admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:09:50 +00:00
parent b6e434bffb
commit b13c9420f2
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 4232 additions and 4232 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
2006/0xxx/CVE-2006-0094.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0094",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_stat parameter, a different vulnerability than CVE-2006-0076. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ADV-2006-0028",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0028"
},
{
"name" : "17373",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17373"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_stat parameter, a different vulnerability than CVE-2006-0076. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17373",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17373"
},
{
"name": "ADV-2006-0028",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0028"
}
]
}
}

190
2006/0xxx/CVE-2006-0143.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0143",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF file containing (1) ExtCreateRegion or (2) ExtEscape function calls with arguments with inconsistent lengths."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060107 Microsoft Windows GRE WMF Format Multiple Memory Overrun Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/421257/100/0/threaded"
},
{
"name" : "20060109 [UPDATE]Microsoft Windows GRE WMF Format Multiple Unauthorized Memory Access Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/421258/100/0/threaded"
},
{
"name" : "http://lostmon.blogspot.com/2007/08/windows-extended-file-attributes-buffer.html",
"refsource" : "MISC",
"url" : "http://lostmon.blogspot.com/2007/08/windows-extended-file-attributes-buffer.html"
},
{
"name" : "http://blogs.technet.com/msrc/archive/2006/01/09/417198.aspx",
"refsource" : "CONFIRM",
"url" : "http://blogs.technet.com/msrc/archive/2006/01/09/417198.aspx"
},
{
"name" : "16167",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16167"
},
{
"name" : "ADV-2006-0115",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0115"
},
{
"name" : "1015453",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015453"
},
{
"name" : "win-gre-wmf-dos(24044)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24044"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF file containing (1) ExtCreateRegion or (2) ExtEscape function calls with arguments with inconsistent lengths."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015453",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015453"
},
{
"name": "http://lostmon.blogspot.com/2007/08/windows-extended-file-attributes-buffer.html",
"refsource": "MISC",
"url": "http://lostmon.blogspot.com/2007/08/windows-extended-file-attributes-buffer.html"
},
{
"name": "win-gre-wmf-dos(24044)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24044"
},
{
"name": "16167",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16167"
},
{
"name": "http://blogs.technet.com/msrc/archive/2006/01/09/417198.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/msrc/archive/2006/01/09/417198.aspx"
},
{
"name": "20060109 [UPDATE]Microsoft Windows GRE WMF Format Multiple Unauthorized Memory Access Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421258/100/0/threaded"
},
{
"name": "20060107 Microsoft Windows GRE WMF Format Multiple Memory Overrun Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421257/100/0/threaded"
},
{
"name": "ADV-2006-0115",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0115"
}
]
}
}

250
2006/0xxx/CVE-2006-0459.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0459",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-0459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[flex-announce] 20060222 flex 2.5.33 released",
"refsource" : "MLIST",
"url" : "http://sourceforge.net/mailarchive/forum.php?thread_name=20060223020346.GA11231%40tabitha.home.tldz.org&forum_name=flex-announce"
},
{
"name" : "http://prdownloads.sourceforge.net/flex/flex-2.5.33.tar.bz2?download",
"refsource" : "CONFIRM",
"url" : "http://prdownloads.sourceforge.net/flex/flex-2.5.33.tar.bz2?download"
},
{
"name" : "DSA-1020",
"refsource" : "DEBIAN",
"url" : "http://www.us.debian.org/security/2006/dsa-1020"
},
{
"name" : "GLSA-200603-07",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200603-07.xml"
},
{
"name" : "USN-260-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/260-1/"
},
{
"name" : "16896",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16896"
},
{
"name" : "ADV-2006-0770",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0770"
},
{
"name" : "23440",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23440"
},
{
"name" : "19071",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19071"
},
{
"name" : "19424",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19424"
},
{
"name" : "19126",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19126"
},
{
"name" : "19228",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19228"
},
{
"name" : "570",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/570"
},
{
"name" : "flex-bypass-security(24995)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24995"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://prdownloads.sourceforge.net/flex/flex-2.5.33.tar.bz2?download",
"refsource": "CONFIRM",
"url": "http://prdownloads.sourceforge.net/flex/flex-2.5.33.tar.bz2?download"
},
{
"name": "23440",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23440"
},
{
"name": "DSA-1020",
"refsource": "DEBIAN",
"url": "http://www.us.debian.org/security/2006/dsa-1020"
},
{
"name": "ADV-2006-0770",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0770"
},
{
"name": "19071",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19071"
},
{
"name": "16896",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16896"
},
{
"name": "flex-bypass-security(24995)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24995"
},
{
"name": "GLSA-200603-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-07.xml"
},
{
"name": "19228",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19228"
},
{
"name": "19424",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19424"
},
{
"name": "570",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/570"
},
{
"name": "19126",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19126"
},
{
"name": "USN-260-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/260-1/"
},
{
"name": "[flex-announce] 20060222 flex 2.5.33 released",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=20060223020346.GA11231%40tabitha.home.tldz.org&forum_name=flex-announce"
}
]
}
}

180
2006/0xxx/CVE-2006-0812.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0812",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The VisNetic AntiVirus Plug-in (DKAVUpSch.exe) for Mail Server 4.6.0.4, 4.6.1.1, and possibly other versions before 4.6.1.2, does not drop privileges before executing other programs, which allows local users to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060223 Secunia Research: Visnetic AntiVirus Plug-in for MailServerPrivilege Escalation",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/425890/100/0/threaded"
},
{
"name" : "http://secunia.com/secunia_research/2005-65/advisory/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2005-65/advisory/"
},
{
"name" : "16788",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16788"
},
{
"name" : "ADV-2006-0701",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0701"
},
{
"name" : "1015670",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015670"
},
{
"name" : "16583",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16583"
},
{
"name" : "visnetic-av-plugin-privilege-elevation(24928)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24928"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VisNetic AntiVirus Plug-in (DKAVUpSch.exe) for Mail Server 4.6.0.4, 4.6.1.1, and possibly other versions before 4.6.1.2, does not drop privileges before executing other programs, which allows local users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015670",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015670"
},
{
"name": "http://secunia.com/secunia_research/2005-65/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-65/advisory/"
},
{
"name": "16583",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16583"
},
{
"name": "ADV-2006-0701",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0701"
},
{
"name": "16788",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16788"
},
{
"name": "visnetic-av-plugin-privilege-elevation(24928)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24928"
},
{
"name": "20060223 Secunia Research: Visnetic AntiVirus Plug-in for MailServerPrivilege Escalation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425890/100/0/threaded"
}
]
}
}

170
2006/1xxx/CVE-2006-1089.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1089",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHP_SELF variable is used to handle a pun_page tag."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.punbb.org/changelogs/1.2.10_to_1.2.11.txt",
"refsource" : "CONFIRM",
"url" : "http://www.punbb.org/changelogs/1.2.10_to_1.2.11.txt"
},
{
"name" : "http://www.punbb.org/download/patch/punbb-1.2.10_to_1.2.11.patch",
"refsource" : "CONFIRM",
"url" : "http://www.punbb.org/download/patch/punbb-1.2.10_to_1.2.11.patch"
},
{
"name" : "16891",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16891"
},
{
"name" : "ADV-2006-0773",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0773"
},
{
"name" : "19039",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19039"
},
{
"name" : "punbb-header-xss(24982)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24982"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHP_SELF variable is used to handle a pun_page tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "punbb-header-xss(24982)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24982"
},
{
"name": "16891",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16891"
},
{
"name": "http://www.punbb.org/changelogs/1.2.10_to_1.2.11.txt",
"refsource": "CONFIRM",
"url": "http://www.punbb.org/changelogs/1.2.10_to_1.2.11.txt"
},
{
"name": "http://www.punbb.org/download/patch/punbb-1.2.10_to_1.2.11.patch",
"refsource": "CONFIRM",
"url": "http://www.punbb.org/download/patch/punbb-1.2.10_to_1.2.11.patch"
},
{
"name": "ADV-2006-0773",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0773"
},
{
"name": "19039",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19039"
}
]
}
}

180
2006/1xxx/CVE-2006-1258.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1258",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0",
"refsource" : "CONFIRM",
"url" : "http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0"
},
{
"name" : "17142",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17142"
},
{
"name" : "ADV-2006-0991",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0991"
},
{
"name" : "23943",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23943"
},
{
"name" : "1015776",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015776"
},
{
"name" : "19277",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19277"
},
{
"name" : "phpmyadmin-settheme-xss(25305)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25305"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0",
"refsource": "CONFIRM",
"url": "http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0"
},
{
"name": "17142",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17142"
},
{
"name": "phpmyadmin-settheme-xss(25305)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25305"
},
{
"name": "ADV-2006-0991",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0991"
},
{
"name": "1015776",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015776"
},
{
"name": "19277",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19277"
},
{
"name": "23943",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23943"
}
]
}
}

160
2006/1xxx/CVE-2006-1339.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1339",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in inc/functions.inc.php in CuteNews 1.4.1 and possibly other versions, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the archive parameter in an HTTP POST or COOKIE request, which bypasses a sanity check that is only applied to a GET request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060322 cutenews 1.4.1 Arbitrary File Access",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/428434/100/0/threaded"
},
{
"name" : "http://hamid.ir/security/cutenews.txt",
"refsource" : "MISC",
"url" : "http://hamid.ir/security/cutenews.txt"
},
{
"name" : "17152",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17152"
},
{
"name" : "19289",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19289"
},
{
"name" : "cutenews-incfunction-directory-traversal(25324)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25324"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in inc/functions.inc.php in CuteNews 1.4.1 and possibly other versions, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the archive parameter in an HTTP POST or COOKIE request, which bypasses a sanity check that is only applied to a GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19289",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19289"
},
{
"name": "17152",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17152"
},
{
"name": "http://hamid.ir/security/cutenews.txt",
"refsource": "MISC",
"url": "http://hamid.ir/security/cutenews.txt"
},
{
"name": "20060322 cutenews 1.4.1 Arbitrary File Access",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/428434/100/0/threaded"
},
{
"name": "cutenews-incfunction-directory-traversal(25324)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25324"
}
]
}
}

160
2006/1xxx/CVE-2006-1383.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1383",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Baby FTP Server (BabyFTP) 1.24 allows remote authenticated users to determine existence of files outside the intended document root via unspecified manipulations, which generate different error messages depending on whether a file exists or not."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1383",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "17205",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17205"
},
{
"name" : "ADV-2006-1069",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1069"
},
{
"name" : "24057",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24057"
},
{
"name" : "19338",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19338"
},
{
"name" : "baby-ftp-information-disclosure(25413)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25413"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Baby FTP Server (BabyFTP) 1.24 allows remote authenticated users to determine existence of files outside the intended document root via unspecified manipulations, which generate different error messages depending on whether a file exists or not."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17205",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17205"
},
{
"name": "baby-ftp-information-disclosure(25413)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25413"
},
{
"name": "19338",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19338"
},
{
"name": "ADV-2006-1069",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1069"
},
{
"name": "24057",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24057"
}
]
}
}

130
2006/1xxx/CVE-2006-1722.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1722",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in suche.htm in ShopXS 4.0 allows remote attackers to inject arbitrary web script or HTML via the Suchstring1 (aka search) parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1722",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/04/shopxs-v40-xss-vuln_10.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/04/shopxs-v40-xss-vuln_10.html"
},
{
"name" : "shopxs-search-xss(25715)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25715"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in suche.htm in ShopXS 4.0 allows remote attackers to inject arbitrary web script or HTML via the Suchstring1 (aka search) parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "shopxs-search-xss(25715)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25715"
},
{
"name": "http://pridels0.blogspot.com/2006/04/shopxs-v40-xss-vuln_10.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/04/shopxs-v40-xss-vuln_10.html"
}
]
}
}

380
2006/5xxx/CVE-2006-5052.json
View File

@ -1,192 +1,192 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5052",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI \"authentication abort.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-5052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061005 rPSA-2006-0185-1 gnome-ssh-askpass openssh openssh-client openssh-server",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/447861/100/200/threaded"
},
{
"name" : "[openssh-unix-dev] 20060927 Announce: OpenSSH 4.4 released",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2"
},
{
"name" : "https://issues.rpath.com/browse/RPL-681",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-681"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=305214",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"name" : "http://openssh.org/txt/release-4.4",
"refsource" : "CONFIRM",
"url" : "http://openssh.org/txt/release-4.4"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-527.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-527.htm"
},
{
"name" : "APPLE-SA-2007-03-13",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"name" : "GLSA-200611-06",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200611-06.xml"
},
{
"name" : "RHSA-2006:0697",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2006-0697.html"
},
{
"name" : "RHSA-2007:0540",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0540.html"
},
{
"name" : "RHSA-2007:0703",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0703.html"
},
{
"name" : "SSA:2006-272-02",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566"
},
{
"name" : "SUSE-SA:2006:062",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_62_openssh.html"
},
{
"name" : "TA07-072A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"name" : "20245",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20245"
},
{
"name" : "oval:org.mitre.oval:def:10178",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10178"
},
{
"name" : "ADV-2007-0930",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0930"
},
{
"name" : "29266",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29266"
},
{
"name" : "1016939",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016939"
},
{
"name" : "22158",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22158"
},
{
"name" : "22173",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22173"
},
{
"name" : "22495",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22495"
},
{
"name" : "22823",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22823"
},
{
"name" : "24479",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24479"
},
{
"name" : "27588",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27588"
},
{
"name" : "28320",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28320"
},
{
"name" : "openssh-gssapi-user-enumeration(29255)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29255"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI \"authentication abort.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20245",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20245"
},
{
"name": "20061005 rPSA-2006-0185-1 gnome-ssh-askpass openssh openssh-client openssh-server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447861/100/200/threaded"
},
{
"name": "http://openssh.org/txt/release-4.4",
"refsource": "CONFIRM",
"url": "http://openssh.org/txt/release-4.4"
},
{
"name": "TA07-072A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"name": "GLSA-200611-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200611-06.xml"
},
{
"name": "SUSE-SA:2006:062",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_62_openssh.html"
},
{
"name": "APPLE-SA-2007-03-13",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"name": "29266",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29266"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305214",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"name": "27588",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27588"
},
{
"name": "https://issues.rpath.com/browse/RPL-681",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-681"
},
{
"name": "1016939",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016939"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-527.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-527.htm"
},
{
"name": "oval:org.mitre.oval:def:10178",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10178"
},
{
"name": "openssh-gssapi-user-enumeration(29255)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29255"
},
{
"name": "22495",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22495"
},
{
"name": "22823",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22823"
},
{
"name": "SSA:2006-272-02",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566"
},
{
"name": "[openssh-unix-dev] 20060927 Announce: OpenSSH 4.4 released",
"refsource": "MLIST",
"url": "http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2"
},
{
"name": "RHSA-2007:0703",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0703.html"
},
{
"name": "RHSA-2006:0697",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0697.html"
},
{
"name": "ADV-2007-0930",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0930"
},
{
"name": "28320",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28320"
},
{
"name": "22173",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22173"
},
{
"name": "RHSA-2007:0540",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0540.html"
},
{
"name": "22158",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22158"
},
{
"name": "24479",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24479"
}
]
}
}

150
2006/5xxx/CVE-2006-5410.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5410",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in templates/tmpl_dfl/scripts/index.php in BoonEx Dolphin 5.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter. NOTE: it is possible that this issue overlaps CVE-2006-4189."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061018 Boonex Dolphin 5.2 Remote File Inclusion",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/449090/100/0/threaded"
},
{
"name" : "20576",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20576"
},
{
"name" : "1747",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1747"
},
{
"name" : "dolphin-index-file-include(29604)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29604"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in templates/tmpl_dfl/scripts/index.php in BoonEx Dolphin 5.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter. NOTE: it is possible that this issue overlaps CVE-2006-4189."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20576",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20576"
},
{
"name": "dolphin-index-file-include(29604)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29604"
},
{
"name": "1747",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1747"
},
{
"name": "20061018 Boonex Dolphin 5.2 Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449090/100/0/threaded"
}
]
}
}

210
2006/5xxx/CVE-2006-5780.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5780",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in nfsd.exe in XLink Omni-NFS Server 5.2 allows remote attackers to execute arbitrary code via a crafted TCP packet to port 2049 (nfsd), as demonstrated by vd_xlink.pm."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061106 VulnDisco Pack for Metasploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/450728/100/0/threaded"
},
{
"name" : "http://gleg.net/downloads/VULNDISCO_META_FREE.tar.gz",
"refsource" : "MISC",
"url" : "http://gleg.net/downloads/VULNDISCO_META_FREE.tar.gz"
},
{
"name" : "http://gleg.net/vulndisco_meta.shtml",
"refsource" : "MISC",
"url" : "http://gleg.net/vulndisco_meta.shtml"
},
{
"name" : "2729",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2729"
},
{
"name" : "20941",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20941"
},
{
"name" : "ADV-2006-4380",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4380"
},
{
"name" : "1017172",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017172"
},
{
"name" : "22751",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22751"
},
{
"name" : "1831",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1831"
},
{
"name" : "xlink-nfsserver-bo(30083)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30083"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in nfsd.exe in XLink Omni-NFS Server 5.2 allows remote attackers to execute arbitrary code via a crafted TCP packet to port 2049 (nfsd), as demonstrated by vd_xlink.pm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://gleg.net/vulndisco_meta.shtml",
"refsource": "MISC",
"url": "http://gleg.net/vulndisco_meta.shtml"
},
{
"name": "22751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22751"
},
{
"name": "20941",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20941"
},
{
"name": "2729",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2729"
},
{
"name": "ADV-2006-4380",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4380"
},
{
"name": "http://gleg.net/downloads/VULNDISCO_META_FREE.tar.gz",
"refsource": "MISC",
"url": "http://gleg.net/downloads/VULNDISCO_META_FREE.tar.gz"
},
{
"name": "1017172",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017172"
},
{
"name": "20061106 VulnDisco Pack for Metasploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450728/100/0/threaded"
},
{
"name": "xlink-nfsserver-bo(30083)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30083"
},
{
"name": "1831",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1831"
}
]
}
}

180
2010/0xxx/CVE-2010-0005.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0005",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100111 CVE Request: viewvc",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/01/11/2"
},
{
"name" : "[oss-security] 20100113 Re: CVE Request: viewvc",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/01/13/5"
},
{
"name" : "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242&r2=2313&pathrev=HEAD",
"refsource" : "CONFIRM",
"url" : "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242&r2=2313&pathrev=HEAD"
},
{
"name" : "http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2300",
"refsource" : "CONFIRM",
"url" : "http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2300"
},
{
"name" : "FEDORA-2009-13610",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01421.html"
},
{
"name" : "FEDORA-2009-13634",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01464.html"
},
{
"name" : "SUSE-SA:2010:008",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242&r2=2313&pathrev=HEAD",
"refsource": "CONFIRM",
"url": "http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242&r2=2313&pathrev=HEAD"
},
{
"name": "FEDORA-2009-13610",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01421.html"
},
{
"name": "[oss-security] 20100113 Re: CVE Request: viewvc",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/01/13/5"
},
{
"name": "FEDORA-2009-13634",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01464.html"
},
{
"name": "[oss-security] 20100111 CVE Request: viewvc",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/01/11/2"
},
{
"name": "SUSE-SA:2010:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
},
{
"name": "http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2300",
"refsource": "CONFIRM",
"url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2300"
}
]
}
}

130
2010/0xxx/CVE-2010-0078.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0078",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.0, 9.1, 9.2MP3, 10.0MP2, and 10.3.1 allows remote attackers to affect availability via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-0078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"
},
{
"name" : "TA10-012A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-012A.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.0, 9.1, 9.2MP3, 10.0MP2, and 10.3.1 allows remote attackers to affect availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"
},
{
"name": "TA10-012A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-012A.html"
}
]
}
}

330
2010/0xxx/CVE-2010-0173.json
View File

@ -1,167 +1,167 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0173",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-16.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-16.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=488850",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=488850"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=491722",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=491722"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=496011",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=496011"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=499862",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=499862"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=542136",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=542136"
},
{
"name" : "FEDORA-2010-5526",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038367.html"
},
{
"name" : "FEDORA-2010-5539",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038378.html"
},
{
"name" : "MDVSA-2010:070",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:070"
},
{
"name" : "SUSE-SR:2010:013",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name" : "USN-921-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-921-1"
},
{
"name" : "oval:org.mitre.oval:def:7467",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7467"
},
{
"name" : "1023775",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023775"
},
{
"name" : "1023781",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023781"
},
{
"name" : "39136",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39136"
},
{
"name" : "39204",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39204"
},
{
"name" : "39242",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39242"
},
{
"name" : "39243",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39243"
},
{
"name" : "39397",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39397"
},
{
"name" : "ADV-2010-0748",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0748"
},
{
"name" : "ADV-2010-0849",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0849"
},
{
"name" : "firefox-browser-eng-code-execution(57388)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57388"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39397"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=496011",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=496011"
},
{
"name": "39136",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39136"
},
{
"name": "USN-921-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-921-1"
},
{
"name": "SUSE-SR:2010:013",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "1023781",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023781"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=488850",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=488850"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=491722",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=491722"
},
{
"name": "MDVSA-2010:070",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:070"
},
{
"name": "oval:org.mitre.oval:def:7467",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7467"
},
{
"name": "FEDORA-2010-5526",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038367.html"
},
{
"name": "http://www.mozilla.org/security/announce/2010/mfsa2010-16.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-16.html"
},
{
"name": "39243",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39243"
},
{
"name": "ADV-2010-0748",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0748"
},
{
"name": "ADV-2010-0849",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0849"
},
{
"name": "FEDORA-2010-5539",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038378.html"
},
{
"name": "39242",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39242"
},
{
"name": "firefox-browser-eng-code-execution(57388)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57388"
},
{
"name": "1023775",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023775"
},
{
"name": "39204",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39204"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=542136",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=542136"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=499862",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=499862"
}
]
}
}

140
2010/0xxx/CVE-2010-0406.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0406",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenTTD before 1.0.1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and daemon crash) by performing incomplete downloads of the map."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.openttd.org/task/3785",
"refsource" : "CONFIRM",
"url" : "http://bugs.openttd.org/task/3785"
},
{
"name" : "http://security.openttd.org/en/CVE-2010-0406",
"refsource" : "CONFIRM",
"url" : "http://security.openttd.org/en/CVE-2010-0406"
},
{
"name" : "39669",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39669"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenTTD before 1.0.1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and daemon crash) by performing incomplete downloads of the map."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39669",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39669"
},
{
"name": "http://bugs.openttd.org/task/3785",
"refsource": "CONFIRM",
"url": "http://bugs.openttd.org/task/3785"
},
{
"name": "http://security.openttd.org/en/CVE-2010-0406",
"refsource": "CONFIRM",
"url": "http://security.openttd.org/en/CVE-2010-0406"
}
]
}
}

150
2010/3xxx/CVE-2010-3204.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3204",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Pecio CMS 2.0.5 allow remote attackers to execute arbitrary PHP code via a URL in the template parameter to (1) post.php, (2) article.php, (3) blog.php, or (4) home.php in pec_templates/nova-blue/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14815",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14815"
},
{
"name" : "http://eidelweiss-advisories.blogspot.com/2010/08/pecio-cms-v205-template-multiple-remote.html",
"refsource" : "MISC",
"url" : "http://eidelweiss-advisories.blogspot.com/2010/08/pecio-cms-v205-template-multiple-remote.html"
},
{
"name" : "http://packetstormsecurity.org/1008-exploits/peciocms-rfi.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1008-exploits/peciocms-rfi.txt"
},
{
"name" : "peciocms-multiple-file-include(61433)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61433"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Pecio CMS 2.0.5 allow remote attackers to execute arbitrary PHP code via a URL in the template parameter to (1) post.php, (2) article.php, (3) blog.php, or (4) home.php in pec_templates/nova-blue/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/1008-exploits/peciocms-rfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1008-exploits/peciocms-rfi.txt"
},
{
"name": "peciocms-multiple-file-include(61433)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61433"
},
{
"name": "http://eidelweiss-advisories.blogspot.com/2010/08/pecio-cms-v205-template-multiple-remote.html",
"refsource": "MISC",
"url": "http://eidelweiss-advisories.blogspot.com/2010/08/pecio-cms-v205-template-multiple-remote.html"
},
{
"name": "14815",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14815"
}
]
}
}

140
2010/3xxx/CVE-2010-3419.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3419",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 2.2.3 allow remote attackers to execute arbitrary PHP code via a URL in the current_user_id parameter to (1) familynews.php and (2) settings.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14965",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14965"
},
{
"name" : "http://packetstormsecurity.org/1009-exploits/fcms-rfi.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1009-exploits/fcms-rfi.txt"
},
{
"name" : "fcms-familynews-file-include(61722)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61722"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 2.2.3 allow remote attackers to execute arbitrary PHP code via a URL in the current_user_id parameter to (1) familynews.php and (2) settings.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14965",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14965"
},
{
"name": "http://packetstormsecurity.org/1009-exploits/fcms-rfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1009-exploits/fcms-rfi.txt"
},
{
"name": "fcms-familynews-file-include(61722)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61722"
}
]
}
}

130
2010/3xxx/CVE-2010-3542.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3542",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect confidentiality, related to USB."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-3542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name" : "TA10-287A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect confidentiality, related to USB."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name": "TA10-287A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
}
]
}
}

200
2010/3xxx/CVE-2010-3629.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3629",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3620."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-3629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html"
},
{
"name" : "GLSA-201101-08",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201101-08.xml"
},
{
"name" : "RHSA-2010:0743",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0743.html"
},
{
"name" : "SUSE-SA:2010:048",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html"
},
{
"name" : "SUSE-SR:2010:019",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"name" : "TA10-279A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-279A.html"
},
{
"name" : "oval:org.mitre.oval:def:7007",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7007"
},
{
"name" : "43025",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43025"
},
{
"name" : "ADV-2011-0191",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0191"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3620."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2010:048",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html"
},
{
"name": "ADV-2011-0191",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0191"
},
{
"name": "43025",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43025"
},
{
"name": "GLSA-201101-08",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201101-08.xml"
},
{
"name": "RHSA-2010:0743",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0743.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-21.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-21.html"
},
{
"name": "TA10-279A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-279A.html"
},
{
"name": "oval:org.mitre.oval:def:7007",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7007"
},
{
"name": "SUSE-SR:2010:019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
}
]
}
}

180
2010/3xxx/CVE-2010-3708.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3708",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote attackers to execute arbitrary code via a crafted static initializer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://issues.jboss.org/browse/SOA-2319",
"refsource" : "MISC",
"url" : "https://issues.jboss.org/browse/SOA-2319"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=633859",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=633859"
},
{
"name" : "RHSA-2010:0937",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0937.html"
},
{
"name" : "RHSA-2010:0938",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0938.html"
},
{
"name" : "RHSA-2010:0939",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0939.html"
},
{
"name" : "RHSA-2010:0940",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0940.html"
},
{
"name" : "1024813",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024813"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote attackers to execute arbitrary code via a crafted static initializer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2010:0940",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0940.html"
},
{
"name": "RHSA-2010:0938",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0938.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=633859",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=633859"
},
{
"name": "RHSA-2010:0937",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0937.html"
},
{
"name": "RHSA-2010:0939",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0939.html"
},
{
"name": "https://issues.jboss.org/browse/SOA-2319",
"refsource": "MISC",
"url": "https://issues.jboss.org/browse/SOA-2319"
},
{
"name": "1024813",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024813"
}
]
}
}

150
2010/3xxx/CVE-2010-3871.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3871",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in blocktype/groupviews/theme/raw/groupviews.tpl in Mahara before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://wiki.mahara.org/Release_Notes/1.3.3",
"refsource" : "CONFIRM",
"url" : "http://wiki.mahara.org/Release_Notes/1.3.3"
},
{
"name" : "44705",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44705"
},
{
"name" : "42152",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42152"
},
{
"name" : "mahara-groupviews-xss(63052)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63052"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in blocktype/groupviews/theme/raw/groupviews.tpl in Mahara before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mahara-groupviews-xss(63052)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63052"
},
{
"name": "http://wiki.mahara.org/Release_Notes/1.3.3",
"refsource": "CONFIRM",
"url": "http://wiki.mahara.org/Release_Notes/1.3.3"
},
{
"name": "42152",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42152"
},
{
"name": "44705",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44705"
}
]
}
}

170
2010/4xxx/CVE-2010-4757.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4757",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in submitnews.php in e107 before 0.7.23 allows remote attackers to inject arbitrary web script or HTML via the submitnews_title parameter, a different vector than CVE-2008-6208. NOTE: some of these details are obtained from third party information. NOTE: this might be the same as CVE-2009-4083.1 or CVE-2011-0457."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.madirish.net/?article=471",
"refsource" : "MISC",
"url" : "http://www.madirish.net/?article=471"
},
{
"name" : "http://e107.org/comment.php?comment.news.872",
"refsource" : "CONFIRM",
"url" : "http://e107.org/comment.php?comment.news.872"
},
{
"name" : "http://e107.org/svn_changelog.php?version=0.7.23",
"refsource" : "CONFIRM",
"url" : "http://e107.org/svn_changelog.php?version=0.7.23"
},
{
"name" : "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/newspost.php?r1=11655&r2=11654&pathrev=11655",
"refsource" : "CONFIRM",
"url" : "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/newspost.php?r1=11655&r2=11654&pathrev=11655"
},
{
"name" : "1024351",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024351"
},
{
"name" : "e107-submitnewstitle-xss(61331)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61331"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in submitnews.php in e107 before 0.7.23 allows remote attackers to inject arbitrary web script or HTML via the submitnews_title parameter, a different vector than CVE-2008-6208. NOTE: some of these details are obtained from third party information. NOTE: this might be the same as CVE-2009-4083.1 or CVE-2011-0457."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.madirish.net/?article=471",
"refsource": "MISC",
"url": "http://www.madirish.net/?article=471"
},
{
"name": "e107-submitnewstitle-xss(61331)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61331"
},
{
"name": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/newspost.php?r1=11655&r2=11654&pathrev=11655",
"refsource": "CONFIRM",
"url": "http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/newspost.php?r1=11655&r2=11654&pathrev=11655"
},
{
"name": "http://e107.org/svn_changelog.php?version=0.7.23",
"refsource": "CONFIRM",
"url": "http://e107.org/svn_changelog.php?version=0.7.23"
},
{
"name": "http://e107.org/comment.php?comment.news.872",
"refsource": "CONFIRM",
"url": "http://e107.org/comment.php?comment.news.872"
},
{
"name": "1024351",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024351"
}
]
}
}

190
2010/4xxx/CVE-2010-4819.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4819",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an \"input sanitization flaw.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4819",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110922 CVE Request: X.org ProcRenderGlyps input sanitation issue",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/09/22/8"
},
{
"name" : "[oss-security] 20110923 Re: CVE Request: X.org ProcRenderGlyps input sanitation issue",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/09/23/5"
},
{
"name" : "http://aix.software.ibm.com/aix/efixes/security/X_advisory2.asc",
"refsource" : "CONFIRM",
"url" : "http://aix.software.ibm.com/aix/efixes/security/X_advisory2.asc"
},
{
"name" : "http://cgit.freedesktop.org/xorg/xserver/commit/render/render.c?id=5725849a1b427cd4a72b84e57f211edb35838718",
"refsource" : "CONFIRM",
"url" : "http://cgit.freedesktop.org/xorg/xserver/commit/render/render.c?id=5725849a1b427cd4a72b84e57f211edb35838718"
},
{
"name" : "https://bugs.freedesktop.org/show_bug.cgi?id=28801",
"refsource" : "CONFIRM",
"url" : "https://bugs.freedesktop.org/show_bug.cgi?id=28801"
},
{
"name" : "RHSA-2011:1359",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2011-1359.html"
},
{
"name" : "RHSA-2011:1360",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2011-1360.html"
},
{
"name" : "1026149",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1026149"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an \"input sanitization flaw.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110923 Re: CVE Request: X.org ProcRenderGlyps input sanitation issue",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/09/23/5"
},
{
"name": "RHSA-2011:1359",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2011-1359.html"
},
{
"name": "RHSA-2011:1360",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2011-1360.html"
},
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=28801",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=28801"
},
{
"name": "http://cgit.freedesktop.org/xorg/xserver/commit/render/render.c?id=5725849a1b427cd4a72b84e57f211edb35838718",
"refsource": "CONFIRM",
"url": "http://cgit.freedesktop.org/xorg/xserver/commit/render/render.c?id=5725849a1b427cd4a72b84e57f211edb35838718"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/X_advisory2.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/X_advisory2.asc"
},
{
"name": "1026149",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1026149"
},
{
"name": "[oss-security] 20110922 CVE Request: X.org ProcRenderGlyps input sanitation issue",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/09/22/8"
}
]
}
}

140
2014/0xxx/CVE-2014-0783.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0783",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in BKHOdeq.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01",
"refsource" : "MISC",
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01"
},
{
"name" : "https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities",
"refsource" : "MISC",
"url" : "https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities"
},
{
"name" : "66111",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66111"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in BKHOdeq.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01"
},
{
"name": "66111",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66111"
},
{
"name": "https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities"
}
]
}
}

140
2014/10xxx/CVE-2014-10022.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-10022",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via unspecified vectors, related to internal buffer sizing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-10022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[trafficserver-users] 20141216 [ANNOUNCE] Apache Traffic Server 5.1.2 is released",
"refsource" : "MLIST",
"url" : "http://mail-archives.apache.org/mod_mbox/trafficserver-users/201412.mbox/browser"
},
{
"name" : "https://issues.apache.org/jira/browse/TS-3223",
"refsource" : "CONFIRM",
"url" : "https://issues.apache.org/jira/browse/TS-3223"
},
{
"name" : "1031499",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031499"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via unspecified vectors, related to internal buffer sizing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.apache.org/jira/browse/TS-3223",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/TS-3223"
},
{
"name": "1031499",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031499"
},
{
"name": "[trafficserver-users] 20141216 [ANNOUNCE] Apache Traffic Server 5.1.2 is released",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/trafficserver-users/201412.mbox/browser"
}
]
}
}

180
2014/3xxx/CVE-2014-3620.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3620",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://curl.haxx.se/docs/adv_20140910B.html",
"refsource" : "CONFIRM",
"url" : "http://curl.haxx.se/docs/adv_20140910B.html"
},
{
"name" : "https://support.apple.com/kb/HT205031",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT205031"
},
{
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743",
"refsource" : "CONFIRM",
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743"
},
{
"name" : "APPLE-SA-2015-08-13-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name" : "DSA-3022",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3022"
},
{
"name" : "openSUSE-SU-2014:1139",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00024.html"
},
{
"name" : "69742",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69742"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69742",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69742"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "http://curl.haxx.se/docs/adv_20140910B.html",
"refsource": "CONFIRM",
"url": "http://curl.haxx.se/docs/adv_20140910B.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743"
},
{
"name": "openSUSE-SU-2014:1139",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00024.html"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "DSA-3022",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3022"
}
]
}
}

150
2014/4xxx/CVE-2014-4067.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4067",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2796, CVE-2014-2808, CVE-2014-2825, CVE-2014-4050, and CVE-2014-4055."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-4067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-051",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051"
},
{
"name" : "69134",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69134"
},
{
"name" : "1030715",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030715"
},
{
"name" : "60670",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60670"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2796, CVE-2014-2808, CVE-2014-2825, CVE-2014-4050, and CVE-2014-4055."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69134",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69134"
},
{
"name": "1030715",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030715"
},
{
"name": "MS14-051",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051"
},
{
"name": "60670",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60670"
}
]
}
}

120
2014/4xxx/CVE-2014-4580.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4580",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in blipbot.ajax.php in the WP BlipBot plugin 3.0.9 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the BlipBotID parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://codevigilant.com/disclosure/wp-plugin-wp-blipbot-a3-cross-site-scripting-xss",
"refsource" : "MISC",
"url" : "http://codevigilant.com/disclosure/wp-plugin-wp-blipbot-a3-cross-site-scripting-xss"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in blipbot.ajax.php in the WP BlipBot plugin 3.0.9 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the BlipBotID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://codevigilant.com/disclosure/wp-plugin-wp-blipbot-a3-cross-site-scripting-xss",
"refsource": "MISC",
"url": "http://codevigilant.com/disclosure/wp-plugin-wp-blipbot-a3-cross-site-scripting-xss"
}
]
}
}

200
2014/4xxx/CVE-2014-4615.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4615",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140623 CVE request for vulnerability in OpenStack Neutron, Ceilometer and pyCADF library",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/06/23/8"
},
{
"name" : "[oss-security] 20140624 Re: CVE request for vulnerability in OpenStack Neutron, Ceilometer and pyCADF library",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/06/24/6"
},
{
"name" : "[oss-security] 20140625 [OSSA 2014-021] User token leak to message queue in pyCADF notifier middleware (CVE-2014-4615)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/06/25/6"
},
{
"name" : "RHSA-2014:1050",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1050.html"
},
{
"name" : "USN-2311-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2311-1"
},
{
"name" : "68149",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68149"
},
{
"name" : "60643",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60643"
},
{
"name" : "60736",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60736"
},
{
"name" : "60766",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60766"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68149",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68149"
},
{
"name": "[oss-security] 20140625 [OSSA 2014-021] User token leak to message queue in pyCADF notifier middleware (CVE-2014-4615)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/06/25/6"
},
{
"name": "60766",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60766"
},
{
"name": "[oss-security] 20140623 CVE request for vulnerability in OpenStack Neutron, Ceilometer and pyCADF library",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/06/23/8"
},
{
"name": "[oss-security] 20140624 Re: CVE request for vulnerability in OpenStack Neutron, Ceilometer and pyCADF library",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/06/24/6"
},
{
"name": "USN-2311-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2311-1"
},
{
"name": "60736",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60736"
},
{
"name": "RHSA-2014:1050",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1050.html"
},
{
"name": "60643",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60643"
}
]
}
}

150
2014/4xxx/CVE-2014-4761.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4761",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to discover credentials by reading HTML source code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21684652",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21684652"
},
{
"name" : "PI22104",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI22104"
},
{
"name" : "61126",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61126"
},
{
"name" : "ibm-wsportal-cve20144761-html(94658)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94658"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to discover credentials by reading HTML source code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PI22104",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI22104"
},
{
"name": "61126",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61126"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21684652",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684652"
},
{
"name": "ibm-wsportal-cve20144761-html(94658)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94658"
}
]
}
}

150
2014/8xxx/CVE-2014-8632.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8632",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2014-8632",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-91.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-91.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1050340",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1050340"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "GLSA-201504-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201504-01"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201504-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "http://www.mozilla.org/security/announce/2014/mfsa2014-91.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-91.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1050340",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1050340"
}
]
}
}

270
2014/8xxx/CVE-2014-8642.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8642",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which there was an incorrect decision to accept a compromised and revoked certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2014-8642",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2014/mfsa2015-08.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2014/mfsa2015-08.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1079658",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1079658"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "GLSA-201504-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201504-01"
},
{
"name" : "openSUSE-SU-2015:0077",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html"
},
{
"name" : "openSUSE-SU-2015:0192",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html"
},
{
"name" : "72042",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72042"
},
{
"name" : "1031533",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031533"
},
{
"name" : "62242",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62242"
},
{
"name" : "62250",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62250"
},
{
"name" : "62446",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62446"
},
{
"name" : "62790",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62790"
},
{
"name" : "62253",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62253"
},
{
"name" : "62316",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62316"
},
{
"name" : "62418",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62418"
},
{
"name" : "firefox-cve20148642-sec-bypass(99963)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99963"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which there was an incorrect decision to accept a compromised and revoked certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62242",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62242"
},
{
"name": "1031533",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031533"
},
{
"name": "openSUSE-SU-2015:0192",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html"
},
{
"name": "62250",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62250"
},
{
"name": "firefox-cve20148642-sec-bypass(99963)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99963"
},
{
"name": "openSUSE-SU-2015:0077",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html"
},
{
"name": "62418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62418"
},
{
"name": "62316",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62316"
},
{
"name": "GLSA-201504-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1079658",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1079658"
},
{
"name": "62790",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62790"
},
{
"name": "62446",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62446"
},
{
"name": "72042",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72042"
},
{
"name": "62253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62253"
},
{
"name": "http://www.mozilla.org/security/announce/2014/mfsa2015-08.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2014/mfsa2015-08.html"
}
]
}
}

34
2014/8xxx/CVE-2014-8963.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8963",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8963",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/8xxx/CVE-2014-8970.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8970",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-8970",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

130
2014/9xxx/CVE-2014-9024.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9024",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Protected Pages module 7.x-2.x before 7.x-2.4 for Drupal allows remote attackers to bypass the password protection via a crafted path."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.drupal.org/node/2378279",
"refsource" : "MISC",
"url" : "https://www.drupal.org/node/2378279"
},
{
"name" : "https://www.drupal.org/node/2353451",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2353451"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Protected Pages module 7.x-2.x before 7.x-2.4 for Drupal allows remote attackers to bypass the password protection via a crafted path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2353451",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2353451"
},
{
"name": "https://www.drupal.org/node/2378279",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2378279"
}
]
}
}

130
2014/9xxx/CVE-2014-9203.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9203",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Field Device Tool (FDT) Frame application in the HART Device Type Manager (DTM) library, as used in MACTek Bullet DTM 1.00.0, GE Vector DTM 1.00.0, GE SVi1000 Positioner DTM 1.00.0, GE SVI II AP Positioner DTM 2.00.1, and GE 12400 Level Transmitter DTM 1.00.0, allows remote attackers to cause a denial of service (DTM outage) via crafted packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-9203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-036-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-036-01"
},
{
"name" : "http://www.geoilandgas.com/securityadvisory",
"refsource" : "CONFIRM",
"url" : "http://www.geoilandgas.com/securityadvisory"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Field Device Tool (FDT) Frame application in the HART Device Type Manager (DTM) library, as used in MACTek Bullet DTM 1.00.0, GE Vector DTM 1.00.0, GE SVi1000 Positioner DTM 1.00.0, GE SVI II AP Positioner DTM 2.00.1, and GE 12400 Level Transmitter DTM 1.00.0, allows remote attackers to cause a denial of service (DTM outage) via crafted packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.geoilandgas.com/securityadvisory",
"refsource": "CONFIRM",
"url": "http://www.geoilandgas.com/securityadvisory"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-036-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-036-01"
}
]
}
}

130
2014/9xxx/CVE-2014-9437.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9437",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the Sliding Social Icons plugin 1.61 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_social_slider_margin parameter in a wpbs_save_settings action in the wpbs_panel page to wp-admin/admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/129509",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129509"
},
{
"name" : "slidingsocial-wp-scsocialslidermarg-csrf(99510)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99510"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Sliding Social Icons plugin 1.61 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_social_slider_margin parameter in a wpbs_save_settings action in the wpbs_panel page to wp-admin/admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "slidingsocial-wp-scsocialslidermarg-csrf(99510)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99510"
},
{
"name": "http://packetstormsecurity.com/files/129509",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129509"
}
]
}
}

34
2014/9xxx/CVE-2014-9545.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9545",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9545",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/9xxx/CVE-2014-9775.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9775",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9775",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2016/2xxx/CVE-2016-2439.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2439",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in btif/src/btif_dm.c in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows remote attackers to execute arbitrary code via a long PIN value, aka internal bug 27411268."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-2439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-05-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-05-01.html"
},
{
"name" : "https://android.googlesource.com/platform/system/bt/+/9b534de2aca5d790c2a1c4d76b545f16137d95dd",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/system/bt/+/9b534de2aca5d790c2a1c4d76b545f16137d95dd"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in btif/src/btif_dm.c in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows remote attackers to execute arbitrary code via a long PIN value, aka internal bug 27411268."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-05-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-05-01.html"
},
{
"name": "https://android.googlesource.com/platform/system/bt/+/9b534de2aca5d790c2a1c4d76b545f16137d95dd",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/system/bt/+/9b534de2aca5d790c2a1c4d76b545f16137d95dd"
}
]
}
}

34
2016/2xxx/CVE-2016-2760.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2760",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2760",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

140
2016/2xxx/CVE-2016-2901.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2901",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983974",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983974"
},
{
"name" : "PI62594",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI62594"
},
{
"name" : "1036143",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036143"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PI62594",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI62594"
},
{
"name": "1036143",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036143"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21983974",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983974"
}
]
}
}

290
2016/3xxx/CVE-2016-3627.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3627",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160503 CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser)",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/May/10"
},
{
"name" : "[oss-security] 20160321 CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/03/21/2"
},
{
"name" : "[oss-security] 20160321 Re: CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/03/21/3"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10170",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10170"
},
{
"name" : "https://www.tenable.com/security/tns-2016-18",
"refsource" : "CONFIRM",
"url" : "https://www.tenable.com/security/tns-2016-18"
},
{
"name" : "DSA-3593",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2016/dsa-3593"
},
{
"name" : "GLSA-201701-37",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-37"
},
{
"name" : "RHSA-2016:1292",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:1292"
},
{
"name" : "RHSA-2016:2957",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"name" : "openSUSE-SU-2016:1298",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html"
},
{
"name" : "openSUSE-SU-2016:1446",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html"
},
{
"name" : "USN-2994-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2994-1"
},
{
"name" : "84992",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/84992"
},
{
"name" : "1035335",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035335"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160503 CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/May/10"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10170",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10170"
},
{
"name": "openSUSE-SU-2016:1446",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html"
},
{
"name": "openSUSE-SU-2016:1298",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html"
},
{
"name": "RHSA-2016:1292",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1292"
},
{
"name": "[oss-security] 20160321 CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/03/21/2"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "DSA-3593",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2016/dsa-3593"
},
{
"name": "1035335",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035335"
},
{
"name": "USN-2994-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2994-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "84992",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84992"
},
{
"name": "https://www.tenable.com/security/tns-2016-18",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-18"
},
{
"name": "RHSA-2016:2957",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"name": "GLSA-201701-37",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-37"
},
{
"name": "[oss-security] 20160321 Re: CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/03/21/3"
}
]
}
}

160
2016/3xxx/CVE-2016-3644.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3644",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via modified MIME data in a message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2016-3644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "40034",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40034/"
},
{
"name" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00",
"refsource" : "CONFIRM",
"url" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00"
},
{
"name" : "91431",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91431"
},
{
"name" : "1036198",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036198"
},
{
"name" : "1036199",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036199"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via modified MIME data in a message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036199",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036199"
},
{
"name": "1036198",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036198"
},
{
"name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00"
},
{
"name": "91431",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91431"
},
{
"name": "40034",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40034/"
}
]
}
}

130
2016/3xxx/CVE-2016-3815.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3815",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28522274."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
"refsource" : "CONFIRM",
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28522274."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
}
]
}
}

150
2016/3xxx/CVE-2016-3909.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3909",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SoftMPEG4 component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30033990."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-10-01.html"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/av/+/c48ef757cc50906e8726a3bebc3b60716292cdba",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/av/+/c48ef757cc50906e8726a3bebc3b60716292cdba"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/av/+/d4271b792bdad85a80e2b83ab34c4b30b74f53ec",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/av/+/d4271b792bdad85a80e2b83ab34c4b30b74f53ec"
},
{
"name" : "93296",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93296"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SoftMPEG4 component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30033990."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93296",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93296"
},
{
"name": "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-10-01.html"
},
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/c48ef757cc50906e8726a3bebc3b60716292cdba",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/c48ef757cc50906e8726a3bebc3b60716292cdba"
},
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/d4271b792bdad85a80e2b83ab34c4b30b74f53ec",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/d4271b792bdad85a80e2b83ab34c4b30b74f53ec"
}
]
}
}

260
2016/6xxx/CVE-2016-6308.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"ID" : "CVE-2016-6308",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-6308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://git.openssl.org/?p=openssl.git;a=commit;h=df6b5e29ffea2d5a3e08de92fb765fdb21c7a21e",
"refsource" : "CONFIRM",
"url" : "https://git.openssl.org/?p=openssl.git;a=commit;h=df6b5e29ffea2d5a3e08de92fb765fdb21c7a21e"
},
{
"name" : "https://www.openssl.org/news/secadv/20160922.txt",
"refsource" : "CONFIRM",
"url" : "https://www.openssl.org/news/secadv/20160922.txt"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
"refsource" : "CONFIRM",
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"
},
{
"name" : "https://bto.bluecoat.com/security-advisory/sa132",
"refsource" : "CONFIRM",
"url" : "https://bto.bluecoat.com/security-advisory/sa132"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"name" : "https://www.tenable.com/security/tns-2016-16",
"refsource" : "CONFIRM",
"url" : "https://www.tenable.com/security/tns-2016-16"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name" : "https://www.tenable.com/security/tns-2016-20",
"refsource" : "CONFIRM",
"url" : "https://www.tenable.com/security/tns-2016-20"
},
{
"name" : "https://www.tenable.com/security/tns-2016-21",
"refsource" : "CONFIRM",
"url" : "https://www.tenable.com/security/tns-2016-21"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name" : "93151",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93151"
},
{
"name" : "1036885",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036885"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openssl.org/news/secadv/20160922.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv/20160922.txt"
},
{
"name": "https://www.tenable.com/security/tns-2016-20",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"name": "93151",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93151"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "https://git.openssl.org/?p=openssl.git;a=commit;h=df6b5e29ffea2d5a3e08de92fb765fdb21c7a21e",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/?p=openssl.git;a=commit;h=df6b5e29ffea2d5a3e08de92fb765fdb21c7a21e"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"name": "1036885",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036885"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "https://www.tenable.com/security/tns-2016-16",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-16"
},
{
"name": "https://www.tenable.com/security/tns-2016-21",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-21"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa132",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa132"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"
}
]
}
}

150
2016/6xxx/CVE-2016-6619.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6619",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in phpMyAdmin. In the user interface preference feature, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6619",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180706 [SECURITY] [DLA 1415-1] phpmyadmin security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html"
},
{
"name" : "https://www.phpmyadmin.net/security/PMASA-2016-42",
"refsource" : "CONFIRM",
"url" : "https://www.phpmyadmin.net/security/PMASA-2016-42"
},
{
"name" : "GLSA-201701-32",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-32"
},
{
"name" : "95048",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95048"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in phpMyAdmin. In the user interface preference feature, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95048",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95048"
},
{
"name": "[debian-lts-announce] 20180706 [SECURITY] [DLA 1415-1] phpmyadmin security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html"
},
{
"name": "https://www.phpmyadmin.net/security/PMASA-2016-42",
"refsource": "CONFIRM",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-42"
},
{
"name": "GLSA-201701-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-32"
}
]
}
}

130
2016/6xxx/CVE-2016-6852.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6852",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Users can provide local file paths to the RSS reader; the response and error code give hints about whether the provided file exists or not. Attackers may discover specific system files or library versions on the middleware server to prepare further attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf",
"refsource" : "CONFIRM",
"url" : "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
},
{
"name" : "93459",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93459"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Users can provide local file paths to the RSS reader; the response and error code give hints about whether the provided file exists or not. Attackers may discover specific system files or library versions on the middleware server to prepare further attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf",
"refsource": "CONFIRM",
"url": "https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf"
},
{
"name": "93459",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93459"
}
]
}
}

34
2016/7xxx/CVE-2016-7104.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7104",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7104",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2016/7xxx/CVE-2016-7381.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@nvidia.com",
"ID" : "CVE-2016-7381",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Quadro, NVS, and GeForce (all versions)",
"version" : {
"version_data" : [
{
"version_value" : "Quadro, NVS, and GeForce (all versions)"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a user input to index an array is not bounds checked, leading to denial of service or potential escalation of privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Overflow"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2016-7381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Quadro, NVS, and GeForce (all versions)",
"version": {
"version_data": [
{
"version_value": "Quadro, NVS, and GeForce (all versions)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4247",
"refsource" : "CONFIRM",
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4247"
},
{
"name" : "https://support.lenovo.com/us/en/solutions/LEN-10822",
"refsource" : "CONFIRM",
"url" : "https://support.lenovo.com/us/en/solutions/LEN-10822"
},
{
"name" : "94172",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94172"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a user input to index an array is not bounds checked, leading to denial of service or potential escalation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94172",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94172"
},
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-10822",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-10822"
},
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4247",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4247"
}
]
}
}

140
2016/7xxx/CVE-2016-7458.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@vmware.com",
"ID" : "CVE-2016-7458",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2016-7458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2016-0022.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2016-0022.html"
},
{
"name" : "94483",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94483"
},
{
"name" : "1037328",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037328"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2016-0022.html"
},
{
"name": "94483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94483"
},
{
"name": "1037328",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037328"
}
]
}
}

170
2016/7xxx/CVE-2016-7644.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2016-7644",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-7644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "40931",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40931/"
},
{
"name" : "https://support.apple.com/HT207422",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207422"
},
{
"name" : "https://support.apple.com/HT207423",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207423"
},
{
"name" : "https://support.apple.com/HT207487",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207487"
},
{
"name" : "94904",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94904"
},
{
"name" : "1037469",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037469"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT207487",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207487"
},
{
"name": "40931",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40931/"
},
{
"name": "https://support.apple.com/HT207422",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207422"
},
{
"name": "1037469",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037469"
},
{
"name": "94904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94904"
},
{
"name": "https://support.apple.com/HT207423",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207423"
}
]
}
}