269", "ID": "CVE-2010-2269",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in loadstatic.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf" "lang": "eng",
}, "value": "Directory traversal vulnerability in loadstatic.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter."
{ }
"name" : "VU#245081", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/245081" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf",
"refsource": "MISC",
"url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
},
{
"name": "VU#245081",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/245081"
}
]
}
}

150
2010/2xxx/CVE-2010-2323.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2323", "ID": "CVE-2010-2323",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS might allow attackers to obtain sensitive information by reading the default_create.log file that is associated with profile creation by the BBOWWPFx job and the zPMT."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "PM10454", "description_data": [
"refsource" : "AIXAPAR", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM10454" "lang": "eng",
}, "value": "IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS might allow attackers to obtain sensitive information by reading the default_create.log file that is associated with profile creation by the BBOWWPFx job and the zPMT."
{ }
"name" : "PM15830", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM15830" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "40096", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40096" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2010-1411", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2010/1411" ]
} },
] "references": {
} "reference_data": [
} {
"name": "ADV-2010-1411",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1411"
},
{
"name": "PM15830",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM15830"
},
{
"name": "40096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40096"
},
{
"name": "PM10454",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM10454"
}
]
}
}

120
2010/3xxx/CVE-2010-3017.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security_alert@emc.com",
"ID" : "CVE-2010-3017", "ID": "CVE-2010-3017",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in RSA Access Manager Agent 4.7.1 before 4.7.1.7, when RSA Adaptive Authentication Integration is enabled, allows remote attackers to bypass authentication and obtain sensitive information via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100908 ESA-2010-016: RSA, The Security Division of EMC, releases security hot fix for a potential vulnerability in RSA&reg; Access Manager Agent when working with RSA&reg; Adaptive Authentication.", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2010-09/0057.html" "lang": "eng",
} "value": "Unspecified vulnerability in RSA Access Manager Agent 4.7.1 before 4.7.1.7, when RSA Adaptive Authentication Integration is enabled, allows remote attackers to bypass authentication and obtain sensitive information via unknown vectors."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100908 ESA-2010-016: RSA, The Security Division of EMC, releases security hot fix for a potential vulnerability in RSA&reg; Access Manager Agent when working with RSA&reg; Adaptive Authentication.",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-09/0057.html"
}
]
}
}

130
2010/3xxx/CVE-2010-3245.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3245", "ID": "CVE-2010-3245",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The automated-backup functionality in Blackboard Transact Suite (formerly Blackboard Commerce Suite) stores the (1) database username and (2) database password in cleartext in (a) script and (b) batch (.bat) files, which allows local users to obtain sensitive information by reading a file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.kb.cert.org/vuls/id/MAPG-86YPVM", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.kb.cert.org/vuls/id/MAPG-86YPVM" "lang": "eng",
}, "value": "The automated-backup functionality in Blackboard Transact Suite (formerly Blackboard Commerce Suite) stores the (1) database username and (2) database password in cleartext in (a) script and (b) batch (.bat) files, which allows local users to obtain sensitive information by reading a file."
{ }
"name" : "VU#204055", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/204055" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kb.cert.org/vuls/id/MAPG-86YPVM",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/MAPG-86YPVM"
},
{
"name": "VU#204055",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/204055"
}
]
}
}

220
2010/3xxx/CVE-2010-3970.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2010-3970", "ID": "CVE-2010-3970",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka \"Windows Shell Graphics Processing Overrun Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.powerofcommunity.net/speaker.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.powerofcommunity.net/speaker.html" "lang": "eng",
}, "value": "Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka \"Windows Shell Graphics Processing Overrun Vulnerability.\""
{ }
"name" : "http://www.metasploit.com/redmine/projects/framework/repository/revisions/11466/entry/modules/exploits/windows/fileformat/ms11_xxx_createsizeddibsection.rb", ]
"refsource" : "MISC", },
"url" : "http://www.metasploit.com/redmine/projects/framework/repository/revisions/11466/entry/modules/exploits/windows/fileformat/ms11_xxx_createsizeddibsection.rb" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.microsoft.com/technet/security/advisory/2490606.mspx", "description": [
"refsource" : "MISC", {
"url" : "http://www.microsoft.com/technet/security/advisory/2490606.mspx" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx", ]
"refsource" : "MISC", }
"url" : "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx" ]
}, },
{ "references": {
"name" : "MS11-006", "reference_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-006" "name": "VU#106516",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/106516"
"name" : "VU#106516", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/106516" "name": "MS11-006",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-006"
"name" : "45662", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/45662" "name": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx",
}, "refsource": "MISC",
{ "url": "http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx"
"name" : "oval:org.mitre.oval:def:11671", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11671" "name": "oval:org.mitre.oval:def:11671",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11671"
"name" : "1024932", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024932" "name": "http://www.powerofcommunity.net/speaker.html",
}, "refsource": "MISC",
{ "url": "http://www.powerofcommunity.net/speaker.html"
"name" : "42779", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42779" "name": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/11466/entry/modules/exploits/windows/fileformat/ms11_xxx_createsizeddibsection.rb",
}, "refsource": "MISC",
{ "url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/11466/entry/modules/exploits/windows/fileformat/ms11_xxx_createsizeddibsection.rb"
"name" : "ADV-2011-0018", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0018" "name": "http://www.microsoft.com/technet/security/advisory/2490606.mspx",
} "refsource": "MISC",
] "url": "http://www.microsoft.com/technet/security/advisory/2490606.mspx"
} },
} {
"name": "ADV-2011-0018",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0018"
},
{
"name": "42779",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42779"
},
{
"name": "45662",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45662"
},
{
"name": "1024932",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024932"
}
]
}
}

170
2010/3xxx/CVE-2010-3990.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "hp-security-alert@hp.com",
"ID" : "CVE-2010-3990", "ID": "CVE-2010-3990",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP Virtual Server Environment before 6.2 allows remote attackers to read arbitrary files via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBMA02599", "description_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=128811222125961&w=2" "lang": "eng",
}, "value": "Unspecified vulnerability in HP Virtual Server Environment before 6.2 allows remote attackers to read arbitrary files via unknown vectors."
{ }
"name" : "SSRT100235", ]
"refsource" : "HP", },
"url" : "http://marc.info/?l=bugtraq&m=128811222125961&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "44428", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/44428" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "68909", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/68909" ]
}, },
{ "references": {
"name" : "1024640", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1024640" "name": "ADV-2010-2785",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/2785"
"name" : "ADV-2010-2785", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2785" "name": "1024640",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1024640"
} },
} {
"name": "68909",
"refsource": "OSVDB",
"url": "http://osvdb.org/68909"
},
{
"name": "SSRT100235",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=128811222125961&w=2"
},
{
"name": "44428",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44428"
},
{
"name": "HPSBMA02599",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=128811222125961&w=2"
}
]
}
}

170
2010/4xxx/CVE-2010-4901.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4901", "ID": "CVE-2010-4901",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in char_map.php in MySource Matrix 3.28.3 allow remote attackers to inject arbitrary web script or HTML via the (1) height or (2) width parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.packetstormsecurity.org/1009-advisories/ZSL-2010-4962.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.packetstormsecurity.org/1009-advisories/ZSL-2010-4962.txt" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in char_map.php in MySource Matrix 3.28.3 allow remote attackers to inject arbitrary web script or HTML via the (1) height or (2) width parameter."
{ }
"name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4962.php", ]
"refsource" : "MISC", },
"url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4962.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "43020", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/43020" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "67838", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/67838" ]
}, },
{ "references": {
"name" : "41295", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41295" "name": "43020",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/43020"
"name" : "8439", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/8439" "name": "8439",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/8439"
} },
} {
"name": "41295",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41295"
},
{
"name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4962.php",
"refsource": "MISC",
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4962.php"
},
{
"name": "67838",
"refsource": "OSVDB",
"url": "http://osvdb.org/67838"
},
{
"name": "http://www.packetstormsecurity.org/1009-advisories/ZSL-2010-4962.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.org/1009-advisories/ZSL-2010-4962.txt"
}
]
}
}

160
2010/4xxx/CVE-2010-4984.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4984", "ID": "CVE-2010-4984",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in notes.php in My Kazaam Notes Management System allows remote attackers to execute arbitrary SQL commands via vectors involving the \"Enter Reference Number Below\" text box."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "14325", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/14325" "lang": "eng",
}, "value": "SQL injection vulnerability in notes.php in My Kazaam Notes Management System allows remote attackers to execute arbitrary SQL commands via vectors involving the \"Enter Reference Number Below\" text box."
{ }
"name" : "http://packetstormsecurity.org/1007-exploits/mykazaamnms-sqlxss.txt", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.org/1007-exploits/mykazaamnms-sqlxss.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "41542", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/41542" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "8494", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/8494" ]
}, },
{ "references": {
"name" : "notes-notes-sql-injection(60254)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60254" "name": "notes-notes-sql-injection(60254)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60254"
} },
} {
"name": "41542",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41542"
},
{
"name": "http://packetstormsecurity.org/1007-exploits/mykazaamnms-sqlxss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1007-exploits/mykazaamnms-sqlxss.txt"
},
{
"name": "8494",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8494"
},
{
"name": "14325",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14325"
}
]
}
}

150
2011/1xxx/CVE-2011-1340.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2011-1340", "ID": "CVE-2011-1340",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in skins/plone_templates/default_error_message.pt in Plone before 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the type_name parameter to Members/ipa/createObject."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://dev.plone.org/plone/changeset/12262", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://dev.plone.org/plone/changeset/12262" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in skins/plone_templates/default_error_message.pt in Plone before 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the type_name parameter to Members/ipa/createObject."
{ }
"name" : "http://dev.plone.org/plone/ticket/6110", ]
"refsource" : "CONFIRM", },
"url" : "http://dev.plone.org/plone/ticket/6110" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "JVN#41222793", "description": [
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN41222793/index.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "JVNDB-2011-000056", ]
"refsource" : "JVNDB", }
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000056" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://dev.plone.org/plone/ticket/6110",
"refsource": "CONFIRM",
"url": "http://dev.plone.org/plone/ticket/6110"
},
{
"name": "JVNDB-2011-000056",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000056"
},
{
"name": "JVN#41222793",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN41222793/index.html"
},
{
"name": "http://dev.plone.org/plone/changeset/12262",
"refsource": "CONFIRM",
"url": "http://dev.plone.org/plone/changeset/12262"
}
]
}
}

130
2011/1xxx/CVE-2011-1352.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1352", "ID": "CVE-2011-1352",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PowerVR SGX driver in Android before 2.3.6 allows attackers to gain root privileges via an application that triggers kernel memory corruption using crafted user data to the pvrsrvkm device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://jon.oberheide.org/files/levitator.c", "description_data": [
"refsource" : "MISC", {
"url" : "http://jon.oberheide.org/files/levitator.c" "lang": "eng",
}, "value": "The PowerVR SGX driver in Android before 2.3.6 allows attackers to gain root privileges via an application that triggers kernel memory corruption using crafted user data to the pvrsrvkm device."
{ }
"name" : "http://code.google.com/p/android/issues/detail?id=21523", ]
"refsource" : "CONFIRM", },
"url" : "http://code.google.com/p/android/issues/detail?id=21523" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/android/issues/detail?id=21523",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/android/issues/detail?id=21523"
},
{
"name": "http://jon.oberheide.org/files/levitator.c",
"refsource": "MISC",
"url": "http://jon.oberheide.org/files/levitator.c"
}
]
}
}

170
2011/1xxx/CVE-2011-1833.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@ubuntu.com",
"ID" : "CVE-2011-1833", "ID": "CVE-2011-1833",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=764355487ea220fdc2faf128d577d7f679b91f97", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=764355487ea220fdc2faf128d577d7f679b91f97" "lang": "eng",
}, "value": "Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid."
{ }
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1", ]
"refsource" : "CONFIRM", },
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=731172", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=731172" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/torvalds/linux/commit/764355487ea220fdc2faf128d577d7f679b91f97", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/torvalds/linux/commit/764355487ea220fdc2faf128d577d7f679b91f97" ]
}, },
{ "references": {
"name" : "SUSE-SU-2011:0898", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html" "name": "https://github.com/torvalds/linux/commit/764355487ea220fdc2faf128d577d7f679b91f97",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/torvalds/linux/commit/764355487ea220fdc2faf128d577d7f679b91f97"
"name" : "USN-1188-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1188-1" "name": "SUSE-SU-2011:0898",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html"
} },
} {
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=764355487ea220fdc2faf128d577d7f679b91f97",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=764355487ea220fdc2faf128d577d7f679b91f97"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=731172",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=731172"
},
{
"name": "USN-1188-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1188-1"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1"
}
]
}
}

140
2011/5xxx/CVE-2011-5108.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-5108", "ID": "CVE-2011-5108",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in config.php in AdaptCMS 2.0.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/files/view/107253/adaptcms-sql.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/files/view/107253/adaptcms-sql.txt" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in config.php in AdaptCMS 2.0.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "50795", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/50795" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "adaptcms-config-sql-injection(71483)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71483" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "adaptcms-config-sql-injection(71483)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71483"
},
{
"name": "http://packetstormsecurity.org/files/view/107253/adaptcms-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/107253/adaptcms-sql.txt"
},
{
"name": "50795",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50795"
}
]
}
}

34
2011/5xxx/CVE-2011-5248.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-5248", "ID": "CVE-2011-5248",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

200
2014/3xxx/CVE-2014-3158.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2014-3158", "ID": "CVE-2014-3158",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to \"access privileged options\" via a long word in an options file, which triggers a heap-based buffer overflow that \"[corrupts] security-relevant variables.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[linux-ppp] 20140810 ppp-2.4.7 released", "description_data": [
"refsource" : "MLIST", {
"url" : "http://marc.info/?l=linux-ppp&m=140764978420764" "lang": "eng",
}, "value": "Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to \"access privileged options\" via a long word in an options file, which triggers a heap-based buffer overflow that \"[corrupts] security-relevant variables.\""
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1128748", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1128748" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/paulusmack/ppp/commit/7658e8257183f062dc01f87969c140707c7e52cb", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/paulusmack/ppp/commit/7658e8257183f062dc01f87969c140707c7e52cb" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://advisories.mageia.org/MGASA-2014-0368.html", ]
"refsource" : "CONFIRM", }
"url" : "http://advisories.mageia.org/MGASA-2014-0368.html" ]
}, },
{ "references": {
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" "name": "USN-2429-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2429-1"
"name" : "DSA-3079", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2014/dsa-3079" "name": "[linux-ppp] 20140810 ppp-2.4.7 released",
}, "refsource": "MLIST",
{ "url": "http://marc.info/?l=linux-ppp&m=140764978420764"
"name" : "FEDORA-2014-9412", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136932.html" "name": "MDVSA-2015:135",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:135"
"name" : "MDVSA-2015:135", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:135" "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
"name" : "USN-2429-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2429-1" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1128748",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1128748"
} },
} {
"name": "FEDORA-2014-9412",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136932.html"
},
{
"name": "DSA-3079",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3079"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0368.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0368.html"
},
{
"name": "https://github.com/paulusmack/ppp/commit/7658e8257183f062dc01f87969c140707c7e52cb",
"refsource": "CONFIRM",
"url": "https://github.com/paulusmack/ppp/commit/7658e8257183f062dc01f87969c140707c7e52cb"
}
]
}
}

160
2014/3xxx/CVE-2014-3300.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2014-3300", "ID": "CVE-2014-3300",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 10 does not properly implement access control, which allows remote attackers to modify user information via a crafted URL, aka Bug ID CSCum77041."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20140702 Multiple Vulnerabilities in Cisco Unified Communications Domain Manager", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm" "lang": "eng",
}, "value": "The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 10 does not properly implement access control, which allows remote attackers to modify user information via a crafted URL, aka Bug ID CSCum77041."
{ }
"name" : "20140702 Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Unified Communications Domain Manager", ]
"refsource" : "CISCO", },
"url" : "http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "68331", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/68331" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1030515", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1030515" ]
}, },
{ "references": {
"name" : "59556", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/59556" "name": "1030515",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1030515"
} },
} {
"name": "20140702 Multiple Vulnerabilities in Cisco Unified Communications Domain Manager",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm"
},
{
"name": "20140702 Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Unified Communications Domain Manager",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=34689"
},
{
"name": "59556",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59556"
},
{
"name": "68331",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68331"
}
]
}
}

140
2014/3xxx/CVE-2014-3872.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3872", "ID": "CVE-2014-3872",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in the administration login page in D-Link DAP-1350 (Rev. A1) with firmware 1.14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10023", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10023" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in the administration login page in D-Link DAP-1350 (Rev. A1) with firmware 1.14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password."
{ }
"name" : "67310", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/67310" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "58254", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/58254" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "58254",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58254"
},
{
"name": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10023",
"refsource": "CONFIRM",
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10023"
},
{
"name": "67310",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67310"
}
]
}
}

140
2014/6xxx/CVE-2014-6834.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-6834", "ID": "CVE-2014-6834",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Instaroid - Instagram Viewer (aka net.muik.instaroid) application 1.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Instaroid - Instagram Viewer (aka net.muik.instaroid) application 1.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#262529", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/262529" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#262529",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/262529"
}
]
}
}

140
2014/6xxx/CVE-2014-6842.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-6842", "ID": "CVE-2014-6842",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Daily Advertiser Print (aka com.lafayettedailyadv.android.prod) application 6.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Daily Advertiser Print (aka com.lafayettedailyadv.android.prod) application 6.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#582497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/582497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#698921", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/698921" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#698921",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/698921"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7085.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7085", "ID": "CVE-2014-7085",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The i Newspaper (aka com.independent.thei) application @7F080184 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The i Newspaper (aka com.independent.thei) application @7F080184 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#150769", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/150769" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#150769",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/150769"
}
]
}
}

34
2014/7xxx/CVE-2014-7548.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-7548", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-7548",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }
} }

140
2014/7xxx/CVE-2014-7642.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7642", "ID": "CVE-2014-7642",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Pegasus Airlines (aka com.wPegasusAirlines) application 0.84.13503.96707 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Pegasus Airlines (aka com.wPegasusAirlines) application 0.84.13503.96707 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#582497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/582497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#948137", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/948137" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#948137",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/948137"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7663.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7663", "ID": "CVE-2014-7663",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Right to the Nitty Gritty (aka com.wGoNittyGritty) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Right to the Nitty Gritty (aka com.wGoNittyGritty) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#505849", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/505849" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#505849",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/505849"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7740.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7740", "ID": "CVE-2014-7740",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Pony Magazine (aka com.triactivemedia.ponymagazine) application @7F080193 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Pony Magazine (aka com.triactivemedia.ponymagazine) application @7F080193 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#582497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/582497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#789473", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/789473" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#789473",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/789473"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

130
2014/7xxx/CVE-2014-7921.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2014-7921", "ID": "CVE-2014-7921",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://android.googlesource.com/platform/frameworks/av/+/36d1577%5E!/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://android.googlesource.com/platform/frameworks/av/+/36d1577%5E!/" "lang": "eng",
}, "value": "mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920."
{ }
"name" : "https://bits-please.blogspot.com/2016/01/android-privilege-escalation-to.html", ]
"refsource" : "CONFIRM", },
"url" : "https://bits-please.blogspot.com/2016/01/android-privilege-escalation-to.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bits-please.blogspot.com/2016/01/android-privilege-escalation-to.html",
"refsource": "CONFIRM",
"url": "https://bits-please.blogspot.com/2016/01/android-privilege-escalation-to.html"
},
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/36d1577%5E!/",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/36d1577%5E!/"
}
]
}
}

150
2014/8xxx/CVE-2014-8177.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-8177", "ID": "CVE-2014-8177",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted requests which exceed the limit when combined."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20150827 CVE-2014-8177 gluster-swift metadata constraints are not correctly enforced", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/08/27/5" "lang": "eng",
}, "value": "The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted requests which exceed the limit when combined."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1257525", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1257525" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2015:1845", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1845.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2015:1846", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1846.html" ]
} },
] "references": {
} "reference_data": [
} {
"name": "RHSA-2015:1845",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1845.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1257525",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257525"
},
{
"name": "RHSA-2015:1846",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1846.html"
},
{
"name": "[oss-security] 20150827 CVE-2014-8177 gluster-swift metadata constraints are not correctly enforced",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/08/27/5"
}
]
}
}

180
2014/8xxx/CVE-2014-8801.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8801", "ID": "CVE-2014-8801",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the QUERY_STRING in a getfile action to wp-admin/admin-ajax.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "35303", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/35303" "lang": "eng",
}, "value": "Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the QUERY_STRING in a getfile action to wp-admin/admin-ajax.php."
{ }
"name" : "http://packetstormsecurity.com/files/129189/Paid-Memberships-Pro-1.7.14.2-Path-Traversal.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/129189/Paid-Memberships-Pro-1.7.14.2-Path-Traversal.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://security.szurek.pl/paid-memberships-pro-17142-path-traversal.html", "description": [
"refsource" : "MISC", {
"url" : "http://security.szurek.pl/paid-memberships-pro-17142-path-traversal.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.paidmembershipspro.com/2014/11/critical-security-update-pmpro-v1-7-15/", ]
"refsource" : "CONFIRM", }
"url" : "http://www.paidmembershipspro.com/2014/11/critical-security-update-pmpro-v1-7-15/" ]
}, },
{ "references": {
"name" : "https://wordpress.org/plugins/paid-memberships-pro/changelog/", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://wordpress.org/plugins/paid-memberships-pro/changelog/" "name": "http://www.paidmembershipspro.com/2014/11/critical-security-update-pmpro-v1-7-15/",
}, "refsource": "CONFIRM",
{ "url": "http://www.paidmembershipspro.com/2014/11/critical-security-update-pmpro-v1-7-15/"
"name" : "71293", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/71293" "name": "http://packetstormsecurity.com/files/129189/Paid-Memberships-Pro-1.7.14.2-Path-Traversal.html",
}, "refsource": "MISC",
{ "url": "http://packetstormsecurity.com/files/129189/Paid-Memberships-Pro-1.7.14.2-Path-Traversal.html"
"name" : "paidmembershi-cve20148801-dir-traversal(98805)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98805" "name": "paidmembershi-cve20148801-dir-traversal(98805)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98805"
} },
} {
"name": "35303",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35303"
},
{
"name": "https://wordpress.org/plugins/paid-memberships-pro/changelog/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/paid-memberships-pro/changelog/"
},
{
"name": "http://security.szurek.pl/paid-memberships-pro-17142-path-traversal.html",
"refsource": "MISC",
"url": "http://security.szurek.pl/paid-memberships-pro-17142-path-traversal.html"
},
{
"name": "71293",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71293"
}
]
}
}

34
2014/8xxx/CVE-2014-8814.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8814", "ID": "CVE-2014-8814",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2014/8xxx/CVE-2014-8827.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2014-8827", "ID": "CVE-2014-8827",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive information by reading the screen."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/HT204244", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/HT204244" "lang": "eng",
}, "value": "LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive information by reading the screen."
{ }
"name" : "APPLE-SA-2015-01-27-4", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1031650", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031650" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "macosx-cve20148827-sec-bypass(100521)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100521" ]
} },
] "references": {
} "reference_data": [
} {
"name": "1031650",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031650"
},
{
"name": "macosx-cve20148827-sec-bypass(100521)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100521"
},
{
"name": "http://support.apple.com/HT204244",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204244"
},
{
"name": "APPLE-SA-2015-01-27-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
]
}
}

34
2014/9xxx/CVE-2014-9720.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9720", "ID": "CVE-2014-9720",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2016/2xxx/CVE-2016-2189.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-2189", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-2189",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-4565. Reason: This candidate is a reservation duplicate of CVE-2016-4565. Notes: All CVE users should reference CVE-2016-4565 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-4565. Reason: This candidate is a reservation duplicate of CVE-2016-4565. Notes: All CVE users should reference CVE-2016-4565 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

34
2016/2xxx/CVE-2016-2325.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-2325", "ID": "CVE-2016-2325",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2016/2xxx/CVE-2016-2418.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-2418", "ID": "CVE-2016-2418",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "media/libmedia/IOMX.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize certain metadata buffer pointers, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26324358."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://source.android.com/security/bulletin/2016-04-02.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://source.android.com/security/bulletin/2016-04-02.html" "lang": "eng",
}, "value": "media/libmedia/IOMX.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize certain metadata buffer pointers, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26324358."
{ }
"name" : "https://android.googlesource.com/platform/frameworks/av/+/8d87321b704cb3f88e8cae668937d001fd63d5e3", ]
"refsource" : "CONFIRM", },
"url" : "https://android.googlesource.com/platform/frameworks/av/+/8d87321b704cb3f88e8cae668937d001fd63d5e3" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/8d87321b704cb3f88e8cae668937d001fd63d5e3",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/8d87321b704cb3f88e8cae668937d001fd63d5e3"
},
{
"name": "http://source.android.com/security/bulletin/2016-04-02.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-04-02.html"
}
]
}
}

130
2016/2xxx/CVE-2016-2876.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2016-2876", "ID": "CVE-2016-2876",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes unspecified processes at an incorrect privilege level, which makes it easier for remote authenticated users to obtain root access by leveraging a command-injection issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21987774", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21987774" "lang": "eng",
}, "value": "IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes unspecified processes at an incorrect privilege level, which makes it easier for remote authenticated users to obtain root access by leveraging a command-injection issue."
{ }
"name" : "95001", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95001" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21987774",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987774"
},
{
"name": "95001",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95001"
}
]
}
}

198
2016/6xxx/CVE-2016-6055.json
View File

@ -1,101 +1,101 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2016-6055", "ID": "CVE-2016-6055",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Rational DOORS Next Generation", "product_name": "Rational DOORS Next Generation",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "4.0.1" "version_value": "4.0.1"
}, },
{ {
"version_value" : "4.0.5" "version_value": "4.0.5"
}, },
{ {
"version_value" : "5.0.2" "version_value": "5.0.2"
}, },
{ {
"version_value" : "4.0.2" "version_value": "4.0.2"
}, },
{ {
"version_value" : "4.0.3" "version_value": "4.0.3"
}, },
{ {
"version_value" : "4.0.4" "version_value": "4.0.4"
}, },
{ {
"version_value" : "4.0.6" "version_value": "4.0.6"
}, },
{ {
"version_value" : "4.0.7" "version_value": "4.0.7"
}, },
{ {
"version_value" : "5.0" "version_value": "5.0"
}, },
{ {
"version_value" : "5.0.1" "version_value": "5.0.1"
}, },
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "6.0.1" "version_value": "6.0.1"
}, },
{ {
"version_value" : "6.0.2" "version_value": "6.0.2"
}, },
{ {
"version_value" : "6.0.3" "version_value": "6.0.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM Corporation" "vendor_name": "IBM Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1995515."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21995515", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21995515" "lang": "eng",
} "value": "IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1995515."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21995515",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995515"
}
]
}
}

160
2016/6xxx/CVE-2016-6211.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6211", "ID": "CVE-2016-6211",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160713 CVE requests for Drupal Core - SA-CORE-2016-002", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/07/13/4" "lang": "eng",
}, "value": "The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form."
{ }
"name" : "[oss-security] 20160713 Re: CVE requests for Drupal Core - SA-CORE-2016-002", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2016/07/13/7" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.drupal.org/SA-CORE-2016-002", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.drupal.org/SA-CORE-2016-002" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-3604", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2016/dsa-3604" ]
}, },
{ "references": {
"name" : "91230", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/91230" "name": "DSA-3604",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2016/dsa-3604"
} },
} {
"name": "91230",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91230"
},
{
"name": "[oss-security] 20160713 CVE requests for Drupal Core - SA-CORE-2016-002",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/13/4"
},
{
"name": "https://www.drupal.org/SA-CORE-2016-002",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/SA-CORE-2016-002"
},
{
"name": "[oss-security] 20160713 Re: CVE requests for Drupal Core - SA-CORE-2016-002",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/13/7"
}
]
}
}

170
2016/6xxx/CVE-2016-6320.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2016-6320", "ID": "CVE-2016-6320",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces.js in Foreman before 1.12.2 allows remote authenticated users to inject arbitrary web script or HTML via the network interface device identifier in the host interface form."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://projects.theforeman.org/issues/16022", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://projects.theforeman.org/issues/16022" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces.js in Foreman before 1.12.2 allows remote authenticated users to inject arbitrary web script or HTML via the network interface device identifier in the host interface form."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1365785", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1365785" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/theforeman/foreman/pull/3714/commits/850c38451c7bbde75521b796d16aca26e4d240a0", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/theforeman/foreman/pull/3714/commits/850c38451c7bbde75521b796d16aca26e4d240a0" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://theforeman.org/security.html#2016-6320", ]
"refsource" : "CONFIRM", }
"url" : "https://theforeman.org/security.html#2016-6320" ]
}, },
{ "references": {
"name" : "RHBA-2016:1885", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHBA-2016:1885" "name": "RHBA-2016:1885",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHBA-2016:1885"
"name" : "92431", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/92431" "name": "92431",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/92431"
} },
} {
"name": "https://theforeman.org/security.html#2016-6320",
"refsource": "CONFIRM",
"url": "https://theforeman.org/security.html#2016-6320"
},
{
"name": "https://github.com/theforeman/foreman/pull/3714/commits/850c38451c7bbde75521b796d16aca26e4d240a0",
"refsource": "CONFIRM",
"url": "https://github.com/theforeman/foreman/pull/3714/commits/850c38451c7bbde75521b796d16aca26e4d240a0"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1365785",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365785"
},
{
"name": "http://projects.theforeman.org/issues/16022",
"refsource": "CONFIRM",
"url": "http://projects.theforeman.org/issues/16022"
}
]
}
}

140
2016/6xxx/CVE-2016-6363.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2016-6363", "ID": "CVE-2016-6363",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The rate-limit feature in the 802.11 protocol implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via crafted 802.11 frames, aka Bug ID CSCva06192."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20160817 Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms 802.11 Protocol Denial of Service Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap2" "lang": "eng",
}, "value": "The rate-limit feature in the 802.11 protocol implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via crafted 802.11 frames, aka Bug ID CSCva06192."
{ }
"name" : "92511", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/92511" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1036645", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036645" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1036645",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036645"
},
{
"name": "20160817 Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms 802.11 Protocol Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap2"
},
{
"name": "92511",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92511"
}
]
}
}

130
2016/6xxx/CVE-2016-6655.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security_alert@emc.com", "ASSIGNER": "security_alert@emc.com",
"ID" : "CVE-2016-6655", "ID": "CVE-2016-6655",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cloud Foundry", "product_name": "Cloud Foundry",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cloud Foundry" "version_value": "Cloud Foundry"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "command injection"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.cloudfoundry.org/cve-2016-6655/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.cloudfoundry.org/cve-2016-6655/" "lang": "eng",
}, "value": "An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry."
{ }
"name" : "93889", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/93889" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudfoundry.org/cve-2016-6655/",
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/cve-2016-6655/"
},
{
"name": "93889",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93889"
}
]
}
}

140
2016/6xxx/CVE-2016-6934.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2016-6934", "ID": "CVE-2016-6934",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Experience Manager Forms 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4", "product_name": "Adobe Experience Manager Forms 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Experience Manager Forms 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4" "version_value": "Adobe Experience Manager Forms 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the PMAdmin module that could be used in cross-site scripting attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross Site Scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/aem-forms/apsb16-40.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/aem-forms/apsb16-40.html" "lang": "eng",
}, "value": "Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the PMAdmin module that could be used in cross-site scripting attacks."
{ }
"name" : "94867", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/94867" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037465", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037465" "lang": "eng",
} "value": "Cross Site Scripting"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "94867",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94867"
},
{
"name": "https://helpx.adobe.com/security/products/aem-forms/apsb16-40.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/aem-forms/apsb16-40.html"
},
{
"name": "1037465",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037465"
}
]
}
}

34
2017/5xxx/CVE-2017-5296.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5296", "ID": "CVE-2017-5296",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }