admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:00:10 +00:00
parent 4ca3c216ca
commit b264d0f046
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
50 changed files with 3633 additions and 3633 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
2006/1xxx/CVE-2006-1139.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1139",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the ESS/ Network Controller in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, causes the Immediate Image Overwrite feature to fail after a power loss, which could leave data exposed to attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_002.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_002.pdf"
},
{
"name" : "ADV-2006-0857",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0857"
},
{
"name" : "23728",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23728"
},
{
"name" : "1015738",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015738"
},
{
"name" : "19146",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19146"
},
{
"name" : "xerox-image-overwrite-dos(25176)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25176"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the ESS/ Network Controller in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, causes the Immediate Image Overwrite feature to fail after a power loss, which could leave data exposed to attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_002.pdf",
"refsource": "CONFIRM",
"url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_002.pdf"
},
{
"name": "ADV-2006-0857",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0857"
},
{
"name": "19146",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19146"
},
{
"name": "xerox-image-overwrite-dos(25176)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25176"
},
{
"name": "23728",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23728"
},
{
"name": "1015738",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015738"
}
]
}
}

210
2006/1xxx/CVE-2006-1290.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1290",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) ipAddress, (2) act, (3) username, and (4) unspecified other parameters in (a) authuser.php; and the (5) username and (6) unspecified other parameters in (b) userstatistics.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060316 Milkeyway Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/427890/100/0/threaded"
},
{
"name" : "http://www.ush.it/team/ascii/hack-milkeway/milkeyway.txt",
"refsource" : "MISC",
"url" : "http://www.ush.it/team/ascii/hack-milkeway/milkeyway.txt"
},
{
"name" : "http://www.ush.it/team/ascii/hack-milkeway/advisory.txt",
"refsource" : "MISC",
"url" : "http://www.ush.it/team/ascii/hack-milkeway/advisory.txt"
},
{
"name" : "17127",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17127"
},
{
"name" : "ADV-2006-0968",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0968"
},
{
"name" : "23932",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23932"
},
{
"name" : "23933",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23933"
},
{
"name" : "1015778",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015778"
},
{
"name" : "19258",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19258"
},
{
"name" : "milkeyway-multiple-xss(25288)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25288"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) ipAddress, (2) act, (3) username, and (4) unspecified other parameters in (a) authuser.php; and the (5) username and (6) unspecified other parameters in (b) userstatistics.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060316 Milkeyway Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427890/100/0/threaded"
},
{
"name": "1015778",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015778"
},
{
"name": "23933",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23933"
},
{
"name": "milkeyway-multiple-xss(25288)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25288"
},
{
"name": "17127",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17127"
},
{
"name": "http://www.ush.it/team/ascii/hack-milkeway/advisory.txt",
"refsource": "MISC",
"url": "http://www.ush.it/team/ascii/hack-milkeway/advisory.txt"
},
{
"name": "ADV-2006-0968",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0968"
},
{
"name": "http://www.ush.it/team/ascii/hack-milkeway/milkeyway.txt",
"refsource": "MISC",
"url": "http://www.ush.it/team/ascii/hack-milkeway/milkeyway.txt"
},
{
"name": "23932",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23932"
},
{
"name": "19258",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19258"
}
]
}
}

160
2006/5xxx/CVE-2006-5031.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5031",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with \"%00\" and a .js filename."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.gulftech.org/?node=research&article_id=00114-09212006",
"refsource" : "MISC",
"url" : "http://www.gulftech.org/?node=research&article_id=00114-09212006"
},
{
"name" : "http://cakeforge.org/frs/shownotes.php?release_id=134",
"refsource" : "CONFIRM",
"url" : "http://cakeforge.org/frs/shownotes.php?release_id=134"
},
{
"name" : "20150",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20150"
},
{
"name" : "22040",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22040"
},
{
"name" : "cakephp-vendors-information-disclosure(29115)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29115"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with \"%00\" and a .js filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cakephp-vendors-information-disclosure(29115)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29115"
},
{
"name": "22040",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22040"
},
{
"name": "http://www.gulftech.org/?node=research&article_id=00114-09212006",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research&article_id=00114-09212006"
},
{
"name": "http://cakeforge.org/frs/shownotes.php?release_id=134",
"refsource": "CONFIRM",
"url": "http://cakeforge.org/frs/shownotes.php?release_id=134"
},
{
"name": "20150",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20150"
}
]
}
}

160
2006/5xxx/CVE-2006-5182.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5182",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in frontpage.php in Dan Jensen Travelsized CMS 0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2471",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2471"
},
{
"name" : "20321",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20321"
},
{
"name" : "ADV-2006-3897",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3897"
},
{
"name" : "22194",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22194"
},
{
"name" : "travelsized-frontpage-file-include(29337)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29337"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in frontpage.php in Dan Jensen Travelsized CMS 0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22194",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22194"
},
{
"name": "travelsized-frontpage-file-include(29337)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29337"
},
{
"name": "20321",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20321"
},
{
"name": "2471",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2471"
},
{
"name": "ADV-2006-3897",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3897"
}
]
}
}

170
2006/5xxx/CVE-2006-5409.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5409",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in the wireless IDS management interface for Highwall Enterprise and Highwall Endpoint 4.0.2.11045 allow remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061018 Multiple vulnerabilities in Highwall Enterprise and Highwall Endpoint management interface",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/449118/100/0/threaded"
},
{
"name" : "20605",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20605"
},
{
"name" : "ADV-2006-4132",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4132"
},
{
"name" : "29917",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29917"
},
{
"name" : "1017091",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017091"
},
{
"name" : "22494",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22494"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the wireless IDS management interface for Highwall Enterprise and Highwall Endpoint 4.0.2.11045 allow remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29917",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29917"
},
{
"name": "20605",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20605"
},
{
"name": "ADV-2006-4132",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4132"
},
{
"name": "20061018 Multiple vulnerabilities in Highwall Enterprise and Highwall Endpoint management interface",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449118/100/0/threaded"
},
{
"name": "22494",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22494"
},
{
"name": "1017091",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017091"
}
]
}
}

150
2006/5xxx/CVE-2006-5635.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5635",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in forum/search.asp in Web Wiz Forums allows remote attackers to execute arbitrary SQL commands via the KW parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061028 SQL in WebWizForum by almaster hacker",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/450034/100/0/threaded"
},
{
"name" : "20778",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20778"
},
{
"name" : "1801",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1801"
},
{
"name" : "webwizforum-search-sql-injection(29898)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29898"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in forum/search.asp in Web Wiz Forums allows remote attackers to execute arbitrary SQL commands via the KW parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1801",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1801"
},
{
"name": "20061028 SQL in WebWizForum by almaster hacker",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450034/100/0/threaded"
},
{
"name": "webwizforum-search-sql-injection(29898)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29898"
},
{
"name": "20778",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20778"
}
]
}
}

160
2006/5xxx/CVE-2006-5801.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5801",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The owserver module in owfs and owhttpd 2.5p5 and earlier does not properly check the path type, which allows attackers to cause a denial of service (application crash) related to use of the path in owshell."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=461204",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=461204"
},
{
"name" : "20953",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20953"
},
{
"name" : "ADV-2006-4381",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4381"
},
{
"name" : "22700",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22700"
},
{
"name" : "owfs-owserver-dos(30080)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30080"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The owserver module in owfs and owhttpd 2.5p5 and earlier does not properly check the path type, which allows attackers to cause a denial of service (application crash) related to use of the path in owshell."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "owfs-owserver-dos(30080)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30080"
},
{
"name": "ADV-2006-4381",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4381"
},
{
"name": "20953",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20953"
},
{
"name": "22700",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22700"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=461204",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=461204"
}
]
}
}

170
2006/5xxx/CVE-2006-5845.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5845",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in index.php in Speedywiki 2.0 allows remote authenticated users to upload and execute arbitrary PHP code by setting the upload parameter to 1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061108 Speedwiki 2.0 Arbitrary File Upload Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=116302805802656&w=2"
},
{
"name" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=9",
"refsource" : "MISC",
"url" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=9"
},
{
"name" : "ADV-2006-4421",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4421"
},
{
"name" : "1017201",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017201"
},
{
"name" : "22788",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22788"
},
{
"name" : "speedwiki-index-file-upload(30131)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30131"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in index.php in Speedywiki 2.0 allows remote authenticated users to upload and execute arbitrary PHP code by setting the upload parameter to 1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061108 Speedwiki 2.0 Arbitrary File Upload Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=116302805802656&w=2"
},
{
"name": "speedwiki-index-file-upload(30131)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30131"
},
{
"name": "22788",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22788"
},
{
"name": "ADV-2006-4421",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4421"
},
{
"name": "http://s-a-p.ca/index.php?page=OurAdvisories&id=9",
"refsource": "MISC",
"url": "http://s-a-p.ca/index.php?page=OurAdvisories&id=9"
},
{
"name": "1017201",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017201"
}
]
}
}

170
2007/2xxx/CVE-2007-2098.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2098",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in showpic.php in Wabbit PHP Gallery 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) pic and (2) gal parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070416 Wabbit PHP Gallery v0.9 Cross Site Scripting",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/465985/100/0/threaded"
},
{
"name" : "23526",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23526"
},
{
"name" : "34994",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/34994"
},
{
"name" : "24943",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24943"
},
{
"name" : "2574",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2574"
},
{
"name" : "wabbit-showpic-xss(33717)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33717"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in showpic.php in Wabbit PHP Gallery 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) pic and (2) gal parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2574",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2574"
},
{
"name": "24943",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24943"
},
{
"name": "20070416 Wabbit PHP Gallery v0.9 Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465985/100/0/threaded"
},
{
"name": "34994",
"refsource": "OSVDB",
"url": "http://osvdb.org/34994"
},
{
"name": "wabbit-showpic-xss(33717)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33717"
},
{
"name": "23526",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23526"
}
]
}
}

170
2007/2xxx/CVE-2007-2181.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2181",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in admin/login.php in Webinsta FM Manager 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter, a different product and vector than CVE-2005-0748."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3778",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3778"
},
{
"name" : "23592",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23592"
},
{
"name" : "ADV-2007-1494",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1494"
},
{
"name" : "35261",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35261"
},
{
"name" : "24958",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24958"
},
{
"name" : "webinstafm-login-file-include(33793)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33793"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in admin/login.php in Webinsta FM Manager 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter, a different product and vector than CVE-2005-0748."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3778",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3778"
},
{
"name": "webinstafm-login-file-include(33793)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33793"
},
{
"name": "ADV-2007-1494",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1494"
},
{
"name": "23592",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23592"
},
{
"name": "24958",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24958"
},
{
"name": "35261",
"refsource": "OSVDB",
"url": "http://osvdb.org/35261"
}
]
}
}

160
2007/2xxx/CVE-2007-2211.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2211",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3780",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3780"
},
{
"name" : "23612",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23612"
},
{
"name" : "ADV-2007-1510",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1510"
},
{
"name" : "24967",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24967"
},
{
"name" : "mybb-calendar-sql-injection(33814)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33814"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23612",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23612"
},
{
"name": "ADV-2007-1510",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1510"
},
{
"name": "24967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24967"
},
{
"name": "3780",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3780"
},
{
"name": "mybb-calendar-sql-injection(33814)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33814"
}
]
}
}

130
2007/2xxx/CVE-2007-2678.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2678",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the isChecked function in toolbar.dll in Netsprint Toolbar 1.1 might allow remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070417 Netsprint Toolbar 1.1 arbitrary remote code vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/465980/100/0/threaded"
},
{
"name" : "20070417 Re: Netsprint Toolbar 1.1 arbitrary remote code vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/465992/100/0/threaded"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the isChecked function in toolbar.dll in Netsprint Toolbar 1.1 might allow remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070417 Re: Netsprint Toolbar 1.1 arbitrary remote code vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465992/100/0/threaded"
},
{
"name": "20070417 Netsprint Toolbar 1.1 arbitrary remote code vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465980/100/0/threaded"
}
]
}
}

190
2007/2xxx/CVE-2007-2808.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2808",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels-team.blogspot.com/2007/05/blog-post.html",
"refsource" : "MISC",
"url" : "http://pridels-team.blogspot.com/2007/05/blog-post.html"
},
{
"name" : "DSA-1486",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1486"
},
{
"name" : "24081",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24081"
},
{
"name" : "36224",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36224"
},
{
"name" : "ADV-2007-1886",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1886"
},
{
"name" : "25333",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25333"
},
{
"name" : "28743",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28743"
},
{
"name" : "gnats-gnatsweb-xss(34392)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34392"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36224",
"refsource": "OSVDB",
"url": "http://osvdb.org/36224"
},
{
"name": "25333",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25333"
},
{
"name": "28743",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28743"
},
{
"name": "24081",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24081"
},
{
"name": "DSA-1486",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1486"
},
{
"name": "gnats-gnatsweb-xss(34392)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34392"
},
{
"name": "http://pridels-team.blogspot.com/2007/05/blog-post.html",
"refsource": "MISC",
"url": "http://pridels-team.blogspot.com/2007/05/blog-post.html"
},
{
"name": "ADV-2007-1886",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1886"
}
]
}
}

180
2007/2xxx/CVE-2007-2835.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2835",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in (1) CCE_pinyin.c and (2) xl_pinyin.c in ImmModules/cce/ in unicon-imc2 3.0.4, as used by zhcon and other applications, allow local users to gain privileges via a long HOME environment variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=431336",
"refsource" : "MISC",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=431336"
},
{
"name" : "DSA-1328",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2007/dsa-1328"
},
{
"name" : "24719",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24719"
},
{
"name" : "37794",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37794"
},
{
"name" : "25912",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25912"
},
{
"name" : "25910",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25910"
},
{
"name" : "uniconimc2-ccepinyin-xlpinyin-bo(35382)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35382"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in (1) CCE_pinyin.c and (2) xl_pinyin.c in ImmModules/cce/ in unicon-imc2 3.0.4, as used by zhcon and other applications, allow local users to gain privileges via a long HOME environment variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=431336",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=431336"
},
{
"name": "uniconimc2-ccepinyin-xlpinyin-bo(35382)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35382"
},
{
"name": "25912",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25912"
},
{
"name": "24719",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24719"
},
{
"name": "25910",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25910"
},
{
"name": "DSA-1328",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1328"
},
{
"name": "37794",
"refsource": "OSVDB",
"url": "http://osvdb.org/37794"
}
]
}
}

200
2007/2xxx/CVE-2007-2955.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2955",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified \"input validation error\" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList property to AxSysListView32 and (2) Anomaly property to AxSysListView32OAA."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2007-2955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://secunia.com/secunia_research/2007-53/advisory/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2007-53/advisory/"
},
{
"name" : "http://www.symantec.com/avcenter/security/Content/2007.08.09.html",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/avcenter/security/Content/2007.08.09.html"
},
{
"name" : "24983",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24983"
},
{
"name" : "ADV-2007-2822",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2822"
},
{
"name" : "1018545",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018545"
},
{
"name" : "1018546",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018546"
},
{
"name" : "1018547",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018547"
},
{
"name" : "25215",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25215"
},
{
"name" : "symantec-navcomui-code-execution(35944)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35944"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified \"input validation error\" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList property to AxSysListView32 and (2) Anomaly property to AxSysListView32OAA."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "symantec-navcomui-code-execution(35944)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35944"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2007.08.09.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2007.08.09.html"
},
{
"name": "1018547",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018547"
},
{
"name": "http://secunia.com/secunia_research/2007-53/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2007-53/advisory/"
},
{
"name": "ADV-2007-2822",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2822"
},
{
"name": "25215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25215"
},
{
"name": "1018546",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018546"
},
{
"name": "24983",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24983"
},
{
"name": "1018545",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018545"
}
]
}
}

150
2007/6xxx/CVE-2007-6640.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6640",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not properly prevent access to dangerous functions, which allows remote attackers to read the configuration, modify the configuration, or send an HTTP request via the (1) GM_addStyle, (2) GM_log, (3) GM_openInTab, (4) GM_setValue, (5) GM_getValue, or (6) GM_xmlhttpRequest function within a web page on which a userscript is configured."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6640",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://8-p.info/greasekit/vuln/20071226-en.html",
"refsource" : "CONFIRM",
"url" : "http://8-p.info/greasekit/vuln/20071226-en.html"
},
{
"name" : "42819",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/42819"
},
{
"name" : "28241",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28241"
},
{
"name" : "greasekit-creammonkey-gm-security-bypass(39272)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39272"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not properly prevent access to dangerous functions, which allows remote attackers to read the configuration, modify the configuration, or send an HTTP request via the (1) GM_addStyle, (2) GM_log, (3) GM_openInTab, (4) GM_setValue, (5) GM_getValue, or (6) GM_xmlhttpRequest function within a web page on which a userscript is configured."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://8-p.info/greasekit/vuln/20071226-en.html",
"refsource": "CONFIRM",
"url": "http://8-p.info/greasekit/vuln/20071226-en.html"
},
{
"name": "28241",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28241"
},
{
"name": "42819",
"refsource": "OSVDB",
"url": "http://osvdb.org/42819"
},
{
"name": "greasekit-creammonkey-gm-security-bypass(39272)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39272"
}
]
}
}

300
2010/0xxx/CVE-2010-0054.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0054",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML IMG elements."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-0054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4070",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4070"
},
{
"name" : "http://support.apple.com/kb/HT4225",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4225"
},
{
"name" : "APPLE-SA-2010-03-11-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html"
},
{
"name" : "APPLE-SA-2010-06-21-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"name" : "FEDORA-2010-8360",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html"
},
{
"name" : "FEDORA-2010-8379",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html"
},
{
"name" : "FEDORA-2010-8423",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html"
},
{
"name" : "MDVSA-2011:039",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name" : "SUSE-SR:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name" : "USN-1006-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name" : "38671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38671"
},
{
"name" : "62949",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/62949"
},
{
"name" : "oval:org.mitre.oval:def:6915",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6915"
},
{
"name" : "1023708",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023708"
},
{
"name" : "41856",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41856"
},
{
"name" : "43068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43068"
},
{
"name" : "ADV-2010-2722",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name" : "ADV-2011-0212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name" : "ADV-2011-0552",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0552"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML IMG elements."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:039",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name": "APPLE-SA-2010-03-11-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html"
},
{
"name": "ADV-2010-2722",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "USN-1006-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name": "1023708",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023708"
},
{
"name": "41856",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41856"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "http://support.apple.com/kb/HT4225",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "62949",
"refsource": "OSVDB",
"url": "http://osvdb.org/62949"
},
{
"name": "FEDORA-2010-8360",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html"
},
{
"name": "http://support.apple.com/kb/HT4070",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4070"
},
{
"name": "oval:org.mitre.oval:def:6915",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6915"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "ADV-2011-0552",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"name": "FEDORA-2010-8379",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html"
},
{
"name": "APPLE-SA-2010-06-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"name": "38671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38671"
},
{
"name": "FEDORA-2010-8423",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html"
}
]
}
}

250
2010/0xxx/CVE-2010-0232.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0232",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka \"Windows Kernel Exception Handler Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-0232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100119 Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/509106/100/0/threaded"
},
{
"name" : "20100119 Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2010/Jan/341"
},
{
"name" : "[dailydave] 20100119 We hold these axioms to be self evident",
"refsource" : "MLIST",
"url" : "http://lists.immunitysec.com/pipermail/dailydave/2010-January/006000.html"
},
{
"name" : "http://lock.cmpxchg8b.com/c0af0967d904cef2ad4db766a00bc6af/KiTrap0D.zip",
"refsource" : "MISC",
"url" : "http://lock.cmpxchg8b.com/c0af0967d904cef2ad4db766a00bc6af/KiTrap0D.zip"
},
{
"name" : "http://blogs.technet.com/msrc/archive/2010/01/20/security-advisory-979682-released.aspx",
"refsource" : "CONFIRM",
"url" : "http://blogs.technet.com/msrc/archive/2010/01/20/security-advisory-979682-released.aspx"
},
{
"name" : "http://www.microsoft.com/technet/security/advisory/979682.mspx",
"refsource" : "CONFIRM",
"url" : "http://www.microsoft.com/technet/security/advisory/979682.mspx"
},
{
"name" : "MS10-015",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-015"
},
{
"name" : "TA10-040A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-040A.html"
},
{
"name" : "37864",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37864"
},
{
"name" : "oval:org.mitre.oval:def:8344",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8344"
},
{
"name" : "1023471",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023471"
},
{
"name" : "38265",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38265"
},
{
"name" : "ADV-2010-0179",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0179"
},
{
"name" : "ms-win-gptrap-privilege-escalation(55742)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55742"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka \"Windows Kernel Exception Handler Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[dailydave] 20100119 We hold these axioms to be self evident",
"refsource": "MLIST",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2010-January/006000.html"
},
{
"name": "http://lock.cmpxchg8b.com/c0af0967d904cef2ad4db766a00bc6af/KiTrap0D.zip",
"refsource": "MISC",
"url": "http://lock.cmpxchg8b.com/c0af0967d904cef2ad4db766a00bc6af/KiTrap0D.zip"
},
{
"name": "http://blogs.technet.com/msrc/archive/2010/01/20/security-advisory-979682-released.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/msrc/archive/2010/01/20/security-advisory-979682-released.aspx"
},
{
"name": "MS10-015",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-015"
},
{
"name": "http://www.microsoft.com/technet/security/advisory/979682.mspx",
"refsource": "CONFIRM",
"url": "http://www.microsoft.com/technet/security/advisory/979682.mspx"
},
{
"name": "TA10-040A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-040A.html"
},
{
"name": "1023471",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023471"
},
{
"name": "20100119 Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2010/Jan/341"
},
{
"name": "ADV-2010-0179",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0179"
},
{
"name": "37864",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37864"
},
{
"name": "38265",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38265"
},
{
"name": "20100119 Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509106/100/0/threaded"
},
{
"name": "ms-win-gptrap-privilege-escalation(55742)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55742"
},
{
"name": "oval:org.mitre.oval:def:8344",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8344"
}
]
}
}

170
2010/0xxx/CVE-2010-0313.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0313",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The core_get_proxyauth_dn function in ns-slapd in Sun Java System Directory Server Enterprise Edition 7.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted LDAP Search Request message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://intevydis.blogspot.com/2010/01/sun-directory-server-70.html",
"refsource" : "MISC",
"url" : "http://intevydis.blogspot.com/2010/01/sun-directory-server-70.html"
},
{
"name" : "37699",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37699"
},
{
"name" : "1023431",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023431"
},
{
"name" : "37978",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37978"
},
{
"name" : "ADV-2010-0085",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0085"
},
{
"name" : "jsds-coregetproxyauthdn-dos(55511)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55511"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The core_get_proxyauth_dn function in ns-slapd in Sun Java System Directory Server Enterprise Edition 7.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted LDAP Search Request message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "jsds-coregetproxyauthdn-dos(55511)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55511"
},
{
"name": "http://intevydis.blogspot.com/2010/01/sun-directory-server-70.html",
"refsource": "MISC",
"url": "http://intevydis.blogspot.com/2010/01/sun-directory-server-70.html"
},
{
"name": "1023431",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023431"
},
{
"name": "ADV-2010-0085",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0085"
},
{
"name": "37699",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37699"
},
{
"name": "37978",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37978"
}
]
}
}

150
2010/0xxx/CVE-2010-0518.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0518",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with Sorenson encoding."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-0518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4077",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4077"
},
{
"name" : "APPLE-SA-2010-03-29-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name" : "APPLE-SA-2010-03-30-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html"
},
{
"name" : "oval:org.mitre.oval:def:7077",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7077"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with Sorenson encoding."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "APPLE-SA-2010-03-30-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "oval:org.mitre.oval:def:7077",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7077"
}
]
}
}

170
2010/1xxx/CVE-2010-1479.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1479",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter in a raw action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1004-exploits/joomlarokmodule-bsql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1004-exploits/joomlarokmodule-bsql.txt"
},
{
"name" : "12148",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/12148"
},
{
"name" : "http://www.rockettheme.com/extensions-downloads/free/rokmodule/1040-rokmodule-component/download",
"refsource" : "CONFIRM",
"url" : "http://www.rockettheme.com/extensions-downloads/free/rokmodule/1040-rokmodule-component/download"
},
{
"name" : "http://www.rockettheme.com/extensions-updates/673-rokmodule-security-update-released",
"refsource" : "CONFIRM",
"url" : "http://www.rockettheme.com/extensions-updates/673-rokmodule-security-update-released"
},
{
"name" : "39378",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39378"
},
{
"name" : "39255",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39255"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter in a raw action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39255",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39255"
},
{
"name": "39378",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39378"
},
{
"name": "http://www.rockettheme.com/extensions-downloads/free/rokmodule/1040-rokmodule-component/download",
"refsource": "CONFIRM",
"url": "http://www.rockettheme.com/extensions-downloads/free/rokmodule/1040-rokmodule-component/download"
},
{
"name": "http://www.rockettheme.com/extensions-updates/673-rokmodule-security-update-released",
"refsource": "CONFIRM",
"url": "http://www.rockettheme.com/extensions-updates/673-rokmodule-security-update-released"
},
{
"name": "12148",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12148"
},
{
"name": "http://packetstormsecurity.org/1004-exploits/joomlarokmodule-bsql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1004-exploits/joomlarokmodule-bsql.txt"
}
]
}
}

160
2010/1xxx/CVE-2010-1528.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1528",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in include/template.php in Uiga Proxy, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the content parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "12049",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/12049"
},
{
"name" : "39365",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39365"
},
{
"name" : "63528",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/63528"
},
{
"name" : "39313",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39313"
},
{
"name" : "uigaproxy-template-file-include(57515)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57515"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in include/template.php in Uiga Proxy, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the content parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39365",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39365"
},
{
"name": "63528",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/63528"
},
{
"name": "12049",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12049"
},
{
"name": "39313",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39313"
},
{
"name": "uigaproxy-template-file-include(57515)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57515"
}
]
}
}

180
2010/1xxx/CVE-2010-1677.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1677",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MHonArc 2.6.16 allows remote attackers to cause a denial of service (CPU consumption) via start tags that are placed within other start tags, as demonstrated by a <bo<bo<bo<bo<body>dy>dy>dy>dy> sequence, a different vulnerability than CVE-2010-4524."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[mhonarc-dev] 20101230 [bug #32014] CVE-2010-1677: DoS when processing html messages with deep tag nesting",
"refsource" : "MLIST",
"url" : "http://www.mail-archive.com/mhonarc-dev@mhonarc.org/msg01297.html"
},
{
"name" : "http://savannah.nongnu.org/bugs/?32014",
"refsource" : "CONFIRM",
"url" : "http://savannah.nongnu.org/bugs/?32014"
},
{
"name" : "MDVSA-2011:003",
"refsource" : "MANDRIVA",
"url" : "http://lists.mandriva.com/security-announce/2011-01/msg00004.php"
},
{
"name" : "42694",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42694"
},
{
"name" : "ADV-2010-3344",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3344"
},
{
"name" : "ADV-2011-0067",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0067"
},
{
"name" : "mhonarc-start-tags-dos(64656)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64656"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MHonArc 2.6.16 allows remote attackers to cause a denial of service (CPU consumption) via start tags that are placed within other start tags, as demonstrated by a <bo<bo<bo<bo<body>dy>dy>dy>dy> sequence, a different vulnerability than CVE-2010-4524."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mhonarc-start-tags-dos(64656)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64656"
},
{
"name": "ADV-2010-3344",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3344"
},
{
"name": "[mhonarc-dev] 20101230 [bug #32014] CVE-2010-1677: DoS when processing html messages with deep tag nesting",
"refsource": "MLIST",
"url": "http://www.mail-archive.com/mhonarc-dev@mhonarc.org/msg01297.html"
},
{
"name": "ADV-2011-0067",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0067"
},
{
"name": "42694",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42694"
},
{
"name": "http://savannah.nongnu.org/bugs/?32014",
"refsource": "CONFIRM",
"url": "http://savannah.nongnu.org/bugs/?32014"
},
{
"name": "MDVSA-2011:003",
"refsource": "MANDRIVA",
"url": "http://lists.mandriva.com/security-announce/2011-01/msg00004.php"
}
]
}
}

34
2010/4xxx/CVE-2010-4126.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4126",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2010-4126",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}

160
2010/4xxx/CVE-2010-4142.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4142",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build 6.1.8.10 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) SCPC_INITIALIZE, (2) SCPC_INITIALIZE_RF, or (3) SCPC_TXTEVENT packet. NOTE: it was later reported that 1.06 is also affected by one of these requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15259",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15259"
},
{
"name" : "15337",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15337"
},
{
"name" : "http://aluigi.org/adv/realwin_1-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.org/adv/realwin_1-adv.txt"
},
{
"name" : "44150",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44150"
},
{
"name" : "41849",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41849"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build 6.1.8.10 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) SCPC_INITIALIZE, (2) SCPC_INITIALIZE_RF, or (3) SCPC_TXTEVENT packet. NOTE: it was later reported that 1.06 is also affected by one of these requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15259",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15259"
},
{
"name": "44150",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44150"
},
{
"name": "http://aluigi.org/adv/realwin_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.org/adv/realwin_1-adv.txt"
},
{
"name": "15337",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15337"
},
{
"name": "41849",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41849"
}
]
}
}

190
2010/4xxx/CVE-2010-4821.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4821",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110928 Fwd: 2.6.6 <= phpMyFAQ <= 2.6.8 XSS",
"refsource" : "BUGTRAQ",
"url" : "http://seclists.org/bugtraq/2010/Sep/207"
},
{
"name" : "[oss-security] 20120308 CVE-request: phpMyFAQ index.php URI XSS",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/03/08/2"
},
{
"name" : "[oss-security] 20120308 Re: CVE-request: phpMyFAQ index.php URI XSS",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/03/08/7"
},
{
"name" : "http://dl.packetstormsecurity.net/1009-exploits/phpmyfaq268-xss.txt",
"refsource" : "MISC",
"url" : "http://dl.packetstormsecurity.net/1009-exploits/phpmyfaq268-xss.txt"
},
{
"name" : "http://www.phpmyfaq.de/advisory_2010-09-28.php",
"refsource" : "CONFIRM",
"url" : "http://www.phpmyfaq.de/advisory_2010-09-28.php"
},
{
"name" : "68268",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/68268"
},
{
"name" : "41625",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41625"
},
{
"name" : "phpmyfaq-unspecified-xss(62092)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62092"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dl.packetstormsecurity.net/1009-exploits/phpmyfaq268-xss.txt",
"refsource": "MISC",
"url": "http://dl.packetstormsecurity.net/1009-exploits/phpmyfaq268-xss.txt"
},
{
"name": "phpmyfaq-unspecified-xss(62092)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62092"
},
{
"name": "41625",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41625"
},
{
"name": "http://www.phpmyfaq.de/advisory_2010-09-28.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/advisory_2010-09-28.php"
},
{
"name": "[oss-security] 20120308 CVE-request: phpMyFAQ index.php URI XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/08/2"
},
{
"name": "20110928 Fwd: 2.6.6 <= phpMyFAQ <= 2.6.8 XSS",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2010/Sep/207"
},
{
"name": "[oss-security] 20120308 Re: CVE-request: phpMyFAQ index.php URI XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/08/7"
},
{
"name": "68268",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/68268"
}
]
}
}

200
2010/5xxx/CVE-2010-5176.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5176",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Race condition in Security Shield 2010 13.0.16.313 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5176",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
},
{
"name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
},
{
"name" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/",
"refsource" : "MISC",
"url" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
},
{
"name" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
"refsource" : "MISC",
"url" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
},
{
"name" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
"refsource" : "MISC",
"url" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
},
{
"name" : "http://www.f-secure.com/weblog/archives/00001949.html",
"refsource" : "MISC",
"url" : "http://www.f-secure.com/weblog/archives/00001949.html"
},
{
"name" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/",
"refsource" : "MISC",
"url" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
},
{
"name" : "39924",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39924"
},
{
"name" : "67660",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/67660"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Race condition in Security Shield 2010 13.0.16.313 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
},
{
"name": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/",
"refsource": "MISC",
"url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
},
{
"name": "39924",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39924"
},
{
"name": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
"refsource": "MISC",
"url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
},
{
"name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
},
{
"name": "67660",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/67660"
},
{
"name": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/",
"refsource": "MISC",
"url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
},
{
"name": "http://www.f-secure.com/weblog/archives/00001949.html",
"refsource": "MISC",
"url": "http://www.f-secure.com/weblog/archives/00001949.html"
},
{
"name": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
"refsource": "MISC",
"url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
}
]
}
}

120
2014/0xxx/CVE-2014-0607.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0607",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executable file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-0607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.attachmate.com/techdocs/2700.html",
"refsource" : "CONFIRM",
"url" : "http://support.attachmate.com/techdocs/2700.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executable file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.attachmate.com/techdocs/2700.html",
"refsource": "CONFIRM",
"url": "http://support.attachmate.com/techdocs/2700.html"
}
]
}
}

34
2014/1xxx/CVE-2014-1212.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1212",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1212",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2014/1xxx/CVE-2014-1566.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1566",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 31.1 on Android does not properly restrict copying of local files onto the SD card during processing of file: URLs, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1515."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2014-1566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-71.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-71.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1050690",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1050690"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "GLSA-201504-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201504-01"
},
{
"name" : "69522",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69522"
},
{
"name" : "1030792",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030792"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 31.1 on Android does not properly restrict copying of local files onto the SD card during processing of file: URLs, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1515."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69522",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69522"
},
{
"name": "http://www.mozilla.org/security/announce/2014/mfsa2014-71.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-71.html"
},
{
"name": "GLSA-201504-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "1030792",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030792"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1050690",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1050690"
}
]
}
}

34
2014/4xxx/CVE-2014-4069.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4069",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-4069",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

230
2014/4xxx/CVE-2014-4413.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4413",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT6440",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT6440"
},
{
"name" : "https://support.apple.com/kb/HT6537",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT6537"
},
{
"name" : "http://support.apple.com/kb/HT6441",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT6441"
},
{
"name" : "http://support.apple.com/kb/HT6442",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT6442"
},
{
"name" : "APPLE-SA-2014-09-17-1",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html"
},
{
"name" : "APPLE-SA-2014-09-17-2",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html"
},
{
"name" : "GLSA-201612-41",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201612-41"
},
{
"name" : "69881",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69881"
},
{
"name" : "1030866",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030866"
},
{
"name" : "61306",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61306"
},
{
"name" : "61318",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61318"
},
{
"name" : "apple-cve20144413-code-exec(96033)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96033"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT6441",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6441"
},
{
"name": "https://support.apple.com/kb/HT6537",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT6537"
},
{
"name": "1030866",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030866"
},
{
"name": "http://support.apple.com/kb/HT6442",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6442"
},
{
"name": "61318",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61318"
},
{
"name": "APPLE-SA-2014-09-17-2",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html"
},
{
"name": "69881",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69881"
},
{
"name": "APPLE-SA-2014-09-17-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html"
},
{
"name": "http://support.apple.com/kb/HT6440",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6440"
},
{
"name": "61306",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61306"
},
{
"name": "GLSA-201612-41",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-41"
},
{
"name": "apple-cve20144413-code-exec(96033)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96033"
}
]
}
}

34
2014/4xxx/CVE-2014-4969.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4969",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4969",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2014/9xxx/CVE-2014-9643.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9643",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and Total Security before 14.2.0.253 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x95002570, 0x95002574, 0x95002580, 0x950025a8, 0x950025ac, or 0x950025c8 IOCTL call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "35992",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/35992"
},
{
"name" : "http://packetstormsecurity.com/files/130246/K7-Computing-14.2.0.240-Privilege-Escalation.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/130246/K7-Computing-14.2.0.240-Privilege-Escalation.html"
},
{
"name" : "http://www.greyhathacker.net/?p=818",
"refsource" : "MISC",
"url" : "http://www.greyhathacker.net/?p=818"
},
{
"name" : "113007",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/113007"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and Total Security before 14.2.0.253 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x95002570, 0x95002574, 0x95002580, 0x950025a8, 0x950025ac, or 0x950025c8 IOCTL call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.greyhathacker.net/?p=818",
"refsource": "MISC",
"url": "http://www.greyhathacker.net/?p=818"
},
{
"name": "http://packetstormsecurity.com/files/130246/K7-Computing-14.2.0.240-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130246/K7-Computing-14.2.0.240-Privilege-Escalation.html"
},
{
"name": "113007",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/113007"
},
{
"name": "35992",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35992"
}
]
}
}

160
2014/9xxx/CVE-2014-9647.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9647",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in PDFium, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/src/fpdfview.cpp and fpdfsdk/src/fsdk_mgr.cpp, a different vulnerability than CVE-2015-1205."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=410326",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=410326"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=449894",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=449894"
},
{
"name" : "https://pdfium.googlesource.com/pdfium/+/facd0157ce975158da1659fb58a16c1308bd553b",
"refsource" : "CONFIRM",
"url" : "https://pdfium.googlesource.com/pdfium/+/facd0157ce975158da1659fb58a16c1308bd553b"
},
{
"name" : "GLSA-201502-13",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201502-13.xml"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in PDFium, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/src/fpdfview.cpp and fpdfsdk/src/fsdk_mgr.cpp, a different vulnerability than CVE-2015-1205."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.google.com/p/chromium/issues/detail?id=410326",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=410326"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html"
},
{
"name": "GLSA-201502-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201502-13.xml"
},
{
"name": "https://pdfium.googlesource.com/pdfium/+/facd0157ce975158da1659fb58a16c1308bd553b",
"refsource": "CONFIRM",
"url": "https://pdfium.googlesource.com/pdfium/+/facd0157ce975158da1659fb58a16c1308bd553b"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=449894",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=449894"
}
]
}
}

170
2016/3xxx/CVE-2016-3321.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3321",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local users to enumerate files via vectors involving a file:// URL and an HTML5 sandbox iframe, aka \"Internet Explorer Information Disclosure Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160809 Internet Explorer iframe sandbox local file name disclosure vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/539174/100/0/threaded"
},
{
"name" : "20160809 Internet Explorer iframe sandbox local file name disclosure vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/Aug/44"
},
{
"name" : "https://www.securify.nl/advisory/SFY20160301/internet_explorer_iframe_sandbox_local_file_name_disclosure_vulnerability.html",
"refsource" : "MISC",
"url" : "https://www.securify.nl/advisory/SFY20160301/internet_explorer_iframe_sandbox_local_file_name_disclosure_vulnerability.html"
},
{
"name" : "MS16-095",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-095"
},
{
"name" : "92291",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92291"
},
{
"name" : "1036562",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036562"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local users to enumerate files via vectors involving a file:// URL and an HTML5 sandbox iframe, aka \"Internet Explorer Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-095",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-095"
},
{
"name": "1036562",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036562"
},
{
"name": "https://www.securify.nl/advisory/SFY20160301/internet_explorer_iframe_sandbox_local_file_name_disclosure_vulnerability.html",
"refsource": "MISC",
"url": "https://www.securify.nl/advisory/SFY20160301/internet_explorer_iframe_sandbox_local_file_name_disclosure_vulnerability.html"
},
{
"name": "20160809 Internet Explorer iframe sandbox local file name disclosure vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Aug/44"
},
{
"name": "20160809 Internet Explorer iframe sandbox local file name disclosure vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539174/100/0/threaded"
},
{
"name": "92291",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92291"
}
]
}
}

140
2016/3xxx/CVE-2016-3364.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3364",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Visio 2016 allows remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-107",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
},
{
"name" : "92803",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92803"
},
{
"name" : "1036785",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036785"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Visio 2016 allows remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036785",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036785"
},
{
"name": "92803",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92803"
},
{
"name": "MS16-107",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
}
]
}
}

150
2016/3xxx/CVE-2016-3513.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3513",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Communications Operations Monitor component in Oracle Communications Applications before 3.3.92.0.0 allows remote authenticated users to affect confidentiality via vectors related to Infrastructure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.synacktiv.com/ressources/oracle_sbc_configuration_issues.pdf",
"refsource" : "MISC",
"url" : "http://www.synacktiv.com/ressources/oracle_sbc_configuration_issues.pdf"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name" : "91787",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91787"
},
{
"name" : "1036401",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036401"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Communications Operations Monitor component in Oracle Communications Applications before 3.3.92.0.0 allows remote authenticated users to affect confidentiality via vectors related to Infrastructure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "1036401",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036401"
},
{
"name": "http://www.synacktiv.com/ressources/oracle_sbc_configuration_issues.pdf",
"refsource": "MISC",
"url": "http://www.synacktiv.com/ressources/oracle_sbc_configuration_issues.pdf"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
}
]
}
}

154
2016/6xxx/CVE-2016-6001.json
View File

@ -1,79 +1,79 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-6001",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Forms Experience Builder",
"version" : {
"version_data" : [
{
"version_value" : "8.5.0"
},
{
"version_value" : "8.5.1"
},
{
"version_value" : "8.5"
},
{
"version_value" : "8.5.0.1"
},
{
"version_value" : "8.6"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6001",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Forms Experience Builder",
"version": {
"version_data": [
{
"version_value": "8.5.0"
},
{
"version_value": "8.5.1"
},
{
"version_value": "8.5"
},
{
"version_value": "8.5.0.1"
},
{
"version_value": "8.6"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21991280",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21991280"
},
{
"name" : "95777",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95777"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95777",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95777"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21991280",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21991280"
}
]
}
}

140
2016/7xxx/CVE-2016-7251.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2016-7251",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the MDS API in Microsoft SQL Server 2016 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka \"MDS API XSS Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-136",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-136"
},
{
"name" : "94043",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94043"
},
{
"name" : "1037250",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037250"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the MDS API in Microsoft SQL Server 2016 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka \"MDS API XSS Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037250",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037250"
},
{
"name": "94043",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94043"
},
{
"name": "MS16-136",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-136"
}
]
}
}

140
2016/7xxx/CVE-2016-7277.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2016-7277",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Office 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-148",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name" : "94715",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94715"
},
{
"name" : "1037441",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037441"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-148",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "1037441",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037441"
},
{
"name": "94715",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94715"
}
]
}
}

34
2016/7xxx/CVE-2016-7320.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7320",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7320",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/7xxx/CVE-2016-7961.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7961",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7961",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

210
2016/7xxx/CVE-2016-7972.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7972",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161004 Re: Handful of libass issues",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/05/2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1381960",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1381960"
},
{
"name" : "https://github.com/libass/libass/pull/240/commits/aa54e0b59200a994d50a346b5d7ac818ebcf2d4b",
"refsource" : "CONFIRM",
"url" : "https://github.com/libass/libass/pull/240/commits/aa54e0b59200a994d50a346b5d7ac818ebcf2d4b"
},
{
"name" : "https://github.com/libass/libass/releases/tag/0.13.4",
"refsource" : "CONFIRM",
"url" : "https://github.com/libass/libass/releases/tag/0.13.4"
},
{
"name" : "FEDORA-2016-282507c3e9",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC/"
},
{
"name" : "FEDORA-2016-95407a836f",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7JJ2SGVOX6UQQIRMVC3QACJLKHE2PYN/"
},
{
"name" : "FEDORA-2016-d2a05a0644",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUOUOK3VULMMZTNSCRFCNPDAPDWAVK7X/"
},
{
"name" : "GLSA-201702-25",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-25"
},
{
"name" : "openSUSE-SU-2016:3087",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00068.html"
},
{
"name" : "93358",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93358"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201702-25",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-25"
},
{
"name": "https://github.com/libass/libass/pull/240/commits/aa54e0b59200a994d50a346b5d7ac818ebcf2d4b",
"refsource": "CONFIRM",
"url": "https://github.com/libass/libass/pull/240/commits/aa54e0b59200a994d50a346b5d7ac818ebcf2d4b"
},
{
"name": "93358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93358"
},
{
"name": "https://github.com/libass/libass/releases/tag/0.13.4",
"refsource": "CONFIRM",
"url": "https://github.com/libass/libass/releases/tag/0.13.4"
},
{
"name": "FEDORA-2016-282507c3e9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1381960",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381960"
},
{
"name": "FEDORA-2016-d2a05a0644",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUOUOK3VULMMZTNSCRFCNPDAPDWAVK7X/"
},
{
"name": "openSUSE-SU-2016:3087",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00068.html"
},
{
"name": "[oss-security] 20161004 Re: Handful of libass issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/2"
},
{
"name": "FEDORA-2016-95407a836f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7JJ2SGVOX6UQQIRMVC3QACJLKHE2PYN/"
}
]
}
}

34
2016/8xxx/CVE-2016-8113.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8113",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8113",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2016/8xxx/CVE-2016-8190.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8190",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8190",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2016/8xxx/CVE-2016-8541.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8541",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-8541",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/8xxx/CVE-2016-8896.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8896",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8896",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

172
2016/8xxx/CVE-2016-8952.json
View File

@ -1,88 +1,88 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-07-11T00:00:00",
"ID" : "CVE-2016-8952",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Emptoris Strategic Supply Management",
"version" : {
"version_data" : [
{
"version_value" : "10.0.0.0"
},
{
"version_value" : "10.0.1.0"
},
{
"version_value" : "10.0.2.0"
},
{
"version_value" : "10.0.4.0"
},
{
"version_value" : "10.1.0.0"
},
{
"version_value" : "10.1.1.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118839."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-07-11T00:00:00",
"ID": "CVE-2016-8952",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Strategic Supply Management",
"version": {
"version_data": [
{
"version_value": "10.0.0.0"
},
{
"version_value": "10.0.1.0"
},
{
"version_value": "10.0.2.0"
},
{
"version_value": "10.0.4.0"
},
{
"version_value": "10.1.0.0"
},
{
"version_value": "10.1.1.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/118839",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/118839"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22005839",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22005839"
},
{
"name" : "99589",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99589"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118839."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118839",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118839"
},
{
"name": "99589",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99589"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22005839",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005839"
}
]
}
}

190
2016/9xxx/CVE-2016-9460.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"ID" : "CVE-2016-9460",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4",
"version" : {
"version_data" : [
{
"version_value" : "Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "User Interface (UI) Misrepresentation of Critical Information (CWE-451)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2016-9460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4",
"version": {
"version_data": [
{
"version_value": "Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/nextcloud/server/commit/2da43e3751576bbc838f238a09955c4dcdebee8e",
"refsource" : "MISC",
"url" : "https://github.com/nextcloud/server/commit/2da43e3751576bbc838f238a09955c4dcdebee8e"
},
{
"name" : "https://github.com/nextcloud/server/commit/8aa0832bd449c44ec300da4189bd8ed4e036140c",
"refsource" : "MISC",
"url" : "https://github.com/nextcloud/server/commit/8aa0832bd449c44ec300da4189bd8ed4e036140c"
},
{
"name" : "https://github.com/nextcloud/server/commit/dea8e29289a1b99d5e889627c2e377887f4f2983",
"refsource" : "MISC",
"url" : "https://github.com/nextcloud/server/commit/dea8e29289a1b99d5e889627c2e377887f4f2983"
},
{
"name" : "https://github.com/owncloud/core/commit/c92c234059f8b1dc7d53122985ec0d398895a2cf",
"refsource" : "MISC",
"url" : "https://github.com/owncloud/core/commit/c92c234059f8b1dc7d53122985ec0d398895a2cf"
},
{
"name" : "https://hackerone.com/reports/145463",
"refsource" : "MISC",
"url" : "https://hackerone.com/reports/145463"
},
{
"name" : "https://nextcloud.com/security/advisory/?id=nc-sa-2016-003",
"refsource" : "MISC",
"url" : "https://nextcloud.com/security/advisory/?id=nc-sa-2016-003"
},
{
"name" : "https://owncloud.org/security/advisory/?id=oc-sa-2016-013",
"refsource" : "MISC",
"url" : "https://owncloud.org/security/advisory/?id=oc-sa-2016-013"
},
{
"name" : "97282",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97282"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "User Interface (UI) Misrepresentation of Critical Information (CWE-451)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/145463",
"refsource": "MISC",
"url": "https://hackerone.com/reports/145463"
},
{
"name": "https://github.com/nextcloud/server/commit/8aa0832bd449c44ec300da4189bd8ed4e036140c",
"refsource": "MISC",
"url": "https://github.com/nextcloud/server/commit/8aa0832bd449c44ec300da4189bd8ed4e036140c"
},
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2016-013",
"refsource": "MISC",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-013"
},
{
"name": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-003",
"refsource": "MISC",
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-003"
},
{
"name": "97282",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97282"
},
{
"name": "https://github.com/nextcloud/server/commit/dea8e29289a1b99d5e889627c2e377887f4f2983",
"refsource": "MISC",
"url": "https://github.com/nextcloud/server/commit/dea8e29289a1b99d5e889627c2e377887f4f2983"
},
{
"name": "https://github.com/owncloud/core/commit/c92c234059f8b1dc7d53122985ec0d398895a2cf",
"refsource": "MISC",
"url": "https://github.com/owncloud/core/commit/c92c234059f8b1dc7d53122985ec0d398895a2cf"
},
{
"name": "https://github.com/nextcloud/server/commit/2da43e3751576bbc838f238a09955c4dcdebee8e",
"refsource": "MISC",
"url": "https://github.com/nextcloud/server/commit/2da43e3751576bbc838f238a09955c4dcdebee8e"
}
]
}
}