admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:05:59 +00:00
parent 93c12175c9
commit aefd0b18d5
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
47 changed files with 3730 additions and 3730 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

178
2006/0xxx/CVE-2006-0981.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0981", "ID": "CVE-2006-0981",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in e-merge WinAce 2.6 and earlier allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a (1) zip or (2) tar archive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060224 WinAce Archiver v2.6 Directory traversal", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/425971/100/0/threaded" "lang": "eng",
}, "value": "Directory traversal vulnerability in e-merge WinAce 2.6 and earlier allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a (1) zip or (2) tar archive."
{ }
"name" : "http://www.hamid.ir/security/winace.txt", ]
"refsource" : "MISC", },
"url" : "http://www.hamid.ir/security/winace.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16800", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16800" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-0730", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/0730" ]
}, },
{ "references": {
"name" : "23464", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/23464" "name": "16800",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/16800"
"name" : "19013", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19013" "name": "23464",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/23464"
"name" : "winace-rar-tar-directory-traversal(24902)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24902" "name": "http://www.hamid.ir/security/winace.txt",
} "refsource": "MISC",
] "url": "http://www.hamid.ir/security/winace.txt"
} },
{
"name": "19013",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19013"
},
{
"name": "ADV-2006-0730",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0730"
},
{
"name": "winace-rar-tar-directory-traversal(24902)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24902"
},
{
"name": "20060224 WinAce Archiver v2.6 Directory traversal",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425971/100/0/threaded"
}
]
}
} }

148
2006/1xxx/CVE-2006-1714.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1714", "ID": "CVE-2006-1714",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CRLF injection vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote attackers to inject HTTP headers via hex-encoded CRLF sequences in the type parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060410 phpMyForum Cross Site Scripting & CRLF injection", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/430480/100/0/threaded" "lang": "eng",
}, "value": "CRLF injection vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote attackers to inject HTTP headers via hex-encoded CRLF sequences in the type parameter."
{ }
"name" : "20060425 Re: phpMyForum Cross Site Scripting & CRLF injection", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/432455/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "17420", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17420" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "phpmyforum-index-crlf-injection(25750)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25750" ]
} },
] "references": {
} "reference_data": [
{
"name": "20060410 phpMyForum Cross Site Scripting & CRLF injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430480/100/0/threaded"
},
{
"name": "17420",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17420"
},
{
"name": "20060425 Re: phpMyForum Cross Site Scripting & CRLF injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432455/100/0/threaded"
},
{
"name": "phpmyforum-index-crlf-injection(25750)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25750"
}
]
}
} }

788
2006/1xxx/CVE-2006-1727.json
View File

@ -1,397 +1,397 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2006-1727", "ID": "CVE-2006-1727",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with \"Print Preview\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-25.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-25.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with \"Print Preview\"."
{ }
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm", ]
"refsource" : "CONFIRM", },
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-1044", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1044" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-1046", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2006/dsa-1046" ]
}, },
{ "references": {
"name" : "DSA-1051", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1051" "name": "1015927",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1015927"
"name" : "FEDORA-2006-410", },
"refsource" : "FEDORA", {
"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html" "name": "USN-275-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/275-1/"
"name" : "FEDORA-2006-411", },
"refsource" : "FEDORA", {
"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html" "name": "ADV-2006-3748",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3748"
"name" : "FLSA:189137-1", },
"refsource" : "FEDORA", {
"url" : "http://www.securityfocus.com/archive/1/436296/100/0/threaded" "name": "RHSA-2006:0330",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0330.html"
"name" : "FLSA:189137-2", },
"refsource" : "FEDORA", {
"url" : "http://www.securityfocus.com/archive/1/436338/100/0/threaded" "name": "19902",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19902"
"name" : "GLSA-200604-12", },
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml" "name": "20060404-01-U",
}, "refsource": "SGI",
{ "url": "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc"
"name" : "GLSA-200604-18", },
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml" "name": "mozilla-printpreview-privilege-escalation(25824)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25824"
"name" : "GLSA-200605-09", },
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml" "name": "USN-276-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/276-1/"
"name" : "HPSBUX02122", },
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/438730/100/0/threaded" "name": "HPSBUX02122",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded"
"name" : "SSRT061158", },
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/438730/100/0/threaded" "name": "19941",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19941"
"name" : "HPSBUX02153", },
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" "name": "19780",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19780"
"name" : "SSRT061181", },
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" "name": "1015929",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1015929"
"name" : "HPSBUX02156", },
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" "name": "RHSA-2006:0328",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0328.html"
"name" : "SSRT061236", },
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" "name": "19821",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19821"
"name" : "MDKSA-2006:076", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:076" "name": "GLSA-200604-12",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml"
"name" : "MDKSA-2006:078", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078" "name": "21622",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21622"
"name" : "RHSA-2006:0328", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0328.html" "name": "19862",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19862"
"name" : "RHSA-2006:0329", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0329.html" "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm"
"name" : "RHSA-2006:0330", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0330.html" "name": "19823",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19823"
"name" : "SCOSA-2006.26", },
"refsource" : "SCO", {
"url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt" "name": "DSA-1051",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1051"
"name" : "20060404-01-U", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc" "name": "FEDORA-2006-410",
}, "refsource": "FEDORA",
{ "url": "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html"
"name" : "102550", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1" "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-25.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-25.html"
"name" : "228526", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1" "name": "ADV-2006-3749",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3749"
"name" : "SUSE-SA:2006:022", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2006_04_25.html" "name": "oval:org.mitre.oval:def:1649",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1649"
"name" : "SUSE-SA:2006:021", },
"refsource" : "SUSE", {
"url" : "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html" "name": "USN-271-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/271-1/"
"name" : "USN-275-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/275-1/" "name": "1015928",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1015928"
"name" : "USN-276-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/276-1/" "name": "19714",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19714"
"name" : "USN-271-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/271-1/" "name": "RHSA-2006:0329",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0329.html"
"name" : "17516", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17516" "name": "GLSA-200604-18",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml"
"name" : "oval:org.mitre.oval:def:10364", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10364" "name": "19811",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19811"
"name" : "ADV-2006-1356", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1356" "name": "19746",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19746"
"name" : "ADV-2006-3391", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3391" "name": "21033",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21033"
"name" : "ADV-2006-3748", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3748" "name": "ADV-2008-0083",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/0083"
"name" : "ADV-2006-3749", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3749" "name": "102550",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1"
"name" : "ADV-2008-0083", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0083" "name": "19696",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19696"
"name" : "oval:org.mitre.oval:def:1649", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1649" "name": "19759",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19759"
"name" : "1015926", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015926" "name": "SUSE-SA:2006:021",
}, "refsource": "SUSE",
{ "url": "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html"
"name" : "1015927", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015927" "name": "FLSA:189137-2",
}, "refsource": "FEDORA",
{ "url": "http://www.securityfocus.com/archive/1/436338/100/0/threaded"
"name" : "1015928", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015928" "name": "SSRT061181",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
"name" : "1015929", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015929" "name": "ADV-2006-1356",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/1356"
"name" : "19631", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19631" "name": "SSRT061236",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
"name" : "19649", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19649" "name": "1015926",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1015926"
"name" : "19759", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19759" "name": "SSRT061158",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded"
"name" : "19821", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19821" "name": "MDKSA-2006:078",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078"
"name" : "19811", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19811" "name": "19729",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19729"
"name" : "19823", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19823" "name": "HPSBUX02153",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
"name" : "19852", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19852" "name": "19649",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19649"
"name" : "19862", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19862" "name": "20051",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20051"
"name" : "19863", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19863" "name": "19863",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19863"
"name" : "19902", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19902" "name": "HPSBUX02156",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
"name" : "19950", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19950" "name": "oval:org.mitre.oval:def:10364",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10364"
"name" : "19941", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19941" "name": "SCOSA-2006.26",
}, "refsource": "SCO",
{ "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt"
"name" : "19714", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19714" "name": "FLSA:189137-1",
}, "refsource": "FEDORA",
{ "url": "http://www.securityfocus.com/archive/1/436296/100/0/threaded"
"name" : "19721", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19721" "name": "17516",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/17516"
"name" : "19746", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19746" "name": "228526",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1"
"name" : "21033", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21033" "name": "FEDORA-2006-411",
}, "refsource": "FEDORA",
{ "url": "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html"
"name" : "21622", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21622" "name": "19852",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19852"
"name" : "19696", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19696" "name": "19721",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19721"
"name" : "19729", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19729" "name": "22066",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22066"
"name" : "19780", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19780" "name": "SUSE-SA:2006:022",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2006_04_25.html"
"name" : "20051", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20051" "name": "GLSA-200605-09",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml"
"name" : "22065", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22065" "name": "ADV-2006-3391",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3391"
"name" : "22066", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22066" "name": "22065",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22065"
"name" : "mozilla-printpreview-privilege-escalation(25824)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25824" "name": "19631",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/19631"
} },
{
"name": "19950",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19950"
},
{
"name": "MDKSA-2006:076",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:076"
},
{
"name": "DSA-1046",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1046"
},
{
"name": "DSA-1044",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1044"
}
]
}
} }

218
2006/5xxx/CVE-2006-5151.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5151", "ID": "CVE-2006-5151",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP Ignite-UX server before C.6.9.150 for HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to \"gain root access\" via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-214.htm", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-214.htm" "lang": "eng",
}, "value": "Unspecified vulnerability in HP Ignite-UX server before C.6.9.150 for HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to \"gain root access\" via unspecified vectors."
{ }
"name" : "HPSBUX02157", ]
"refsource" : "HP", },
"url" : "http://www.securityfocus.com/archive/1/447505/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SSRT061220", "description": [
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/447505/100/0/threaded" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20269", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/20269" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:5658", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5658" "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-214.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-214.htm"
"name" : "ADV-2006-3885", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3885" "name": "oval:org.mitre.oval:def:5658",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5658"
"name" : "1016942", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016942" "name": "1016942",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016942"
"name" : "22190", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22190" "name": "SSRT061220",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/447505/100/0/threaded"
"name" : "22361", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22361" "name": "HPSBUX02157",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/447505/100/0/threaded"
"name" : "1688", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1688" "name": "1688",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/1688"
"name" : "hpux-ignite-privilege-escalation(29261)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29261" "name": "ADV-2006-3885",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/3885"
} },
{
"name": "20269",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20269"
},
{
"name": "hpux-ignite-privilege-escalation(29261)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29261"
},
{
"name": "22361",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22361"
},
{
"name": "22190",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22190"
}
]
}
} }

138
2006/5xxx/CVE-2006-5183.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5183", "ID": "CVE-2006-5183",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Dayfox Designs Dayfox Blog 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the slogin parameter in the (1) adminlog.php, (2) postblog.php, (3) index.php, or (4) index2.php script in /edit."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061001 Dayfox Blog v2.0 Remote file include", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/447500/100/0/threaded" "lang": "eng",
}, "value": "Multiple PHP remote file inclusion vulnerabilities in Dayfox Designs Dayfox Blog 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the slogin parameter in the (1) adminlog.php, (2) postblog.php, (3) index.php, or (4) index2.php script in /edit."
{ }
"name" : "1694", ]
"refsource" : "SREASON", },
"url" : "http://securityreason.com/securityalert/1694" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "dayfoxblog-slogin-file-include(29310)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29310" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "dayfoxblog-slogin-file-include(29310)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29310"
},
{
"name": "20061001 Dayfox Blog v2.0 Remote file include",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447500/100/0/threaded"
},
{
"name": "1694",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1694"
}
]
}
} }

138
2006/5xxx/CVE-2006-5264.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5264", "ID": "CVE-2006-5264",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in sql.php in MysqlDumper 1.21 b6 allows remote attackers to inject arbitrary web script or HTML via the db parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061011 MysqlDumper Version 1.21 b6 Xss Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/448269/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in sql.php in MysqlDumper 1.21 b6 allows remote attackers to inject arbitrary web script or HTML via the db parameter."
{ }
"name" : "22392", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/22392" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1712", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1712" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "20061011 MysqlDumper Version 1.21 b6 Xss Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448269/100/0/threaded"
},
{
"name": "22392",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22392"
},
{
"name": "1712",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1712"
}
]
}
} }

118
2006/5xxx/CVE-2006-5457.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5457", "ID": "CVE-2006-5457",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the registration form in Casinosoft Casino Script (Masvet) 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) surname field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.securitylab.ru/forum/read.php?FID=16&TID=23884", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.securitylab.ru/forum/read.php?FID=16&TID=23884" "lang": "eng",
} "value": "Multiple cross-site scripting (XSS) vulnerabilities in the registration form in Casinosoft Casino Script (Masvet) 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) surname field."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securitylab.ru/forum/read.php?FID=16&TID=23884",
"refsource": "MISC",
"url": "http://www.securitylab.ru/forum/read.php?FID=16&TID=23884"
}
]
}
} }

198
2006/5xxx/CVE-2006-5871.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5871", "ID": "CVE-2006-5871",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before 2.4.34, when UNIX extensions are enabled, ignores certain mount options, which could cause clients to use server-specified uid, gid and mode settings."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "DSA-1233", "description_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1233" "lang": "eng",
}, "value": "smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before 2.4.34, when UNIX extensions are enabled, ignores certain mount options, which could cause clients to use server-specified uid, gid and mode settings."
{ }
"name" : "DSA-1237", ]
"refsource" : "DEBIAN", },
"url" : "http://www.us.debian.org/security/2006/dsa-1237" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SA:2007:035", "description": [
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2007_35_kernel.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "21523", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/21523" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:10171", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10171" "name": "oval:org.mitre.oval:def:10171",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10171"
"name" : "23361", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23361" "name": "23361",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/23361"
"name" : "23370", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23370" "name": "25683",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/25683"
"name" : "23395", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23395" "name": "DSA-1237",
}, "refsource": "DEBIAN",
{ "url": "http://www.us.debian.org/security/2006/dsa-1237"
"name" : "25683", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25683" "name": "23370",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/23370"
} },
{
"name": "DSA-1233",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1233"
},
{
"name": "21523",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21523"
},
{
"name": "23395",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23395"
},
{
"name": "SUSE-SA:2007:035",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_35_kernel.html"
}
]
}
} }

118
2007/2xxx/CVE-2007-2212.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2212", "ID": "CVE-2007-2212",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "mybb-calendar-sql-injection(33814)", "description_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33814" "lang": "eng",
} "value": "Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mybb-calendar-sql-injection(33814)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33814"
}
]
}
} }

128
2007/2xxx/CVE-2007-2376.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2376", "ID": "CVE-2007-2376",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Dojo framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf" "lang": "eng",
}, "value": "The Dojo framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\""
{ }
"name" : "43323", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/43323" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf",
"refsource": "MISC",
"url": "http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf"
},
{
"name": "43323",
"refsource": "OSVDB",
"url": "http://osvdb.org/43323"
}
]
}
} }

128
2007/2xxx/CVE-2007-2379.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2379", "ID": "CVE-2007-2379",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf" "lang": "eng",
}, "value": "The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\""
{ }
"name" : "43320", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/43320" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf",
"refsource": "MISC",
"url": "http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf"
},
{
"name": "43320",
"refsource": "OSVDB",
"url": "http://osvdb.org/43320"
}
]
}
} }

158
2007/2xxx/CVE-2007-2749.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2749", "ID": "CVE-2007-2749",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in question.php in FAQEngine 4.16.03 and earlier allows remote attackers to execute arbitrary SQL commands via the questionref parameter in a display action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "3943", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/3943" "lang": "eng",
}, "value": "SQL injection vulnerability in question.php in FAQEngine 4.16.03 and earlier allows remote attackers to execute arbitrary SQL commands via the questionref parameter in a display action."
{ }
"name" : "24032", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/24032" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "36091", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/36091" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "25297", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/25297" ]
}, },
{ "references": {
"name" : "faqengine-question-sql-injection(34355)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34355" "name": "24032",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/24032"
} },
{
"name": "25297",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25297"
},
{
"name": "faqengine-question-sql-injection(34355)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34355"
},
{
"name": "36091",
"refsource": "OSVDB",
"url": "http://osvdb.org/36091"
},
{
"name": "3943",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3943"
}
]
}
} }

138
2010/0xxx/CVE-2010-0641.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-0641", "ID": "CVE-2010-0641",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in webline/html/admin/wcs/LoginPage.jhtml in Cisco Collaboration Server (CCS) 5 allows remote attackers to inject arbitrary web script or HTML via the dest parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "11403", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/11403" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in webline/html/admin/wcs/LoginPage.jhtml in Cisco Collaboration Server (CCS) 5 allows remote attackers to inject arbitrary web script or HTML via the dest parameter."
{ }
"name" : "38201", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/38201" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ccs-loginpage-xss(56220)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56220" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "38201",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38201"
},
{
"name": "11403",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11403"
},
{
"name": "ccs-loginpage-xss(56220)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56220"
}
]
}
} }

248
2010/0xxx/CVE-2010-0830.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@ubuntu.com",
"ID" : "CVE-2010-0830", "ID": "CVE-2010-0830",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://drosenbe.blogspot.com/2010/05/integer-overflow-in-ldso-cve-2010-0830.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://drosenbe.blogspot.com/2010/05/integer-overflow-in-ldso-cve-2010-0830.html" "lang": "eng",
}, "value": "Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header."
{ }
"name" : "http://frugalware.org/security/662", ]
"refsource" : "CONFIRM", },
"url" : "http://frugalware.org/security/662" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://sourceware.org/git/?p=glibc.git;a=commit;h=db07e962b6ea963dbb345439f6ab9b0cf74d87c5", "description": [
"refsource" : "CONFIRM", {
"url" : "http://sourceware.org/git/?p=glibc.git;a=commit;h=db07e962b6ea963dbb345439f6ab9b0cf74d87c5" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2058", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2010/dsa-2058" ]
}, },
{ "references": {
"name" : "GLSA-201011-01", "reference_data": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201011-01.xml" "name": "MDVSA-2010:111",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:111"
"name" : "MDVSA-2010:111", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:111" "name": "GLSA-201011-01",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201011-01.xml"
"name" : "MDVSA-2010:112", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:112" "name": "ADV-2010-1246",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1246"
"name" : "SUSE-SA:2010:052", },
"refsource" : "SUSE", {
"url" : "https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html" "name": "USN-944-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-944-1"
"name" : "USN-944-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-944-1" "name": "39900",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/39900"
"name" : "40063", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/40063" "name": "SUSE-SA:2010:052",
}, "refsource": "SUSE",
{ "url": "https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html"
"name" : "1024044", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1024044" "name": "40063",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/40063"
"name" : "39900", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39900" "name": "http://drosenbe.blogspot.com/2010/05/integer-overflow-in-ldso-cve-2010-0830.html",
}, "refsource": "MISC",
{ "url": "http://drosenbe.blogspot.com/2010/05/integer-overflow-in-ldso-cve-2010-0830.html"
"name" : "ADV-2010-1246", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1246" "name": "http://sourceware.org/git/?p=glibc.git;a=commit;h=db07e962b6ea963dbb345439f6ab9b0cf74d87c5",
}, "refsource": "CONFIRM",
{ "url": "http://sourceware.org/git/?p=glibc.git;a=commit;h=db07e962b6ea963dbb345439f6ab9b0cf74d87c5"
"name" : "glibc-elf-code-execution(58915)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58915" "name": "http://frugalware.org/security/662",
} "refsource": "CONFIRM",
] "url": "http://frugalware.org/security/662"
} },
{
"name": "MDVSA-2010:112",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:112"
},
{
"name": "DSA-2058",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2058"
},
{
"name": "glibc-elf-code-execution(58915)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58915"
},
{
"name": "1024044",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024044"
}
]
}
} }

158
2010/0xxx/CVE-2010-0989.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID" : "CVE-2010-0989", "ID": "CVE-2010-0989",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in delete.php in Pulse CMS before 1.2.3 allows remote authenticated users to delete arbitrary files via directory traversal sequences in the f parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100324 Secunia Research: Pulse CMS Arbitrary File Deletion Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/510307/100/0/threaded" "lang": "eng",
}, "value": "Directory traversal vulnerability in delete.php in Pulse CMS before 1.2.3 allows remote authenticated users to delete arbitrary files via directory traversal sequences in the f parameter."
{ }
"name" : "http://secunia.com/secunia_research/2010-48/", ]
"refsource" : "MISC", },
"url" : "http://secunia.com/secunia_research/2010-48/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "38947", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/38947" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "63167", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/63167" ]
}, },
{ "references": {
"name" : "39011", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39011" "name": "63167",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/63167"
} },
{
"name": "20100324 Secunia Research: Pulse CMS Arbitrary File Deletion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510307/100/0/threaded"
},
{
"name": "http://secunia.com/secunia_research/2010-48/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-48/"
},
{
"name": "38947",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38947"
},
{
"name": "39011",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39011"
}
]
}
} }

148
2010/1xxx/CVE-2010-1290.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2010-1290", "ID": "CVE-2010-1290",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1291."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-12.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-12.html" "lang": "eng",
}, "value": "Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1291."
{ }
"name" : "oval:org.mitre.oval:def:7154", ]
"refsource" : "OVAL", },
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7154" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "38751", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38751" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2010-1128", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2010/1128" ]
} },
] "references": {
} "reference_data": [
{
"name": "38751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38751"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-12.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
},
{
"name": "ADV-2010-1128",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1128"
},
{
"name": "oval:org.mitre.oval:def:7154",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7154"
}
]
}
} }

208
2010/1xxx/CVE-2010-1645.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-1645", "ID": "CVE-2010-1645",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in (1) the FQDN field of a Device or (2) the Vertical Label field of a Graph Template."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php" "lang": "eng",
}, "value": "Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in (1) the FQDN field of a Device or (2) the Vertical Label field of a Graph Template."
{ }
"name" : "http://svn.cacti.net/viewvc?view=rev&revision=5778", ]
"refsource" : "CONFIRM", },
"url" : "http://svn.cacti.net/viewvc?view=rev&revision=5778" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://svn.cacti.net/viewvc?view=rev&revision=5782", "description": [
"refsource" : "CONFIRM", {
"url" : "http://svn.cacti.net/viewvc?view=rev&revision=5782" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://svn.cacti.net/viewvc?view=rev&revision=5784", ]
"refsource" : "CONFIRM", }
"url" : "http://svn.cacti.net/viewvc?view=rev&revision=5784" ]
}, },
{ "references": {
"name" : "http://www.cacti.net/release_notes_0_8_7f.php", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.cacti.net/release_notes_0_8_7f.php" "name": "http://svn.cacti.net/viewvc?view=rev&revision=5778",
}, "refsource": "CONFIRM",
{ "url": "http://svn.cacti.net/viewvc?view=rev&revision=5778"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=609115", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=609115" "name": "MDVSA-2010:160",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:160"
"name" : "MDVSA-2010:160", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:160" "name": "41041",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/41041"
"name" : "RHSA-2010:0635", },
"refsource" : "REDHAT", {
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0635.html" "name": "http://www.cacti.net/release_notes_0_8_7f.php",
}, "refsource": "CONFIRM",
{ "url": "http://www.cacti.net/release_notes_0_8_7f.php"
"name" : "41041", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41041" "name": "RHSA-2010:0635",
}, "refsource": "REDHAT",
{ "url": "https://rhn.redhat.com/errata/RHSA-2010-0635.html"
"name" : "ADV-2010-2132", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2132" "name": "http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php",
} "refsource": "MISC",
] "url": "http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php"
} },
{
"name": "ADV-2010-2132",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2132"
},
{
"name": "http://svn.cacti.net/viewvc?view=rev&revision=5782",
"refsource": "CONFIRM",
"url": "http://svn.cacti.net/viewvc?view=rev&revision=5782"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=609115",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=609115"
},
{
"name": "http://svn.cacti.net/viewvc?view=rev&revision=5784",
"refsource": "CONFIRM",
"url": "http://svn.cacti.net/viewvc?view=rev&revision=5784"
}
]
}
} }

32
2010/3xxx/CVE-2010-3727.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2010-3727", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2010-3727",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
} }
] ]
} }
} }

328
2010/3xxx/CVE-2010-3833.json
View File

@ -1,167 +1,167 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3833", "ID": "CVE-2010-3833",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a \"CREATE TABLE ... SELECT.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugs.mysql.com/bug.php?id=55826", "description_data": [
"refsource" : "MISC", {
"url" : "http://bugs.mysql.com/bug.php?id=55826" "lang": "eng",
}, "value": "MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a \"CREATE TABLE ... SELECT.\""
{ }
"name" : "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html", ]
"refsource" : "CONFIRM", },
"url" : "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html", ]
"refsource" : "CONFIRM", }
"url" : "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=640751", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=640751" "name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html",
}, "refsource": "CONFIRM",
{ "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html"
"name" : "http://support.apple.com/kb/HT4723", },
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4723" "name": "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html",
}, "refsource": "CONFIRM",
{ "url": "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html"
"name" : "APPLE-SA-2011-06-23-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" "name": "USN-1397-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1397-1"
"name" : "DSA-2143", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2143" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=640751",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=640751"
"name" : "MDVSA-2010:222", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:222" "name": "http://support.apple.com/kb/HT4723",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4723"
"name" : "MDVSA-2010:223", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:223" "name": "42875",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42875"
"name" : "RHSA-2010:0825", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0825.html" "name": "USN-1017-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1017-1"
"name" : "RHSA-2011:0164", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0164.html" "name": "APPLE-SA-2011-06-23-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
"name" : "TLSA-2011-3", },
"refsource" : "TURBO", {
"url" : "http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt" "name": "TLSA-2011-3",
}, "refsource": "TURBO",
{ "url": "http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt"
"name" : "USN-1017-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1017-1" "name": "ADV-2011-0105",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0105"
"name" : "USN-1397-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1397-1" "name": "MDVSA-2010:222",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:222"
"name" : "43676", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/43676" "name": "RHSA-2011:0164",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0164.html"
"name" : "42875", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42875" "name": "ADV-2011-0170",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0170"
"name" : "42936", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42936" "name": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html",
}, "refsource": "CONFIRM",
{ "url": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html"
"name" : "ADV-2011-0105", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0105" "name": "DSA-2143",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2011/dsa-2143"
"name" : "ADV-2011-0170", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0170" "name": "43676",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/43676"
"name" : "ADV-2011-0345", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0345" "name": "mysql-extremevalue-dos(64845)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64845"
"name" : "mysql-extremevalue-dos(64845)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64845" "name": "ADV-2011-0345",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2011/0345"
} },
{
"name": "42936",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42936"
},
{
"name": "RHSA-2010:0825",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0825.html"
},
{
"name": "http://bugs.mysql.com/bug.php?id=55826",
"refsource": "MISC",
"url": "http://bugs.mysql.com/bug.php?id=55826"
},
{
"name": "MDVSA-2010:223",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:223"
}
]
}
} }

138
2010/4xxx/CVE-2010-4097.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4097", "ID": "CVE-2010-4097",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in Aardvark Topsites PHP 5.2.0 and 5.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) mail, (2) title, (3) u, and (4) url parameters. NOTE: the q parameter is already covered by CVE-2009-2302."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20101024 Aardvark Topsite XSS vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/514423/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in Aardvark Topsites PHP 5.2.0 and 5.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) mail, (2) title, (3) u, and (4) url parameters. NOTE: the q parameter is already covered by CVE-2009-2302."
{ }
"name" : "44390", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/44390" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "topsitesphp-index-xss(62767)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62767" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "44390",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44390"
},
{
"name": "20101024 Aardvark Topsite XSS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514423/100/0/threaded"
},
{
"name": "topsitesphp-index-xss(62767)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62767"
}
]
}
} }

32
2010/4xxx/CVE-2010-4123.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2010-4123", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2010-4123",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
} }
] ]
} }
} }

32
2010/4xxx/CVE-2010-4124.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2010-4124", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2010-4124",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
} }
] ]
} }
} }

128
2010/4xxx/CVE-2010-4311.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4311", "ID": "CVE-2010-4311",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Free Simple Software 1.0 stores passwords in cleartext, which allows context-dependent attackers to obtain sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20101121 'Free Simple Software' SQL Injection Vulnerability (CVE-2010-4298)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/514863/100/0/threaded" "lang": "eng",
}, "value": "Free Simple Software 1.0 stores passwords in cleartext, which allows context-dependent attackers to obtain sensitive information."
{ }
"name" : "https://www.uncompiled.com/2010/11/free-simple-software-sql-injection-vulnerability-cve-2010-4298/", ]
"refsource" : "MISC", },
"url" : "https://www.uncompiled.com/2010/11/free-simple-software-sql-injection-vulnerability-cve-2010-4298/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.uncompiled.com/2010/11/free-simple-software-sql-injection-vulnerability-cve-2010-4298/",
"refsource": "MISC",
"url": "https://www.uncompiled.com/2010/11/free-simple-software-sql-injection-vulnerability-cve-2010-4298/"
},
{
"name": "20101121 'Free Simple Software' SQL Injection Vulnerability (CVE-2010-4298)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514863/100/0/threaded"
}
]
}
} }

128
2014/0xxx/CVE-2014-0362.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-0362", "ID": "CVE-2014-0362",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability on Google Search Appliance (GSA) devices before 7.0.14.G.216 and 7.2 before 7.2.0.G.114, when dynamic navigation is configured, allows remote attackers to inject arbitrary web script or HTML via input included in a SCRIPT element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#673313", "description_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/673313" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability on Google Search Appliance (GSA) devices before 7.0.14.G.216 and 7.2 before 7.2.0.G.114, when dynamic navigation is configured, allows remote attackers to inject arbitrary web script or HTML via input included in a SCRIPT element."
{ }
"name" : "67176", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/67176" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "67176",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67176"
},
{
"name": "VU#673313",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/673313"
}
]
}
} }

128
2014/0xxx/CVE-2014-0632.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security_alert@emc.com",
"ID" : "CVE-2014-0632", "ID": "CVE-2014-0632",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20140326 ESA-2014-016: EMC VPLEX Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-03/0157.html" "lang": "eng",
}, "value": "Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors."
{ }
"name" : "66513", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/66513" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "66513",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66513"
},
{
"name": "20140326 ESA-2014-016: EMC VPLEX Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-03/0157.html"
}
]
}
} }

130
2014/10xxx/CVE-2014-10056.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00", "DATE_PUBLIC": "2018-04-02T00:00:00",
"ID" : "CVE-2014-10056", "ID": "CVE-2014-10056",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Snapdragon Mobile", "product_name": "Snapdragon Mobile",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "SD 210/SD 212/SD 205" "version_value": "SD 210/SD 212/SD 205"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, A buffer overflow can potentially occur in any OpenCL application that calls clBuildProgram() with a device of type CL_DEVICE_TYPE_CPU in its device_list argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Overflow vulnerability when using OpenCL-CPU"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2018-04-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2018-04-01" "lang": "eng",
}, "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, A buffer overflow can potentially occur in any OpenCL application that calls clBuildProgram() with a device of type CL_DEVICE_TYPE_CPU in its device_list argument."
{ }
"name" : "103671", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103671" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Buffer Overflow vulnerability when using OpenCL-CPU"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
} }

118
2014/4xxx/CVE-2014-4768.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2014-4768", "ID": "CVE-2014-4768",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Unified Extensible Firmware Interface (UEFI) on Flex System x880 X6, System x3850 X6, and System x3950 X6 devices allows remote authenticated users to cause an unspecified temporary denial of service by using privileged access to enable a legacy boot mode."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098278", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098278" "lang": "eng",
} "value": "IBM Unified Extensible Firmware Interface (UEFI) on Flex System x880 X6, System x3850 X6, and System x3950 X6 devices allows remote authenticated users to cause an unspecified temporary denial of service by using privileged access to enable a legacy boot mode."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098278",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098278"
}
]
}
} }

138
2014/8xxx/CVE-2014-8148.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-8148", "ID": "CVE-2014-8148",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20150105 CVE-2014-8148: midgard-core configures D-Bus system bus to be insecure", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/01/05/2" "lang": "eng",
}, "value": "The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges."
{ }
"name" : "openSUSE-SU-2015:0111", ]
"refsource" : "SUSE", },
"url" : "http://lists.opensuse.org/opensuse-updates/2015-01/msg00051.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "openSUSE-SU-2015:0300", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150105 CVE-2014-8148: midgard-core configures D-Bus system bus to be insecure",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/05/2"
},
{
"name": "openSUSE-SU-2015:0111",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00051.html"
},
{
"name": "openSUSE-SU-2015:0300",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00066.html"
}
]
}
} }

32
2014/8xxx/CVE-2014-8692.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8692", "ID": "CVE-2014-8692",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

158
2014/9xxx/CVE-2014-9350.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9350", "ID": "CVE-2014-9350",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build 130529, and 3.16.4 Build 130205 allows remote attackers to cause a denial of service (httpd crash) via vectors involving a \"new\" value in the isNew parameter to PingIframeRpm.htm."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "35345", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/35345" "lang": "eng",
}, "value": "TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build 130529, and 3.16.4 Build 130205 allows remote attackers to cause a denial of service (httpd crash) via vectors involving a \"new\" value in the isNew parameter to PingIframeRpm.htm."
{ }
"name" : "http://packetstormsecurity.com/files/129227/TP-Link-TL-WR740N-Denial-Of-Service.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/129227/TP-Link-TL-WR740N-Denial-Of-Service.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5210.php", "description": [
"refsource" : "MISC", {
"url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5210.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "115017", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/115017" ]
}, },
{ "references": {
"name" : "tlwr740n-pingiframerpm-dos(98927)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98927" "name": "tlwr740n-pingiframerpm-dos(98927)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98927"
} },
{
"name": "http://packetstormsecurity.com/files/129227/TP-Link-TL-WR740N-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129227/TP-Link-TL-WR740N-Denial-Of-Service.html"
},
{
"name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5210.php",
"refsource": "MISC",
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5210.php"
},
{
"name": "35345",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35345"
},
{
"name": "115017",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/115017"
}
]
}
} }

118
2014/9xxx/CVE-2014-9353.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9353", "ID": "CVE-2014-9353",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NetApp OnCommand Balance before 4.2P2 contains a \"default privileged account,\" which allows remote attackers to gain privileges via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://kb.netapp.com/support/index?page=content&id=9010020", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://kb.netapp.com/support/index?page=content&id=9010020" "lang": "eng",
} "value": "NetApp OnCommand Balance before 4.2P2 contains a \"default privileged account,\" which allows remote attackers to gain privileges via unspecified vectors."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netapp.com/support/index?page=content&id=9010020",
"refsource": "CONFIRM",
"url": "https://kb.netapp.com/support/index?page=content&id=9010020"
}
]
}
} }

138
2014/9xxx/CVE-2014-9360.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9360", "ID": "CVE-2014-9360",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XML external entity (XXE) vulnerability in Scalix Web Access 11.4.6.12377 and 12.2.0.14697 allows remote attackers to read arbitrary files and trigger requests to intranet servers via a crafted request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20141031 SEC Consult SA-20141031-0 :: XML External Entity Injection (XXE) and Reflected XSS in Scalix Web Access", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/533861/100/0/threaded" "lang": "eng",
}, "value": "XML external entity (XXE) vulnerability in Scalix Web Access 11.4.6.12377 and 12.2.0.14697 allows remote attackers to read arbitrary files and trigger requests to intranet servers via a crafted request."
{ }
"name" : "20141031 SEC Consult SA-20141031-0 :: XML External Entity Injection (XXE) and Reflected XSS in Scalix Web Access", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2014/Oct/133" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141031-0_Scalix_Web_Access_XXE_v10.txt", "description": [
"refsource" : "MISC", {
"url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141031-0_Scalix_Web_Access_XXE_v10.txt" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "20141031 SEC Consult SA-20141031-0 :: XML External Entity Injection (XXE) and Reflected XSS in Scalix Web Access",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533861/100/0/threaded"
},
{
"name": "20141031 SEC Consult SA-20141031-0 :: XML External Entity Injection (XXE) and Reflected XSS in Scalix Web Access",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/133"
},
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141031-0_Scalix_Web_Access_XXE_v10.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141031-0_Scalix_Web_Access_XXE_v10.txt"
}
]
}
} }

148
2014/9xxx/CVE-2014-9718.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-9718", "ID": "CVE-2014-9718",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20150420 Re: CVE request Qemu: malicious PRDT flow from guest to host", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2015/04/20/7" "lang": "eng",
}, "value": "The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions."
{ }
"name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=3251bdcf1c67427d964517053c3d185b46e618e8", ]
"refsource" : "CONFIRM", },
"url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=3251bdcf1c67427d964517053c3d185b46e618e8" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-3259", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2015/dsa-3259" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "73316", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/73316" ]
} },
] "references": {
} "reference_data": [
{
"name": "DSA-3259",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3259"
},
{
"name": "[oss-security] 20150420 Re: CVE request Qemu: malicious PRDT flow from guest to host",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2015/04/20/7"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=3251bdcf1c67427d964517053c3d185b46e618e8",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=3251bdcf1c67427d964517053c3d185b46e618e8"
},
{
"name": "73316",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73316"
}
]
}
} }

158
2016/3xxx/CVE-2016-3616.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-3616", "ID": "CVE-2016-3616",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20190122 [SECURITY] [DLA 1638-1] libjpeg-turbo security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html" "lang": "eng",
}, "value": "The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1318509", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1318509" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1319661", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1319661" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "USN-3706-1", ]
"refsource" : "UBUNTU", }
"url" : "https://usn.ubuntu.com/3706-1/" ]
}, },
{ "references": {
"name" : "USN-3706-2", "reference_data": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3706-2/" "name": "USN-3706-2",
} "refsource": "UBUNTU",
] "url": "https://usn.ubuntu.com/3706-2/"
} },
{
"name": "USN-3706-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3706-1/"
},
{
"name": "[debian-lts-announce] 20190122 [SECURITY] [DLA 1638-1] libjpeg-turbo security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1318509",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1318509"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1319661",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1319661"
}
]
}
} }

118
2016/3xxx/CVE-2016-3691.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2016-3691", "ID": "CVE-2016-3691",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160502 [SECURITY ISSUES] CVE-2016-3691 and CVE-2016-3114", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/05/02/3" "lang": "eng",
} "value": "Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160502 [SECURITY ISSUES] CVE-2016-3691 and CVE-2016-3114",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/02/3"
}
]
}
} }

118
2016/3xxx/CVE-2016-3803.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-3803", "ID": "CVE-2016-3803",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel filesystem implementation in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28588434."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://source.android.com/security/bulletin/2016-07-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://source.android.com/security/bulletin/2016-07-01.html" "lang": "eng",
} "value": "The kernel filesystem implementation in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28588434."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
}
]
}
} }

32
2016/3xxx/CVE-2016-3967.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-3967", "ID": "CVE-2016-3967",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

228
2016/6xxx/CVE-2016-6291.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6291", "ID": "CVE-2016-6291",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160724 Re: Fwd: CVE for PHP 5.5.38 issues", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2016/07/24/2" "lang": "eng",
}, "value": "The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image."
{ }
"name" : "http://git.php.net/?p=php-src.git;a=commit;h=eebcbd5de38a0f1c2876035402cb770e37476519", ]
"refsource" : "CONFIRM", },
"url" : "http://git.php.net/?p=php-src.git;a=commit;h=eebcbd5de38a0f1c2876035402cb770e37476519" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://php.net/ChangeLog-5.php", "description": [
"refsource" : "CONFIRM", {
"url" : "http://php.net/ChangeLog-5.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://php.net/ChangeLog-7.php", ]
"refsource" : "CONFIRM", }
"url" : "http://php.net/ChangeLog-7.php" ]
}, },
{ "references": {
"name" : "https://bugs.php.net/72603", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.php.net/72603" "name": "http://git.php.net/?p=php-src.git;a=commit;h=eebcbd5de38a0f1c2876035402cb770e37476519",
}, "refsource": "CONFIRM",
{ "url": "http://git.php.net/?p=php-src.git;a=commit;h=eebcbd5de38a0f1c2876035402cb770e37476519"
"name" : "https://support.apple.com/HT207170", },
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207170" "name": "APPLE-SA-2016-09-20",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"
"name" : "APPLE-SA-2016-09-20", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html" "name": "GLSA-201611-22",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201611-22"
"name" : "DSA-3631", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2016/dsa-3631" "name": "RHSA-2016:2750",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
"name" : "GLSA-201611-22", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201611-22" "name": "http://php.net/ChangeLog-5.php",
}, "refsource": "CONFIRM",
{ "url": "http://php.net/ChangeLog-5.php"
"name" : "RHSA-2016:2750", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2750.html" "name": "https://bugs.php.net/72603",
}, "refsource": "CONFIRM",
{ "url": "https://bugs.php.net/72603"
"name" : "92073", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/92073" "name": "92073",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/92073"
"name" : "1036430", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036430" "name": "1036430",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1036430"
} },
{
"name": "DSA-3631",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3631"
},
{
"name": "http://php.net/ChangeLog-7.php",
"refsource": "CONFIRM",
"url": "http://php.net/ChangeLog-7.php"
},
{
"name": "[oss-security] 20160724 Re: Fwd: CVE for PHP 5.5.38 issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2016/07/24/2"
},
{
"name": "https://support.apple.com/HT207170",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207170"
}
]
}
} }

138
2016/6xxx/CVE-2016-6362.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2016-6362", "ID": "CVE-2016-6362",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.110.0, 8.2.12x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow local users to gain privileges via crafted CLI parameters, aka Bug ID CSCuz24725."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20160817 Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms CLI Privilege Escalation Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap1" "lang": "eng",
}, "value": "Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.110.0, 8.2.12x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow local users to gain privileges via crafted CLI parameters, aka Bug ID CSCuz24725."
{ }
"name" : "92513", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/92513" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1036644", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036644" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "1036644",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036644"
},
{
"name": "92513",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92513"
},
{
"name": "20160817 Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms CLI Privilege Escalation Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap1"
}
]
}
} }

152
2016/6xxx/CVE-2016-6705.json
View File

@ -1,79 +1,79 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-6705", "ID": "CVE-2016-6705",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android-5.0.2" "version_value": "Android-5.0.2"
}, },
{ {
"version_value" : "Android-5.1.1" "version_value": "Android-5.1.1"
}, },
{ {
"version_value" : "Android-6.0" "version_value": "Android-6.0"
}, },
{ {
"version_value" : "Android-6.0.1" "version_value": "Android-6.0.1"
}, },
{ {
"version_value" : "Android-7.0" "version_value": "Android-7.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in Mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-30907212."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2016-11-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2016-11-01.html" "lang": "eng",
}, "value": "An elevation of privilege vulnerability in Mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-30907212."
{ }
"name" : "94134", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/94134" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name": "94134",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94134"
}
]
}
} }

32
2016/6xxx/CVE-2016-6918.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6918", "ID": "CVE-2016-6918",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

168
2016/7xxx/CVE-2016-7914.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-7914", "ID": "CVE-2016-7914",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8d4a2ec1e0b41b0cf9a0c5cd4511da7f8e4f3de2", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8d4a2ec1e0b41b0cf9a0c5cd4511da7f8e4f3de2" "lang": "eng",
}, "value": "The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite."
{ }
"name" : "http://source.android.com/security/bulletin/2016-11-01.html", ]
"refsource" : "CONFIRM", },
"url" : "http://source.android.com/security/bulletin/2016-11-01.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/torvalds/linux/commit/8d4a2ec1e0b41b0cf9a0c5cd4511da7f8e4f3de2", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/torvalds/linux/commit/8d4a2ec1e0b41b0cf9a0c5cd4511da7f8e4f3de2" ]
}, },
{ "references": {
"name" : "RHSA-2016:2574", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2574.html" "name": "http://source.android.com/security/bulletin/2016-11-01.html",
}, "refsource": "CONFIRM",
{ "url": "http://source.android.com/security/bulletin/2016-11-01.html"
"name" : "94138", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/94138" "name": "RHSA-2016:2574",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
} },
{
"name": "https://github.com/torvalds/linux/commit/8d4a2ec1e0b41b0cf9a0c5cd4511da7f8e4f3de2",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/8d4a2ec1e0b41b0cf9a0c5cd4511da7f8e4f3de2"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3"
},
{
"name": "94138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94138"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8d4a2ec1e0b41b0cf9a0c5cd4511da7f8e4f3de2",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8d4a2ec1e0b41b0cf9a0c5cd4511da7f8e4f3de2"
}
]
}
} }

168
2016/7xxx/CVE-2016-7982.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-7982", "ID": "CVE-2016-7982",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/10/05/17" "lang": "eng",
}, "value": "Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action."
{ }
"name" : "[oss-security] 20161006 Re: SPIP vulnerabilities: request for 5 CVE", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2016/10/06/6" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20161012 CVE-2016-7982: SPIP 3.1.1/3.1.2 File Enumeration / Path Traversal", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/10/12/8" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://sysdream.com/news/lab/2016-10-19-spip-3-1-1-3-1-2-file-enumeration-path-traversal-cve-2016-7982/", ]
"refsource" : "MISC", }
"url" : "https://sysdream.com/news/lab/2016-10-19-spip-3-1-1-3-1-2-file-enumeration-path-traversal-cve-2016-7982/" ]
}, },
{ "references": {
"name" : "https://core.spip.net/projects/spip/repository/revisions/23200", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://core.spip.net/projects/spip/repository/revisions/23200" "name": "93451",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/93451"
"name" : "93451", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/93451" "name": "https://core.spip.net/projects/spip/repository/revisions/23200",
} "refsource": "CONFIRM",
] "url": "https://core.spip.net/projects/spip/repository/revisions/23200"
} },
{
"name": "[oss-security] 20161006 Re: SPIP vulnerabilities: request for 5 CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/06/6"
},
{
"name": "[oss-security] 20161005 SPIP vulnerabilities: request for 5 CVE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/17"
},
{
"name": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-1-3-1-2-file-enumeration-path-traversal-cve-2016-7982/",
"refsource": "MISC",
"url": "https://sysdream.com/news/lab/2016-10-19-spip-3-1-1-3-1-2-file-enumeration-path-traversal-cve-2016-7982/"
},
{
"name": "[oss-security] 20161012 CVE-2016-7982: SPIP 3.1.1/3.1.2 File Enumeration / Path Traversal",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/12/8"
}
]
}
} }

168
2016/8xxx/CVE-2016-8106.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@intel.com", "ASSIGNER": "secure@intel.com",
"ID" : "CVE-2016-8106", "ID": "CVE-2016-8106",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Intel® Ethernet Controller X710 family and Intel® Ethernet Controller XL710 family", "product_name": "Intel\u00c2\u00ae Ethernet Controller X710 family and Intel\u00c2\u00ae Ethernet Controller XL710 family",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Before NVM Version 5.05" "version_value": "Before NVM Version 5.05"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Intel" "vendor_name": "Intel"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00063&languageid=en-fr", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00063&languageid=en-fr" "lang": "eng",
}, "value": "A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions."
{ }
"name" : "https://support.lenovo.com/us/en/product_security/LEN-12029", ]
"refsource" : "CONFIRM", },
"url" : "https://support.lenovo.com/us/en/product_security/LEN-12029" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05368378", "description": [
"refsource" : "CONFIRM", {
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05368378" "lang": "eng",
}, "value": "Denial of Service"
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg22002507", ]
"refsource" : "CONFIRM", }
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg22002507" ]
}, },
{ "references": {
"name" : "95333", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/95333" "name": "95333",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/95333"
"name" : "1037562", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037562" "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00063&languageid=en-fr",
} "refsource": "CONFIRM",
] "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00063&languageid=en-fr"
} },
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg22002507",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22002507"
},
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-12029",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-12029"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05368378",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05368378"
},
{
"name": "1037562",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037562"
}
]
}
} }

228
2016/8xxx/CVE-2016-8568.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-8568", "ID": "CVE-2016-8568",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20161008 Re: CVE request: invalid memory accesses parsing object files in libgit2", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/10/08/7" "lang": "eng",
}, "value": "The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1383211", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1383211" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/libgit2/libgit2/issues/3936", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/libgit2/libgit2/issues/3936" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/libgit2/libgit2/releases/tag/v0.24.3", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/libgit2/libgit2/releases/tag/v0.24.3" ]
}, },
{ "references": {
"name" : "FEDORA-2016-505d7fe198", "reference_data": [
"refsource" : "FEDORA", {
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVUEIG6EESZB6BRU2IE3F5NRUEHMAEKC/" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1383211",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1383211"
"name" : "FEDORA-2016-616a35205b", },
"refsource" : "FEDORA", {
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3JBSNJAXP7JA3TGE2NPNRTD77JXFG4E/" "name": "FEDORA-2016-616a35205b",
}, "refsource": "FEDORA",
{ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3JBSNJAXP7JA3TGE2NPNRTD77JXFG4E/"
"name" : "FEDORA-2016-bc51f4636f", },
"refsource" : "FEDORA", {
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4E77DG5KGQ7L34U75QY7O6NIPKZNQHQJ/" "name": "https://github.com/libgit2/libgit2/issues/3936",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/libgit2/libgit2/issues/3936"
"name" : "openSUSE-SU-2016:3097", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html" "name": "[oss-security] 20161008 Re: CVE request: invalid memory accesses parsing object files in libgit2",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2016/10/08/7"
"name" : "openSUSE-SU-2017:0184", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html" "name": "https://github.com/libgit2/libgit2/releases/tag/v0.24.3",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/libgit2/libgit2/releases/tag/v0.24.3"
"name" : "openSUSE-SU-2017:0195", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html" "name": "openSUSE-SU-2016:3097",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html"
"name" : "openSUSE-SU-2017:0208", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html" "name": "FEDORA-2016-505d7fe198",
}, "refsource": "FEDORA",
{ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVUEIG6EESZB6BRU2IE3F5NRUEHMAEKC/"
"name" : "93466", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/93466" "name": "openSUSE-SU-2017:0208",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html"
} },
{
"name": "openSUSE-SU-2017:0195",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html"
},
{
"name": "openSUSE-SU-2017:0184",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html"
},
{
"name": "FEDORA-2016-bc51f4636f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4E77DG5KGQ7L34U75QY7O6NIPKZNQHQJ/"
},
{
"name": "93466",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93466"
}
]
}
} }

218
2016/8xxx/CVE-2016-8602.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-8602", "ID": "CVE-2016-8602",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20161011 Re: CVE Request - multiple ghostscript -dSAFER sandbox problems", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/10/11/7" "lang": "eng",
}, "value": "The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack."
{ }
"name" : "[oss-security] 20161011 Re: CVE Request - multiple ghostscript -dSAFER sandbox problems", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2016/10/11/5" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=f5c7555c303", "description": [
"refsource" : "CONFIRM", {
"url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=f5c7555c303" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugs.ghostscript.com/show_bug.cgi?id=697203", ]
"refsource" : "CONFIRM", }
"url" : "https://bugs.ghostscript.com/show_bug.cgi?id=697203" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1383940", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1383940" "name": "DSA-3691",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2016/dsa-3691"
"name" : "https://ghostscript.com/doc/9.21/History9.htm", },
"refsource" : "CONFIRM", {
"url" : "https://ghostscript.com/doc/9.21/History9.htm" "name": "95311",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/95311"
"name" : "DSA-3691", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2016/dsa-3691" "name": "RHSA-2017:0013",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2017-0013.html"
"name" : "GLSA-201702-31", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201702-31" "name": "RHSA-2017:0014",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2017-0014.html"
"name" : "RHSA-2017:0013", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0013.html" "name": "[oss-security] 20161011 Re: CVE Request - multiple ghostscript -dSAFER sandbox problems",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2016/10/11/7"
"name" : "RHSA-2017:0014", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0014.html" "name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=f5c7555c303",
}, "refsource": "CONFIRM",
{ "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=f5c7555c303"
"name" : "95311", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/95311" "name": "https://bugs.ghostscript.com/show_bug.cgi?id=697203",
} "refsource": "CONFIRM",
] "url": "https://bugs.ghostscript.com/show_bug.cgi?id=697203"
} },
{
"name": "https://ghostscript.com/doc/9.21/History9.htm",
"refsource": "CONFIRM",
"url": "https://ghostscript.com/doc/9.21/History9.htm"
},
{
"name": "GLSA-201702-31",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-31"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1383940",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1383940"
},
{
"name": "[oss-security] 20161011 Re: CVE Request - multiple ghostscript -dSAFER sandbox problems",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/11/5"
}
]
}
} }

158
2016/8xxx/CVE-2016-8701.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-8701", "ID": "CVE-2016-8701",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8698, CVE-2016-8699, CVE-2016-8700, CVE-2016-8702, and CVE-2016-8703."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160818 potrace: multiple crashes", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/08/18/11" "lang": "eng",
}, "value": "Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8698, CVE-2016-8699, CVE-2016-8700, CVE-2016-8702, and CVE-2016-8703."
{ }
"name" : "[oss-security] 20161015 Re: potrace: multiple crashes", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2016/10/16/12" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/", "description": [
"refsource" : "MISC", {
"url" : "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://potrace.sourceforge.net/ChangeLog", ]
"refsource" : "CONFIRM", }
"url" : "http://potrace.sourceforge.net/ChangeLog" ]
}, },
{ "references": {
"name" : "93778", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/93778" "name": "93778",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/93778"
} },
{
"name": "[oss-security] 20161015 Re: potrace: multiple crashes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/16/12"
},
{
"name": "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/"
},
{
"name": "[oss-security] 20160818 potrace: multiple crashes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/08/18/11"
},
{
"name": "http://potrace.sourceforge.net/ChangeLog",
"refsource": "CONFIRM",
"url": "http://potrace.sourceforge.net/ChangeLog"
}
]
}
} }