admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:38:07 +00:00
parent 2c88dffd7e
commit b3f6e8330f
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
50 changed files with 3404 additions and 3404 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
2006/5xxx/CVE-2006-5096.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5096",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in VirtueMart (formerly known as mambo-phpShop) Joomla! eCommerce Edition CMS 1.0.11, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the Itemid parameter in a (1) com_contact or (2) subscribe action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060927 VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/447168/100/0/threaded"
},
{
"name" : "20236",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20236"
},
{
"name" : "ADV-2006-3848",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3848"
},
{
"name" : "22162",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22162"
},
{
"name" : "1657",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1657"
},
{
"name" : "virtuemart-index-xss(29207)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29207"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in VirtueMart (formerly known as mambo-phpShop) Joomla! eCommerce Edition CMS 1.0.11, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the Itemid parameter in a (1) com_contact or (2) subscribe action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22162",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22162"
},
{
"name": "1657",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1657"
},
{
"name": "20060927 VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447168/100/0/threaded"
},
{
"name": "virtuemart-index-xss(29207)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29207"
},
{
"name": "ADV-2006-3848",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3848"
},
{
"name": "20236",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20236"
}
]
}
}

210
2006/5xxx/CVE-2006-5228.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5228",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in the Google Gadget login.php (gadget/login.php) in Rob Hensley ackerTodo 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) up_login, (2) up_pass, or (3) up_num_tasks parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061005 ackerTodo 4.2 SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/447846/100/0/threaded"
},
{
"name" : "http://ackertodo.cvs.sourceforge.net/ackertodo/ackertodo/src/gadget/login.php?r1=1.3&r2=1.4",
"refsource" : "CONFIRM",
"url" : "http://ackertodo.cvs.sourceforge.net/ackertodo/ackertodo/src/gadget/login.php?r1=1.3&r2=1.4"
},
{
"name" : "http://ackertodo.cvs.sourceforge.net/ackertodo/ackertodo/src/gadget/login.php?view=log",
"refsource" : "CONFIRM",
"url" : "http://ackertodo.cvs.sourceforge.net/ackertodo/ackertodo/src/gadget/login.php?view=log"
},
{
"name" : "20372",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20372"
},
{
"name" : "ADV-2006-3951",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3951"
},
{
"name" : "29552",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29552"
},
{
"name" : "1017008",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017008"
},
{
"name" : "22254",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22254"
},
{
"name" : "1703",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1703"
},
{
"name" : "ackertodo-login-sql-injection(29375)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29375"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the Google Gadget login.php (gadget/login.php) in Rob Hensley ackerTodo 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) up_login, (2) up_pass, or (3) up_num_tasks parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061005 ackerTodo 4.2 SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447846/100/0/threaded"
},
{
"name": "1703",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1703"
},
{
"name": "http://ackertodo.cvs.sourceforge.net/ackertodo/ackertodo/src/gadget/login.php?view=log",
"refsource": "CONFIRM",
"url": "http://ackertodo.cvs.sourceforge.net/ackertodo/ackertodo/src/gadget/login.php?view=log"
},
{
"name": "22254",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22254"
},
{
"name": "20372",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20372"
},
{
"name": "ackertodo-login-sql-injection(29375)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29375"
},
{
"name": "29552",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29552"
},
{
"name": "ADV-2006-3951",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3951"
},
{
"name": "1017008",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017008"
},
{
"name": "http://ackertodo.cvs.sourceforge.net/ackertodo/ackertodo/src/gadget/login.php?r1=1.3&r2=1.4",
"refsource": "CONFIRM",
"url": "http://ackertodo.cvs.sourceforge.net/ackertodo/ackertodo/src/gadget/login.php?r1=1.3&r2=1.4"
}
]
}
}

180
2006/5xxx/CVE-2006-5962.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5962",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Hpecs Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields in the (a) login screen, and (3) searchstring parameter in (b) insearch_list.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061114 hpecs shopping cart[login bypass & injection sql (post)]",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/451595/100/0/threaded"
},
{
"name" : "2782",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2782"
},
{
"name" : "ADV-2006-4535",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4535"
},
{
"name" : "22904",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22904"
},
{
"name" : "1879",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1879"
},
{
"name" : "hpecs-adminlogin-sql-injection(30287)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30287"
},
{
"name" : "hpecs-searchlist-sql-injection(30288)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30288"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Hpecs Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields in the (a) login screen, and (3) searchstring parameter in (b) insearch_list.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22904",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22904"
},
{
"name": "2782",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2782"
},
{
"name": "20061114 hpecs shopping cart[login bypass & injection sql (post)]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451595/100/0/threaded"
},
{
"name": "hpecs-adminlogin-sql-injection(30287)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30287"
},
{
"name": "ADV-2006-4535",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4535"
},
{
"name": "hpecs-searchlist-sql-injection(30288)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30288"
},
{
"name": "1879",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1879"
}
]
}
}

190
2007/2xxx/CVE-2007-2194.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2194",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3777",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3777"
},
{
"name" : "GLSA-200707-06",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200707-06.xml"
},
{
"name" : "23625",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23625"
},
{
"name" : "ADV-2007-1488",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1488"
},
{
"name" : "35235",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35235"
},
{
"name" : "24973",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24973"
},
{
"name" : "26006",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26006"
},
{
"name" : "xnview-xpm-bo(33810)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33810"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35235",
"refsource": "OSVDB",
"url": "http://osvdb.org/35235"
},
{
"name": "3777",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3777"
},
{
"name": "ADV-2007-1488",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1488"
},
{
"name": "23625",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23625"
},
{
"name": "24973",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24973"
},
{
"name": "GLSA-200707-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200707-06.xml"
},
{
"name": "xnview-xpm-bo(33810)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33810"
},
{
"name": "26006",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26006"
}
]
}
}

150
2007/2xxx/CVE-2007-2353.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2353",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2353",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070427 Apache AXIS Non-Existent Java Web Service Path Disclosure?",
"refsource" : "VIM",
"url" : "http://attrition.org/pipermail/vim/2007-April/001562.html"
},
{
"name" : "23687",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23687"
},
{
"name" : "34154",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/34154"
},
{
"name" : "apache-axis-wsdl-path-disclosure(34167)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34167"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34154",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/34154"
},
{
"name": "23687",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23687"
},
{
"name": "apache-axis-wsdl-path-disclosure(34167)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34167"
},
{
"name": "20070427 Apache AXIS Non-Existent Java Web Service Path Disclosure?",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2007-April/001562.html"
}
]
}
}

290
2007/3xxx/CVE-2007-3872.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3872",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in the Shared Trace Service (OVTrace) service for HP OpenView Operations A.07.50 for Windows, and possibly earlier versions, allow remote attackers to execute arbitrary code via certain crafted requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070809 Hewlett-Packard OpenView Operations OVTrace Buffer Overflow Vulnerabilities",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=574"
},
{
"name" : "HPSBMA02235",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01106515"
},
{
"name" : "HPSBMA02236",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109171"
},
{
"name" : "HPSBMA02237",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109584"
},
{
"name" : "HPSBMA02238",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109617"
},
{
"name" : "HPSBMA02239",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01110576"
},
{
"name" : "HPSBMA02240",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01110627"
},
{
"name" : "HPSBMA02241",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01111851"
},
{
"name" : "HPSBMA02242",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01112038"
},
{
"name" : "HPSBMA02244",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01114023"
},
{
"name" : "HPSBMA02245",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01114156"
},
{
"name" : "HPSBMA02246",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01115068"
},
{
"name" : "SSRT061260",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109171"
},
{
"name" : "25255",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25255"
},
{
"name" : "ADV-2007-2841",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2841"
},
{
"name" : "1018548",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018548"
},
{
"name" : "26394",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26394"
},
{
"name" : "hp-openview-ovtrace-bo(35928)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35928"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the Shared Trace Service (OVTrace) service for HP OpenView Operations A.07.50 for Windows, and possibly earlier versions, allow remote attackers to execute arbitrary code via certain crafted requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT061260",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109171"
},
{
"name": "hp-openview-ovtrace-bo(35928)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35928"
},
{
"name": "25255",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25255"
},
{
"name": "HPSBMA02244",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01114023"
},
{
"name": "HPSBMA02237",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109584"
},
{
"name": "HPSBMA02246",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01115068"
},
{
"name": "HPSBMA02242",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01112038"
},
{
"name": "HPSBMA02241",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01111851"
},
{
"name": "20070809 Hewlett-Packard OpenView Operations OVTrace Buffer Overflow Vulnerabilities",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=574"
},
{
"name": "ADV-2007-2841",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2841"
},
{
"name": "HPSBMA02240",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01110627"
},
{
"name": "HPSBMA02235",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01106515"
},
{
"name": "HPSBMA02239",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01110576"
},
{
"name": "1018548",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018548"
},
{
"name": "HPSBMA02245",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01114156"
},
{
"name": "HPSBMA02238",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109617"
},
{
"name": "HPSBMA02236",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109171"
},
{
"name": "26394",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26394"
}
]
}
}

150
2007/6xxx/CVE-2007-6027.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6027",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in admin.jjgallery.php in the Carousel Flash Image Gallery (com_jjgallery) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4626",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4626"
},
{
"name" : "26471",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26471"
},
{
"name" : "ADV-2007-3907",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3907"
},
{
"name" : "joomla-carousel-jjgallery-file-include(38500)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38500"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in admin.jjgallery.php in the Carousel Flash Image Gallery (com_jjgallery) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "joomla-carousel-jjgallery-file-include(38500)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38500"
},
{
"name": "4626",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4626"
},
{
"name": "26471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26471"
},
{
"name": "ADV-2007-3907",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3907"
}
]
}
}

34
2007/6xxx/CVE-2007-6069.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6069",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6069",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2007/6xxx/CVE-2007-6493.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6493",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to execute arbitrary code via a certain argument to the SetHandler method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071218 iMesh <= 7.1.0.x IMWebControl Class (IMWeb.dll 7.0.0.x) remote exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/485261/100/0/threaded"
},
{
"name" : "http://retrogod.altervista.org/rgod_imesh.html",
"refsource" : "MISC",
"url" : "http://retrogod.altervista.org/rgod_imesh.html"
},
{
"name" : "ADV-2007-4240",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4240"
},
{
"name" : "40239",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/40239"
},
{
"name" : "28134",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28134"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to execute arbitrary code via a certain argument to the SetHandler method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-4240",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4240"
},
{
"name": "20071218 iMesh <= 7.1.0.x IMWebControl Class (IMWeb.dll 7.0.0.x) remote exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485261/100/0/threaded"
},
{
"name": "28134",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28134"
},
{
"name": "40239",
"refsource": "OSVDB",
"url": "http://osvdb.org/40239"
},
{
"name": "http://retrogod.altervista.org/rgod_imesh.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/rgod_imesh.html"
}
]
}
}

170
2007/6xxx/CVE-2007-6594.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6594",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Lotus Notes 8 for Linux before 8.0.1 uses (1) unspecified weak permissions for the installation kit obtained through a Notes 8 download and (2) 0777 permissions for the installdata file that is created by setup.sh, which allows local users to gain privileges via a Trojan horse file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21289273",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21289273"
},
{
"name" : "ADV-2007-4037",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4037"
},
{
"name" : "40933",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/40933"
},
{
"name" : "40934",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/40934"
},
{
"name" : "1019009",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1019009"
},
{
"name" : "27860",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27860"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Lotus Notes 8 for Linux before 8.0.1 uses (1) unspecified weak permissions for the installation kit obtained through a Notes 8 download and (2) 0777 permissions for the installdata file that is created by setup.sh, which allows local users to gain privileges via a Trojan horse file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40933",
"refsource": "OSVDB",
"url": "http://osvdb.org/40933"
},
{
"name": "ADV-2007-4037",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4037"
},
{
"name": "1019009",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019009"
},
{
"name": "40934",
"refsource": "OSVDB",
"url": "http://osvdb.org/40934"
},
{
"name": "27860",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27860"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21289273",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21289273"
}
]
}
}

150
2010/0xxx/CVE-2010-0366.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0366",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unrestricted file upload vulnerabilities in (1) register.php and (2) addvideo.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.packetstormsecurity.com/1001-exploits/bitsvs-xssuploadrfi.txt",
"refsource" : "MISC",
"url" : "http://www.packetstormsecurity.com/1001-exploits/bitsvs-xssuploadrfi.txt"
},
{
"name" : "61826",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/61826"
},
{
"name" : "38252",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38252"
},
{
"name" : "bitsvideo-addvideo-file-upload(55738)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55738"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unrestricted file upload vulnerabilities in (1) register.php and (2) addvideo.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bitsvideo-addvideo-file-upload(55738)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55738"
},
{
"name": "38252",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38252"
},
{
"name": "61826",
"refsource": "OSVDB",
"url": "http://osvdb.org/61826"
},
{
"name": "http://www.packetstormsecurity.com/1001-exploits/bitsvs-xssuploadrfi.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.com/1001-exploits/bitsvs-xssuploadrfi.txt"
}
]
}
}

120
2010/0xxx/CVE-2010-0638.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0638",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "38222",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38222"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38222",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38222"
}
]
}
}

170
2010/0xxx/CVE-2010-0701.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0701",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in ForceChangePassword.jsp in Newgen Software OmniDocs allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1002-exploits/omnidocs-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1002-exploits/omnidocs-sql.txt"
},
{
"name" : "11393",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/11393"
},
{
"name" : "38304",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38304"
},
{
"name" : "62403",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/62403"
},
{
"name" : "38527",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38527"
},
{
"name" : "omnidocs-forcechangepassword-sql-injection(56237)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56237"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in ForceChangePassword.jsp in Newgen Software OmniDocs allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11393",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11393"
},
{
"name": "38304",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38304"
},
{
"name": "62403",
"refsource": "OSVDB",
"url": "http://osvdb.org/62403"
},
{
"name": "38527",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38527"
},
{
"name": "omnidocs-forcechangepassword-sql-injection(56237)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56237"
},
{
"name": "http://packetstormsecurity.org/1002-exploits/omnidocs-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1002-exploits/omnidocs-sql.txt"
}
]
}
}

210
2010/0xxx/CVE-2010-0739.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0739",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the predospecial function in dospecial.c in dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote attackers to execute arbitrary code via a crafted DVI file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0739",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-stable.git;a=blob;f=source/xapps-extra/tetex/texlive-CVE-2010-0739-int-overflow.patch",
"refsource" : "CONFIRM",
"url" : "http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-stable.git;a=blob;f=source/xapps-extra/tetex/texlive-CVE-2010-0739-int-overflow.patch"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=572941",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=572941"
},
{
"name" : "FEDORA-2010-8273",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041573.html"
},
{
"name" : "GLSA-201206-28",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201206-28.xml"
},
{
"name" : "SUSE-SR:2010:012",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"name" : "SUSE-SR:2010:013",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name" : "USN-937-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-937-1"
},
{
"name" : "39500",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39500"
},
{
"name" : "oval:org.mitre.oval:def:11468",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11468"
},
{
"name" : "39390",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39390"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the predospecial function in dospecial.c in dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote attackers to execute arbitrary code via a crafted DVI file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39500",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39500"
},
{
"name": "GLSA-201206-28",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201206-28.xml"
},
{
"name": "oval:org.mitre.oval:def:11468",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11468"
},
{
"name": "SUSE-SR:2010:013",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "SUSE-SR:2010:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"name": "FEDORA-2010-8273",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041573.html"
},
{
"name": "http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-stable.git;a=blob;f=source/xapps-extra/tetex/texlive-CVE-2010-0739-int-overflow.patch",
"refsource": "CONFIRM",
"url": "http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-stable.git;a=blob;f=source/xapps-extra/tetex/texlive-CVE-2010-0739-int-overflow.patch"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=572941",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=572941"
},
{
"name": "USN-937-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-937-1"
},
{
"name": "39390",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39390"
}
]
}
}

130
2010/1xxx/CVE-2010-1442.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1442",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) AVI, (2) ASF, or (3) Matroska (aka MKV) demuxer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-1442",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100428 Re: CVE request: VLC <1.0.6 Multiple issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/04/28/4"
},
{
"name" : "http://www.videolan.org/security/sa1003.html",
"refsource" : "CONFIRM",
"url" : "http://www.videolan.org/security/sa1003.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) AVI, (2) ASF, or (3) Matroska (aka MKV) demuxer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.videolan.org/security/sa1003.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa1003.html"
},
{
"name": "[oss-security] 20100428 Re: CVE request: VLC <1.0.6 Multiple issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/04/28/4"
}
]
}
}

150
2010/1xxx/CVE-2010-1734.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1734",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100422 Windows 2000/XP/2003 win32k.sys SfnINSTRING local kernel Denial of Service Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/510886/100/0/threaded"
},
{
"name" : "http://vigilance.fr/vulnerability/Windows-denials-of-service-of-win32k-sys-9607",
"refsource" : "MISC",
"url" : "http://vigilance.fr/vulnerability/Windows-denials-of-service-of-win32k-sys-9607"
},
{
"name" : "39631",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39631"
},
{
"name" : "39456",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39456"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39631",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39631"
},
{
"name": "39456",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39456"
},
{
"name": "http://vigilance.fr/vulnerability/Windows-denials-of-service-of-win32k-sys-9607",
"refsource": "MISC",
"url": "http://vigilance.fr/vulnerability/Windows-denials-of-service-of-win32k-sys-9607"
},
{
"name": "20100422 Windows 2000/XP/2003 win32k.sys SfnINSTRING local kernel Denial of Service Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510886/100/0/threaded"
}
]
}
}

140
2010/1xxx/CVE-2010-1809.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1809",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-1809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4334",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4334"
},
{
"name" : "APPLE-SA-2010-09-08-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"name" : "appleios-voiceover-weak-security(61694)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61694"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-09-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"name": "http://support.apple.com/kb/HT4334",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4334"
},
{
"name": "appleios-voiceover-weak-security(61694)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61694"
}
]
}
}

140
2010/1xxx/CVE-2010-1817.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1817",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-1817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4334",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4334"
},
{
"name" : "APPLE-SA-2010-09-08-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"name" : "appleios-gif-bo(61697)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61697"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "appleios-gif-bo(61697)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61697"
},
{
"name": "APPLE-SA-2010-09-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"name": "http://support.apple.com/kb/HT4334",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4334"
}
]
}
}

160
2010/4xxx/CVE-2010-4699.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4699",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote attackers to trigger an incomplete output array, and possibly bypass spam detection or have unspecified other impact, via a crafted Subject header in an e-mail message, as demonstrated by the ks_c_5601-1987 character set."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[php-general] 20070410 Decoding from unknown charsets (inc. ks_c_5601-1987)",
"refsource" : "MLIST",
"url" : "http://coding.derkeiler.com/Archive/PHP/php.general/2007-04/msg00605.html"
},
{
"name" : "http://bugs.php.net/52941",
"refsource" : "CONFIRM",
"url" : "http://bugs.php.net/52941"
},
{
"name" : "http://www.php.net/ChangeLog-5.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/ChangeLog-5.php"
},
{
"name" : "oval:org.mitre.oval:def:12393",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12393"
},
{
"name" : "php-iconvmimedecodeheaders-sec-bypass(64963)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64963"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote attackers to trigger an incomplete output array, and possibly bypass spam detection or have unspecified other impact, via a crafted Subject header in an e-mail message, as demonstrated by the ks_c_5601-1987 character set."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[php-general] 20070410 Decoding from unknown charsets (inc. ks_c_5601-1987)",
"refsource": "MLIST",
"url": "http://coding.derkeiler.com/Archive/PHP/php.general/2007-04/msg00605.html"
},
{
"name": "oval:org.mitre.oval:def:12393",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12393"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "http://bugs.php.net/52941",
"refsource": "CONFIRM",
"url": "http://bugs.php.net/52941"
},
{
"name": "php-iconvmimedecodeheaders-sec-bypass(64963)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64963"
}
]
}
}

120
2010/5xxx/CVE-2010-5289.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5289",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Authenticate method in the INCREDISPOOLERLib.Pop ActiveX control in ImSpoolU.dll in IncrediMail 2.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in the first argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "12030",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/12030/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Authenticate method in the INCREDISPOOLERLib.Pop ActiveX control in ImSpoolU.dll in IncrediMail 2.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in the first argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12030",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12030/"
}
]
}
}

220
2010/5xxx/CVE-2010-5312.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5312",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141114 Re: old CVE assignments for JQuery 1.10.0",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q4/616"
},
{
"name" : "[oss-security] 20141114 old CVE assignments for JQuery 1.10.0",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q4/613"
},
{
"name" : "http://bugs.jqueryui.com/ticket/6016",
"refsource" : "CONFIRM",
"url" : "http://bugs.jqueryui.com/ticket/6016"
},
{
"name" : "https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3",
"refsource" : "CONFIRM",
"url" : "https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name" : "DSA-3249",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3249"
},
{
"name" : "RHSA-2015:0442",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0442.html"
},
{
"name" : "RHSA-2015:1462",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1462.html"
},
{
"name" : "71106",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71106"
},
{
"name" : "1037035",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037035"
},
{
"name" : "jqueryui-cve20105312-xss(98696)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98696"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:0442",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0442.html"
},
{
"name": "DSA-3249",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3249"
},
{
"name": "[oss-security] 20141114 Re: old CVE assignments for JQuery 1.10.0",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q4/616"
},
{
"name": "71106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71106"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "RHSA-2015:1462",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1462.html"
},
{
"name": "http://bugs.jqueryui.com/ticket/6016",
"refsource": "CONFIRM",
"url": "http://bugs.jqueryui.com/ticket/6016"
},
{
"name": "jqueryui-cve20105312-xss(98696)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98696"
},
{
"name": "[oss-security] 20141114 old CVE assignments for JQuery 1.10.0",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q4/613"
},
{
"name": "https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3",
"refsource": "CONFIRM",
"url": "https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3"
},
{
"name": "1037035",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037035"
}
]
}
}

150
2014/10xxx/CVE-2014-10014.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-10014",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Event Booking Calendar 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change the username and password of the administrator via an update action to the AdminOptions controller or conduct cross-site scripting (XSS) attacks via the (2) event_title parameter in a create action to the AdminEvents controller or (3) category_title parameter in a create action to the AdminCategories controller."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-10014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/124753/eventbookingcalendar-xssxsrfsql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/124753/eventbookingcalendar-xssxsrfsql.txt"
},
{
"name" : "56373",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56373"
},
{
"name" : "eventbookingcalendar-index-csrf(90413)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90413"
},
{
"name" : "eventbookingcalendar-index-xss(90414)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90414"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Event Booking Calendar 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change the username and password of the administrator via an update action to the AdminOptions controller or conduct cross-site scripting (XSS) attacks via the (2) event_title parameter in a create action to the AdminEvents controller or (3) category_title parameter in a create action to the AdminCategories controller."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "eventbookingcalendar-index-csrf(90413)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90413"
},
{
"name": "eventbookingcalendar-index-xss(90414)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90414"
},
{
"name": "56373",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56373"
},
{
"name": "http://packetstormsecurity.com/files/124753/eventbookingcalendar-xssxsrfsql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124753/eventbookingcalendar-xssxsrfsql.txt"
}
]
}
}

140
2014/1xxx/CVE-2014-1354.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1354",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CoreGraphics in Apple iOS before 7.1.2 does not properly restrict allocation of stack memory for processing of XBM images, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-1354",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2014-06-30-3",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
},
{
"name" : "68276",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68276"
},
{
"name" : "1030500",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030500"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CoreGraphics in Apple iOS before 7.1.2 does not properly restrict allocation of stack memory for processing of XBM images, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68276"
},
{
"name": "APPLE-SA-2014-06-30-3",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
},
{
"name": "1030500",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030500"
}
]
}
}

170
2014/1xxx/CVE-2014-1367.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1367",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-1367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/kb/HT6537",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT6537"
},
{
"name" : "APPLE-SA-2014-06-30-1",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0171.html"
},
{
"name" : "APPLE-SA-2014-06-30-3",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
},
{
"name" : "APPLE-SA-2014-06-30-4",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html"
},
{
"name" : "1030495",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030495"
},
{
"name" : "59481",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59481"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT6537",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT6537"
},
{
"name": "APPLE-SA-2014-06-30-4",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html"
},
{
"name": "APPLE-SA-2014-06-30-3",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
},
{
"name": "59481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59481"
},
{
"name": "1030495",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030495"
},
{
"name": "APPLE-SA-2014-06-30-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0171.html"
}
]
}
}

150
2014/1xxx/CVE-2014-1457.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1457",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.secureworks.com/research/swrx-2014-006",
"refsource" : "MISC",
"url" : "https://www.secureworks.com/research/swrx-2014-006"
},
{
"name" : "http://www.openwebanalytics.com/?p=384",
"refsource" : "CONFIRM",
"url" : "http://www.openwebanalytics.com/?p=384"
},
{
"name" : "65573",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65573"
},
{
"name" : "owa-cve20141457-csrf(91125)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91125"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.secureworks.com/research/swrx-2014-006",
"refsource": "MISC",
"url": "https://www.secureworks.com/research/swrx-2014-006"
},
{
"name": "http://www.openwebanalytics.com/?p=384",
"refsource": "CONFIRM",
"url": "http://www.openwebanalytics.com/?p=384"
},
{
"name": "65573",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65573"
},
{
"name": "owa-cve20141457-csrf(91125)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91125"
}
]
}
}

34
2014/1xxx/CVE-2014-1674.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1674",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1674",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2014/1xxx/CVE-2014-1809.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1809",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1 makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web site, as exploited in the wild in May 2014, aka \"MSCOMCTL ASLR Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-1809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-024",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-024"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1 makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web site, as exploited in the wild in May 2014, aka \"MSCOMCTL ASLR Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS14-024",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-024"
}
]
}
}

120
2014/4xxx/CVE-2014-4066.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4066",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2787, CVE-2014-2790, CVE-2014-2802, and CVE-2014-2806."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-4066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-037",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2787, CVE-2014-2790, CVE-2014-2802, and CVE-2014-2806."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS14-037",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037"
}
]
}
}

170
2014/4xxx/CVE-2014-4449.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4449",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/kb/HT6541",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT6541"
},
{
"name" : "APPLE-SA-2014-10-20-1",
"refsource" : "APPLE",
"url" : "http://www.securityfocus.com/archive/1/533747"
},
{
"name" : "70659",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70659"
},
{
"name" : "1031077",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031077"
},
{
"name" : "61825",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61825"
},
{
"name" : "appleios-cve20144449-info-disc(97665)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97665"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT6541",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT6541"
},
{
"name": "appleios-cve20144449-info-disc(97665)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97665"
},
{
"name": "1031077",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031077"
},
{
"name": "70659",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70659"
},
{
"name": "61825",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61825"
},
{
"name": "APPLE-SA-2014-10-20-1",
"refsource": "APPLE",
"url": "http://www.securityfocus.com/archive/1/533747"
}
]
}
}

120
2014/4xxx/CVE-2014-4595.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4595",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the WP RESTful plugin 0.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) oauth_callback parameter to html_api_authorize.php or the (2) oauth_token_temp or (3) oauth_callback_temp parameter to html_api_login.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://codevigilant.com/disclosure/wp-plugin-wp-restful-a3-cross-site-scripting-xss",
"refsource" : "MISC",
"url" : "http://codevigilant.com/disclosure/wp-plugin-wp-restful-a3-cross-site-scripting-xss"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the WP RESTful plugin 0.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) oauth_callback parameter to html_api_authorize.php or the (2) oauth_token_temp or (3) oauth_callback_temp parameter to html_api_login.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://codevigilant.com/disclosure/wp-plugin-wp-restful-a3-cross-site-scripting-xss",
"refsource": "MISC",
"url": "http://codevigilant.com/disclosure/wp-plugin-wp-restful-a3-cross-site-scripting-xss"
}
]
}
}

130
2014/4xxx/CVE-2014-4831.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4831",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to hijack sessions via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21691211",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21691211"
},
{
"name" : "ibm-qradar-cve20144831-hijack(95581)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95581"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to hijack sessions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21691211",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21691211"
},
{
"name": "ibm-qradar-cve20144831-hijack(95581)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95581"
}
]
}
}

140
2014/5xxx/CVE-2014-5888.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5888",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SLOTS: Bible Slots Free (aka com.topfreegames.topbibleslots) application 1.122 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#584961",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/584961"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SLOTS: Bible Slots Free (aka com.topfreegames.topbibleslots) application 1.122 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#584961",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/584961"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

130
2014/9xxx/CVE-2014-9237.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9237",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141117 Proticaret E-Commerce Script v3.0 SQL Injection",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Nov/43"
},
{
"name" : "http://packetstormsecurity.com/files/129129/Proticaret-E-Commerce-Script-3.0-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129129/Proticaret-E-Commerce-Script-3.0-SQL-Injection.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/129129/Proticaret-E-Commerce-Script-3.0-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129129/Proticaret-E-Commerce-Script-3.0-SQL-Injection.html"
},
{
"name": "20141117 Proticaret E-Commerce Script v3.0 SQL Injection",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/43"
}
]
}
}

160
2016/10xxx/CVE-2016-10741.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-10741",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04197b341f23b908193308b8d63d17ff23232598",
"refsource" : "MISC",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04197b341f23b908193308b8d63d17ff23232598"
},
{
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=1124010",
"refsource" : "MISC",
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1124010"
},
{
"name" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.3",
"refsource" : "MISC",
"url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.3"
},
{
"name" : "https://github.com/torvalds/linux/commit/04197b341f23b908193308b8d63d17ff23232598",
"refsource" : "MISC",
"url" : "https://github.com/torvalds/linux/commit/04197b341f23b908193308b8d63d17ff23232598"
},
{
"name" : "106822",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106822"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.3",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.3"
},
{
"name": "106822",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106822"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1124010",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1124010"
},
{
"name": "https://github.com/torvalds/linux/commit/04197b341f23b908193308b8d63d17ff23232598",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/04197b341f23b908193308b8d63d17ff23232598"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04197b341f23b908193308b8d63d17ff23232598",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04197b341f23b908193308b8d63d17ff23232598"
}
]
}
}

130
2016/3xxx/CVE-2016-3052.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-3052",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "WebSphere MQ",
"version" : {
"version_data" : [
{
"version_value" : "8.0"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. This data could be intercepted using man in the middle techniques."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-3052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere MQ",
"version": {
"version_data": [
{
"version_value": "8.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21998660",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21998660"
},
{
"name" : "96400",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96400"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. This data could be intercepted using man in the middle techniques."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21998660",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998660"
},
{
"name": "96400",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96400"
}
]
}
}

140
2016/3xxx/CVE-2016-3306.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3306",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishandles session objects, which allows local users to hijack sessions, and consequently gain privileges, via a crafted application, aka \"Windows Session Object Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-3305."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-111",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-111"
},
{
"name" : "92813",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92813"
},
{
"name" : "1036802",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036802"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishandles session objects, which allows local users to hijack sessions, and consequently gain privileges, via a crafted application, aka \"Windows Session Object Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-3305."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-111",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-111"
},
{
"name": "1036802",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036802"
},
{
"name": "92813",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92813"
}
]
}
}

160
2016/3xxx/CVE-2016-3518.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3518",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name" : "USN-3040-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3040-1"
},
{
"name" : "91787",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91787"
},
{
"name" : "91967",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91967"
},
{
"name" : "1036362",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036362"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3040-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3040-1"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "91967",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91967"
},
{
"name": "1036362",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036362"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
}
]
}
}

130
2016/3xxx/CVE-2016-3765.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3765",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "decoder/impeg2d_bitstream.c in mediaserver in Android 6.x before 2016-07-01 allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted application, aka internal bug 28168413."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"name" : "https://android.googlesource.com/platform/external/libmpeg2/+/d1c775d1d8d2ed117d1e026719b7f9f089716597",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/external/libmpeg2/+/d1c775d1d8d2ed117d1e026719b7f9f089716597"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "decoder/impeg2d_bitstream.c in mediaserver in Android 6.x before 2016-07-01 allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted application, aka internal bug 28168413."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/external/libmpeg2/+/d1c775d1d8d2ed117d1e026719b7f9f089716597",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/external/libmpeg2/+/d1c775d1d8d2ed117d1e026719b7f9f089716597"
},
{
"name": "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
}
]
}
}

140
2016/3xxx/CVE-2016-3894.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3894",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Qualcomm DMA component in Android before 2016-09-05 on Nexus 6 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29618014 and Qualcomm internal bug CR1042033."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-09-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-09-01.html"
},
{
"name" : "92880",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92880"
},
{
"name" : "1036763",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036763"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Qualcomm DMA component in Android before 2016-09-05 on Nexus 6 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29618014 and Qualcomm internal bug CR1042033."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-09-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-09-01.html"
},
{
"name": "1036763",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036763"
},
{
"name": "92880",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92880"
}
]
}
}

34
2016/7xxx/CVE-2016-7850.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7850",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7850",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

200
2016/7xxx/CVE-2016-7970.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7970",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161004 Re: Handful of libass issues",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/05/2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1381960",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1381960"
},
{
"name" : "https://github.com/libass/libass/pull/240/commits/08e754612019ed84d1db0d1fc4f5798248decd75",
"refsource" : "CONFIRM",
"url" : "https://github.com/libass/libass/pull/240/commits/08e754612019ed84d1db0d1fc4f5798248decd75"
},
{
"name" : "https://github.com/libass/libass/releases/tag/0.13.4",
"refsource" : "CONFIRM",
"url" : "https://github.com/libass/libass/releases/tag/0.13.4"
},
{
"name" : "FEDORA-2016-282507c3e9",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC/"
},
{
"name" : "FEDORA-2016-95407a836f",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7JJ2SGVOX6UQQIRMVC3QACJLKHE2PYN/"
},
{
"name" : "FEDORA-2016-d2a05a0644",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUOUOK3VULMMZTNSCRFCNPDAPDWAVK7X/"
},
{
"name" : "GLSA-201702-25",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-25"
},
{
"name" : "93358",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93358"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201702-25",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-25"
},
{
"name": "93358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93358"
},
{
"name": "https://github.com/libass/libass/releases/tag/0.13.4",
"refsource": "CONFIRM",
"url": "https://github.com/libass/libass/releases/tag/0.13.4"
},
{
"name": "FEDORA-2016-282507c3e9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1381960",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381960"
},
{
"name": "FEDORA-2016-d2a05a0644",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUOUOK3VULMMZTNSCRFCNPDAPDWAVK7X/"
},
{
"name": "[oss-security] 20161004 Re: Handful of libass issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/05/2"
},
{
"name": "FEDORA-2016-95407a836f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7JJ2SGVOX6UQQIRMVC3QACJLKHE2PYN/"
},
{
"name": "https://github.com/libass/libass/pull/240/commits/08e754612019ed84d1db0d1fc4f5798248decd75",
"refsource": "CONFIRM",
"url": "https://github.com/libass/libass/pull/240/commits/08e754612019ed84d1db0d1fc4f5798248decd75"
}
]
}
}

150
2016/7xxx/CVE-2016-7996.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7996",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161007 GraphicsMagick CVE Request - WPG Reader Issues",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/07/4"
},
{
"name" : "[oss-security] 20161008 Re: GraphicsMagick CVE Request - WPG Reader Issues",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/08/5"
},
{
"name" : "DSA-3746",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3746"
},
{
"name" : "93464",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93464"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93464",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93464"
},
{
"name": "DSA-3746",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3746"
},
{
"name": "[oss-security] 20161007 GraphicsMagick CVE Request - WPG Reader Issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/07/4"
},
{
"name": "[oss-security] 20161008 Re: GraphicsMagick CVE Request - WPG Reader Issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/5"
}
]
}
}

34
2016/8xxx/CVE-2016-8035.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8035",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-8035",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

140
2016/8xxx/CVE-2016-8395.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2016-8395",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Kernel-3.10"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A denial of service vulnerability in the NVIDIA camera driver could enable an attacker to cause a local permanent denial of service, which may require reflashing the operating system to repair the device. This issue is rated as High due to the possibility of local permanent denial of service. Product: Android. Versions: Kernel-3.10. Android ID: A-31403040. References: N-CVE-2016-8395."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of service"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-8395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Kernel-3.10"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2016-12-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2016-12-01.html"
},
{
"name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
"refsource" : "CONFIRM",
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"name" : "94710",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94710"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability in the NVIDIA camera driver could enable an attacker to cause a local permanent denial of service, which may require reflashing the operating system to repair the device. This issue is rated as High due to the possibility of local permanent denial of service. Product: Android. Versions: Kernel-3.10. Android ID: A-31403040. References: N-CVE-2016-8395."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2016-12-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-12-01.html"
},
{
"name": "94710",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94710"
},
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
}
]
}
}

232
2016/9xxx/CVE-2016-9586.json
View File

@ -1,118 +1,118 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "lpardo@redhat.com",
"ID" : "CVE-2016-9586",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "curl",
"version" : {
"version_data" : [
{
"version_value" : "curl 7.52.0"
}
]
}
}
]
},
"vendor_name" : "redhat"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
],
[
{
"vectorString" : "2.6/AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version" : "2.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-122"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "curl",
"version": {
"version_data": [
{
"version_value": "curl 7.52.0"
}
]
}
}
]
},
"vendor_name": "redhat"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20181106 [SECURITY] [DLA 1568-1] curl security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586"
},
{
"name" : "https://curl.haxx.se/docs/adv_20161221A.html",
"refsource" : "CONFIRM",
"url" : "https://curl.haxx.se/docs/adv_20161221A.html"
},
{
"name" : "https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16",
"refsource" : "CONFIRM",
"url" : "https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "GLSA-201701-47",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-47"
},
{
"name" : "RHSA-2018:3558",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3558"
},
{
"name" : "95019",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95019"
},
{
"name" : "1037515",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037515"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
[
{
"vectorString": "2.6/AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:3558",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3558"
},
{
"name": "[debian-lts-announce] 20181106 [SECURITY] [DLA 1568-1] curl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html"
},
{
"name": "https://curl.haxx.se/docs/adv_20161221A.html",
"refsource": "CONFIRM",
"url": "https://curl.haxx.se/docs/adv_20161221A.html"
},
{
"name": "https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16",
"refsource": "CONFIRM",
"url": "https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16"
},
{
"name": "1037515",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037515"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "95019",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95019"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586"
},
{
"name": "GLSA-201701-47",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-47"
}
]
}
}

34
2019/2xxx/CVE-2019-2193.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2193",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2193",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2580.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2580",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2580",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2820.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2820",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2820",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2843.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2843",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2843",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/6xxx/CVE-2019-6175.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6175",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6175",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}