admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:55:57 +00:00
parent 3cb49d75f7
commit b45dfea59f
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
57 changed files with 4774 additions and 4774 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

400
2006/0xxx/CVE-2006-0003.json
View File

@ -1,202 +1,202 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0003",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-0003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070729 Exploit In Internet Explorer",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/475104/100/100/threaded"
},
{
"name" : "20070730 RE: Exploit In Internet Explorer",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/475118/100/100/threaded"
},
{
"name" : "20070730 Re: Exploit In Internet Explorer",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/475108/100/100/threaded"
},
{
"name" : "20070731 Re: Exploit In Internet Explorer",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/475490/100/100/threaded"
},
{
"name" : "20080128 Exploit in IE6,7",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/487216/100/200/threaded"
},
{
"name" : "20080128 Re: Exploit in IE6,7",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/487219/100/200/threaded"
},
{
"name" : "2052",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2052"
},
{
"name" : "2164",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2164"
},
{
"name" : "http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdf",
"refsource" : "MISC",
"url" : "http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdf"
},
{
"name" : "http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/01-e.html",
"refsource" : "CONFIRM",
"url" : "http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/01-e.html"
},
{
"name" : "http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/index-e.html",
"refsource" : "CONFIRM",
"url" : "http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/index-e.html"
},
{
"name" : "MS06-014",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-014"
},
{
"name" : "TA06-101A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
},
{
"name" : "VU#234812",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/234812"
},
{
"name" : "17462",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17462"
},
{
"name" : "20797",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20797"
},
{
"name" : "ADV-2006-1319",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1319"
},
{
"name" : "ADV-2006-2452",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2452"
},
{
"name" : "24517",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24517"
},
{
"name" : "oval:org.mitre.oval:def:1204",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1204"
},
{
"name" : "oval:org.mitre.oval:def:1323",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1323"
},
{
"name" : "oval:org.mitre.oval:def:1511",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1511"
},
{
"name" : "oval:org.mitre.oval:def:1742",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1742"
},
{
"name" : "oval:org.mitre.oval:def:1778",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1778"
},
{
"name" : "1015894",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015894"
},
{
"name" : "19583",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19583"
},
{
"name" : "20719",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20719"
},
{
"name" : "mdac-rdsdataspace-execute-code(25006)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25006"
},
{
"name" : "ie-wscriptshell-command-execution(29915)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29915"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2452",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2452"
},
{
"name": "20070730 Re: Exploit In Internet Explorer",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/475108/100/100/threaded"
},
{
"name": "20080128 Exploit in IE6,7",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487216/100/200/threaded"
},
{
"name": "20080128 Re: Exploit in IE6,7",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487219/100/200/threaded"
},
{
"name": "20070729 Exploit In Internet Explorer",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/475104/100/100/threaded"
},
{
"name": "19583",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19583"
},
{
"name": "http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/01-e.html",
"refsource": "CONFIRM",
"url": "http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/01-e.html"
},
{
"name": "oval:org.mitre.oval:def:1323",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1323"
},
{
"name": "20797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20797"
},
{
"name": "1015894",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015894"
},
{
"name": "mdac-rdsdataspace-execute-code(25006)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25006"
},
{
"name": "oval:org.mitre.oval:def:1511",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1511"
},
{
"name": "TA06-101A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
},
{
"name": "http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/index-e.html",
"refsource": "CONFIRM",
"url": "http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/index-e.html"
},
{
"name": "17462",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17462"
},
{
"name": "2164",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2164"
},
{
"name": "oval:org.mitre.oval:def:1778",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1778"
},
{
"name": "2052",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2052"
},
{
"name": "20719",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20719"
},
{
"name": "oval:org.mitre.oval:def:1204",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1204"
},
{
"name": "VU#234812",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/234812"
},
{
"name": "MS06-014",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-014"
},
{
"name": "http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdf",
"refsource": "MISC",
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdf"
},
{
"name": "ADV-2006-1319",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1319"
},
{
"name": "20070731 Re: Exploit In Internet Explorer",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/475490/100/100/threaded"
},
{
"name": "24517",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24517"
},
{
"name": "ie-wscriptshell-command-execution(29915)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29915"
},
{
"name": "20070730 RE: Exploit In Internet Explorer",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/475118/100/100/threaded"
},
{
"name": "oval:org.mitre.oval:def:1742",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1742"
}
]
}
}

190
2006/0xxx/CVE-2006-0400.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0400",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving \"crafted archives.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2006-03-13",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2006/Mar/msg00001.html"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=303453",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=303453"
},
{
"name" : "17082",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17082"
},
{
"name" : "ADV-2006-0949",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0949"
},
{
"name" : "23873",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23873"
},
{
"name" : "1015763",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015763"
},
{
"name" : "19129",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19129"
},
{
"name" : "macosx-sameorigin-policy-bypass(25208)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25208"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving \"crafted archives.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015763",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015763"
},
{
"name": "ADV-2006-0949",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0949"
},
{
"name": "19129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19129"
},
{
"name": "APPLE-SA-2006-03-13",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00001.html"
},
{
"name": "macosx-sameorigin-policy-bypass(25208)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25208"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=303453",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=303453"
},
{
"name": "23873",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23873"
},
{
"name": "17082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17082"
}
]
}
}

170
2006/0xxx/CVE-2006-0421.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0421",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same machine, allows administrators of any created domain to access other created domains, which could allow administrators to gain privileges that were not intended."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "BEA06-108.00",
"refsource" : "BEA",
"url" : "http://dev2dev.bea.com/pub/advisory/165"
},
{
"name" : "16358",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16358"
},
{
"name" : "ADV-2006-0313",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0313"
},
{
"name" : "1015528",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015528"
},
{
"name" : "18581",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18581"
},
{
"name" : "weblogic-cross-domain-management(24286)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24286"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same machine, allows administrators of any created domain to access other created domains, which could allow administrators to gain privileges that were not intended."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0313",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0313"
},
{
"name": "BEA06-108.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/165"
},
{
"name": "weblogic-cross-domain-management(24286)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24286"
},
{
"name": "1015528",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015528"
},
{
"name": "18581",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18581"
},
{
"name": "16358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16358"
}
]
}
}

210
2006/0xxx/CVE-2006-0539.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0539",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The convert-fcrontab program in fcron 3.0.0 might allow local users to gain privileges via a long command-line argument, which causes Linux glibc to report heap memory corruption, possibly because a strcpy in the strdup2 function can \"overwrite some data.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0539",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060201 Fcrontab - memory corruption on heap.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/423697/100/0/threaded"
},
{
"name" : "20060201 Fcrontab - memory corruption on heap.",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0999.html"
},
{
"name" : "https://bugs.trustix.org/show_bug.cgi?id=1754",
"refsource" : "CONFIRM",
"url" : "https://bugs.trustix.org/show_bug.cgi?id=1754"
},
{
"name" : "http://fcron.free.fr/doc/en/changes.html",
"refsource" : "CONFIRM",
"url" : "http://fcron.free.fr/doc/en/changes.html"
},
{
"name" : "http://fcron.free.fr/news.php#a20060206a.xml",
"refsource" : "CONFIRM",
"url" : "http://fcron.free.fr/news.php#a20060206a.xml"
},
{
"name" : "2006-0036",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2006/0036"
},
{
"name" : "16467",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16467"
},
{
"name" : "ADV-2006-0435",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0435"
},
{
"name" : "18719",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18719"
},
{
"name" : "fcron-syslog-bo(24444)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24444"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The convert-fcrontab program in fcron 3.0.0 might allow local users to gain privileges via a long command-line argument, which causes Linux glibc to report heap memory corruption, possibly because a strcpy in the strdup2 function can \"overwrite some data.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060201 Fcrontab - memory corruption on heap.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423697/100/0/threaded"
},
{
"name": "http://fcron.free.fr/news.php#a20060206a.xml",
"refsource": "CONFIRM",
"url": "http://fcron.free.fr/news.php#a20060206a.xml"
},
{
"name": "fcron-syslog-bo(24444)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24444"
},
{
"name": "20060201 Fcrontab - memory corruption on heap.",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0999.html"
},
{
"name": "ADV-2006-0435",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0435"
},
{
"name": "2006-0036",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0036"
},
{
"name": "18719",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18719"
},
{
"name": "16467",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16467"
},
{
"name": "https://bugs.trustix.org/show_bug.cgi?id=1754",
"refsource": "CONFIRM",
"url": "https://bugs.trustix.org/show_bug.cgi?id=1754"
},
{
"name": "http://fcron.free.fr/doc/en/changes.html",
"refsource": "CONFIRM",
"url": "http://fcron.free.fr/doc/en/changes.html"
}
]
}
}

180
2006/1xxx/CVE-2006-1255.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1255",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the IMAP service in Mercur Messaging 5.0 SP3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string to the (1) LOGIN or (2) SELECT command, a different set of attack vectors and possibly a different vulnerability than CVE-2003-1177."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060316 Mercur IMAPD 5.0 SP3 DoS Exploit or more?",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2006/Mar/1111"
},
{
"name" : "20060316 Re: Mercur IMAPD 5.0 SP3 DoS Exploit or more?",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2006/Mar/1167"
},
{
"name" : "17138",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17138"
},
{
"name" : "ADV-2006-0977",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0977"
},
{
"name" : "23950",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23950"
},
{
"name" : "19267",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19267"
},
{
"name" : "mercur-imap-bo(25290)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25290"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the IMAP service in Mercur Messaging 5.0 SP3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string to the (1) LOGIN or (2) SELECT command, a different set of attack vectors and possibly a different vulnerability than CVE-2003-1177."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0977",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0977"
},
{
"name": "23950",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23950"
},
{
"name": "mercur-imap-bo(25290)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25290"
},
{
"name": "20060316 Mercur IMAPD 5.0 SP3 DoS Exploit or more?",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2006/Mar/1111"
},
{
"name": "20060316 Re: Mercur IMAPD 5.0 SP3 DoS Exploit or more?",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2006/Mar/1167"
},
{
"name": "19267",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19267"
},
{
"name": "17138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17138"
}
]
}
}

210
2006/1xxx/CVE-2006-1960.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1960",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the appliance web user interface in Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13 allows remote attackers to inject arbitrary web script or HTML, possibly via the displayMsg parameter to archiveApplyDisplay.jsp, aka bug ID CSCsc01095."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060419 Multiple vulnerabilities in Linux based Cisco products",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/431371/30/5490/threaded"
},
{
"name" : "20060419 Re: Multiple vulnerabilities in Linux based Cisco products",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/431367/30/5490/threaded"
},
{
"name" : "http://www.assurance.com.au/advisories/200604-cisco.txt",
"refsource" : "MISC",
"url" : "http://www.assurance.com.au/advisories/200604-cisco.txt"
},
{
"name" : "20060419 Multiple Vulnerabilities in the WLSE Appliance",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtml"
},
{
"name" : "17604",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17604"
},
{
"name" : "ADV-2006-1434",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1434"
},
{
"name" : "24812",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24812"
},
{
"name" : "1015965",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015965"
},
{
"name" : "19736",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19736"
},
{
"name" : "cisco-wlse-user-xss(25883)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25883"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the appliance web user interface in Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13 allows remote attackers to inject arbitrary web script or HTML, possibly via the displayMsg parameter to archiveApplyDisplay.jsp, aka bug ID CSCsc01095."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.assurance.com.au/advisories/200604-cisco.txt",
"refsource": "MISC",
"url": "http://www.assurance.com.au/advisories/200604-cisco.txt"
},
{
"name": "17604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17604"
},
{
"name": "20060419 Multiple vulnerabilities in Linux based Cisco products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431371/30/5490/threaded"
},
{
"name": "19736",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19736"
},
{
"name": "20060419 Re: Multiple vulnerabilities in Linux based Cisco products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431367/30/5490/threaded"
},
{
"name": "ADV-2006-1434",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1434"
},
{
"name": "20060419 Multiple Vulnerabilities in the WLSE Appliance",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtml"
},
{
"name": "1015965",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015965"
},
{
"name": "24812",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24812"
},
{
"name": "cisco-wlse-user-xss(25883)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25883"
}
]
}
}

170
2006/3xxx/CVE-2006-3221.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3221",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in DataLife Engine 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded values in the user parameter in a userinfo subaction."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "1938",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1938"
},
{
"name" : "1939",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1939"
},
{
"name" : "18592",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18592"
},
{
"name" : "ADV-2006-2486",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2486"
},
{
"name" : "20765",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20765"
},
{
"name" : "datalife-engine-index-sql-injection(27321)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27321"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in DataLife Engine 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded values in the user parameter in a userinfo subaction."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1938",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1938"
},
{
"name": "1939",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1939"
},
{
"name": "ADV-2006-2486",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2486"
},
{
"name": "datalife-engine-index-sql-injection(27321)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27321"
},
{
"name": "18592",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18592"
},
{
"name": "20765",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20765"
}
]
}
}

150
2006/3xxx/CVE-2006-3417.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3417",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Tor client before 0.1.1.20 prefers entry points based on is_fast or is_stable flags, which could allow remote attackers to be preferred over nodes that are identified as more trustworthy \"entry guard\" (is_guard) systems by directory authorities."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tor.eff.org/cvs/tor/ChangeLog",
"refsource" : "CONFIRM",
"url" : "http://tor.eff.org/cvs/tor/ChangeLog"
},
{
"name" : "GLSA-200606-04",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200606-04.xml"
},
{
"name" : "25879",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25879"
},
{
"name" : "20514",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20514"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tor client before 0.1.1.20 prefers entry points based on is_fast or is_stable flags, which could allow remote attackers to be preferred over nodes that are identified as more trustworthy \"entry guard\" (is_guard) systems by directory authorities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25879",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25879"
},
{
"name": "20514",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20514"
},
{
"name": "GLSA-200606-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200606-04.xml"
},
{
"name": "http://tor.eff.org/cvs/tor/ChangeLog",
"refsource": "CONFIRM",
"url": "http://tor.eff.org/cvs/tor/ChangeLog"
}
]
}
}

130
2006/3xxx/CVE-2006-3516.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3516",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in FreeHost allow remote attackers to execute arbitrary SQL commands via (1) readme parameter to FreeHost/misc.php or (2) index parameter to FreeHost/news.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060630 FreeHost \"misc.php & news.php\" SQL Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/438813/100/100/threaded"
},
{
"name" : "1208",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1208"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in FreeHost allow remote attackers to execute arbitrary SQL commands via (1) readme parameter to FreeHost/misc.php or (2) index parameter to FreeHost/news.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060630 FreeHost \"misc.php & news.php\" SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438813/100/100/threaded"
},
{
"name": "1208",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1208"
}
]
}
}

150
2006/3xxx/CVE-2006-3833.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3833",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "index.php in EJ3 TOPo 2.2.178 allows remote attackers to overwrite existing entries and establish new passwords for the overwritten entries via a URL with a modified entry ID."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060712 TOPo v.2.2.178 Account Reset",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/439890/100/100/threaded"
},
{
"name" : "18959",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18959"
},
{
"name" : "1279",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1279"
},
{
"name" : "topo-index-data-manipulation(27711)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27711"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "index.php in EJ3 TOPo 2.2.178 allows remote attackers to overwrite existing entries and establish new passwords for the overwritten entries via a URL with a modified entry ID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "topo-index-data-manipulation(27711)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27711"
},
{
"name": "1279",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1279"
},
{
"name": "20060712 TOPo v.2.2.178 Account Reset",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439890/100/100/threaded"
},
{
"name": "18959",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18959"
}
]
}
}

170
2006/4xxx/CVE-2006-4530.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4530",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Direct static code injection vulnerability in include/change.php in membrepass 1.5 allows remote attackers to execute arbitrary PHP code via the aifon parameter, which is injected into include/variable.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060831 Membrepass v1.5 Php code execution, Xss, Sql Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/444845/100/0/threaded"
},
{
"name" : "19790",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19790"
},
{
"name" : "ADV-2006-3427",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3427"
},
{
"name" : "21715",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21715"
},
{
"name" : "1487",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1487"
},
{
"name" : "membrepass-include-file-include(28692)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28692"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Direct static code injection vulnerability in include/change.php in membrepass 1.5 allows remote attackers to execute arbitrary PHP code via the aifon parameter, which is injected into include/variable.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19790",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19790"
},
{
"name": "20060831 Membrepass v1.5 Php code execution, Xss, Sql Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444845/100/0/threaded"
},
{
"name": "ADV-2006-3427",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3427"
},
{
"name": "membrepass-include-file-include(28692)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28692"
},
{
"name": "21715",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21715"
},
{
"name": "1487",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1487"
}
]
}
}

170
2006/4xxx/CVE-2006-4596.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4596",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion in MyBace Light Skrip, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) hauptverzeichniss parameter in includes/login_check.php and the (2) template_back parameter in admin/login/content/user_daten.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4596",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060901 MyBace Light (hauptverzeichniss) Remote File Inclusion",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445185/100/0/threaded"
},
{
"name" : "http://www.bb-pcsecurity.de/Websecurity/384/org/MyBace_Light_(hauptverzeichniss)_Remote_File_Inclusion.htm",
"refsource" : "MISC",
"url" : "http://www.bb-pcsecurity.de/Websecurity/384/org/MyBace_Light_(hauptverzeichniss)_Remote_File_Inclusion.htm"
},
{
"name" : "19830",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19830"
},
{
"name" : "19811",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19811"
},
{
"name" : "ADV-2006-3447",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3447"
},
{
"name" : "21746",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21746"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion in MyBace Light Skrip, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) hauptverzeichniss parameter in includes/login_check.php and the (2) template_back parameter in admin/login/content/user_daten.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060901 MyBace Light (hauptverzeichniss) Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445185/100/0/threaded"
},
{
"name": "19830",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19830"
},
{
"name": "21746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21746"
},
{
"name": "ADV-2006-3447",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3447"
},
{
"name": "19811",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19811"
},
{
"name": "http://www.bb-pcsecurity.de/Websecurity/384/org/MyBace_Light_(hauptverzeichniss)_Remote_File_Inclusion.htm",
"refsource": "MISC",
"url": "http://www.bb-pcsecurity.de/Websecurity/384/org/MyBace_Light_(hauptverzeichniss)_Remote_File_Inclusion.htm"
}
]
}
}

190
2006/4xxx/CVE-2006-4720.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4720",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in random2.php in mcGalleryPRO 2006 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4720",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060910 SolpotCrew Advisory #8 - Mcgallerypro (path_to_folder) Remote File Inclusion",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445783/100/0/threaded"
},
{
"name" : "2342",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2342"
},
{
"name" : "http://www.nyubicrew.org/adv/solpot-adv-06.txt",
"refsource" : "MISC",
"url" : "http://www.nyubicrew.org/adv/solpot-adv-06.txt"
},
{
"name" : "19936",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19936"
},
{
"name" : "ADV-2006-3543",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3543"
},
{
"name" : "21850",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21850"
},
{
"name" : "1556",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1556"
},
{
"name" : "mcgallerypro-random2-file-include(28848)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28848"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in random2.php in mcGalleryPRO 2006 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19936",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19936"
},
{
"name": "2342",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2342"
},
{
"name": "20060910 SolpotCrew Advisory #8 - Mcgallerypro (path_to_folder) Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445783/100/0/threaded"
},
{
"name": "mcgallerypro-random2-file-include(28848)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28848"
},
{
"name": "http://www.nyubicrew.org/adv/solpot-adv-06.txt",
"refsource": "MISC",
"url": "http://www.nyubicrew.org/adv/solpot-adv-06.txt"
},
{
"name": "21850",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21850"
},
{
"name": "1556",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1556"
},
{
"name": "ADV-2006-3543",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3543"
}
]
}
}

220
2006/4xxx/CVE-2006-4881.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4881",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in David Bennett PHP-Post (PHPp) 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the replyuser parameter in (a) pm.php; (2) the txt_jumpto parameter in (b) dropdown.php; the (3) txt_error and (4) txt_templatenotexist parameters in (c) template.php; the (5) split parameter in certain files, as demonstrated by (d) editprofile.php, (e) search.php, (f) index.php, and (g) pm.php; and the (6) txt_login parameter in (h) loginline.php; and allow remote authenticated users to inject arbitrary web script or HTML via the (7) txt_logout parameter in (i) loginline.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060916 PHP-Post Multiple Input Validation Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446318/100/0/threaded"
},
{
"name" : "20061",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20061"
},
{
"name" : "ADV-2006-3688",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3688"
},
{
"name" : "28968",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28968"
},
{
"name" : "28969",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28969"
},
{
"name" : "28970",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28970"
},
{
"name" : "28971",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28971"
},
{
"name" : "28972",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28972"
},
{
"name" : "22014",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22014"
},
{
"name" : "1607",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1607"
},
{
"name" : "phppost-multiple-scripts-xss(29017)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29017"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in David Bennett PHP-Post (PHPp) 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the replyuser parameter in (a) pm.php; (2) the txt_jumpto parameter in (b) dropdown.php; the (3) txt_error and (4) txt_templatenotexist parameters in (c) template.php; the (5) split parameter in certain files, as demonstrated by (d) editprofile.php, (e) search.php, (f) index.php, and (g) pm.php; and the (6) txt_login parameter in (h) loginline.php; and allow remote authenticated users to inject arbitrary web script or HTML via the (7) txt_logout parameter in (i) loginline.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28969",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28969"
},
{
"name": "20061",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20061"
},
{
"name": "ADV-2006-3688",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3688"
},
{
"name": "phppost-multiple-scripts-xss(29017)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29017"
},
{
"name": "28972",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28972"
},
{
"name": "28971",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28971"
},
{
"name": "1607",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1607"
},
{
"name": "22014",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22014"
},
{
"name": "20060916 PHP-Post Multiple Input Validation Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446318/100/0/threaded"
},
{
"name": "28968",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28968"
},
{
"name": "28970",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28970"
}
]
}
}

150
2010/2xxx/CVE-2010-2317.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2317",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in WmsCms 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search, (2) sbr, (3) pid, (4) sbl, and (5) FilePath parameters to default.asp; and the (6) sbr, (7) pr, and (8) psPrice parameters to printpage.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ariko-security.com/june2010/audyt_bezpieczenstwa_692.html",
"refsource" : "MISC",
"url" : "http://www.ariko-security.com/june2010/audyt_bezpieczenstwa_692.html"
},
{
"name" : "http://www.exploit-db.com/exploits/13739/",
"refsource" : "MISC",
"url" : "http://www.exploit-db.com/exploits/13739/"
},
{
"name" : "40591",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40591"
},
{
"name" : "ADV-2010-1361",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1361"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in WmsCms 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search, (2) sbr, (3) pid, (4) sbl, and (5) FilePath parameters to default.asp; and the (6) sbr, (7) pr, and (8) psPrice parameters to printpage.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ariko-security.com/june2010/audyt_bezpieczenstwa_692.html",
"refsource": "MISC",
"url": "http://www.ariko-security.com/june2010/audyt_bezpieczenstwa_692.html"
},
{
"name": "http://www.exploit-db.com/exploits/13739/",
"refsource": "MISC",
"url": "http://www.exploit-db.com/exploits/13739/"
},
{
"name": "ADV-2010-1361",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1361"
},
{
"name": "40591",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40591"
}
]
}
}

160
2010/2xxx/CVE-2010-2357.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2357",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Eicra Realestate Script 1.0 and 1.6.0 allows remote attackers to execute arbitrary SQL commands via the p_id parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "13802",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/13802"
},
{
"name" : "40748",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40748"
},
{
"name" : "65412",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/65412"
},
{
"name" : "40171",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40171"
},
{
"name" : "ericaphprealestate-index-sql-injection(59269)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59269"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Eicra Realestate Script 1.0 and 1.6.0 allows remote attackers to execute arbitrary SQL commands via the p_id parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "65412",
"refsource": "OSVDB",
"url": "http://osvdb.org/65412"
},
{
"name": "13802",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/13802"
},
{
"name": "ericaphprealestate-index-sql-injection(59269)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59269"
},
{
"name": "40171",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40171"
},
{
"name": "40748",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40748"
}
]
}
}

150
2010/2xxx/CVE-2010-2437.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2437",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in class/tools.class.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the comment variable to modules/blog/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100611 Stored XSS vulnerability in AneCMS blog module",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/511816/100/0/threaded"
},
{
"name" : "http://www.htbridge.ch/advisory/stored_xss_vulnerability_in_anecms_blog_module.html",
"refsource" : "MISC",
"url" : "http://www.htbridge.ch/advisory/stored_xss_vulnerability_in_anecms_blog_module.html"
},
{
"name" : "40838",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40838"
},
{
"name" : "anecms-index-comment-xss(59438)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59438"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in class/tools.class.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the comment variable to modules/blog/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100611 Stored XSS vulnerability in AneCMS blog module",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511816/100/0/threaded"
},
{
"name": "anecms-index-comment-xss(59438)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59438"
},
{
"name": "40838",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40838"
},
{
"name": "http://www.htbridge.ch/advisory/stored_xss_vulnerability_in_anecms_blog_module.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/stored_xss_vulnerability_in_anecms_blog_module.html"
}
]
}
}

160
2010/2xxx/CVE-2010-2683.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2683",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in result.php in Customer Paradigm PageDirector CMS allows remote attackers to execute arbitrary SQL commands via the sub_catid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14112",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14112"
},
{
"name" : "http://packetstormsecurity.org/1006-exploits/pagedirector-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1006-exploits/pagedirector-sql.txt"
},
{
"name" : "41196",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41196"
},
{
"name" : "65832",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/65832"
},
{
"name" : "40367",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40367"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in result.php in Customer Paradigm PageDirector CMS allows remote attackers to execute arbitrary SQL commands via the sub_catid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "65832",
"refsource": "OSVDB",
"url": "http://osvdb.org/65832"
},
{
"name": "41196",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41196"
},
{
"name": "40367",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40367"
},
{
"name": "14112",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14112"
},
{
"name": "http://packetstormsecurity.org/1006-exploits/pagedirector-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1006-exploits/pagedirector-sql.txt"
}
]
}
}

180
2010/2xxx/CVE-2010-2853.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2853",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in flashPlayer/playVideo.php in iScripts VisualCaster allows remote attackers to execute arbitrary SQL commands via the product_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "12451",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/12451"
},
{
"name" : "http://packetstormsecurity.org/1004-exploits/iscriptsvisualcaster-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1004-exploits/iscriptsvisualcaster-sql.txt"
},
{
"name" : "http://www.iscripts.com/patches.php",
"refsource" : "MISC",
"url" : "http://www.iscripts.com/patches.php"
},
{
"name" : "39795",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39795"
},
{
"name" : "65840",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/65840"
},
{
"name" : "40416",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40416"
},
{
"name" : "visualcaster-playvideo-sql-injection(58242)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58242"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in flashPlayer/playVideo.php in iScripts VisualCaster allows remote attackers to execute arbitrary SQL commands via the product_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "visualcaster-playvideo-sql-injection(58242)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58242"
},
{
"name": "12451",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12451"
},
{
"name": "39795",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39795"
},
{
"name": "http://packetstormsecurity.org/1004-exploits/iscriptsvisualcaster-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1004-exploits/iscriptsvisualcaster-sql.txt"
},
{
"name": "65840",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/65840"
},
{
"name": "40416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40416"
},
{
"name": "http://www.iscripts.com/patches.php",
"refsource": "MISC",
"url": "http://www.iscripts.com/patches.php"
}
]
}
}

280
2010/2xxx/CVE-2010-2954.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2954",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The irda_bind function in net/irda/af_irda.c in the Linux kernel before 2.6.36-rc3-next-20100901 does not properly handle failure of the irda_open_tsap function, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via multiple unsuccessful calls to bind on an AF_IRDA (aka PF_IRDA) socket."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[netdev] 20100830 [PATCH] irda: Correctly clean up self->ias_obj on irda_bind() failure.",
"refsource" : "MLIST",
"url" : "http://www.spinics.net/lists/netdev/msg139404.html"
},
{
"name" : "[oss-security] 20100901 CVE-2010-2954 kernel: irda null ptr deref",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=128331787923285&w=2"
},
{
"name" : "http://twitter.com/taviso/statuses/22635752128",
"refsource" : "MISC",
"url" : "http://twitter.com/taviso/statuses/22635752128"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=628e300cccaa628d8fb92aa28cb7530a3d5f2257",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=628e300cccaa628d8fb92aa28cb7530a3d5f2257"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc3-next-20100901.bz2",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc3-next-20100901.bz2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=628770",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=628770"
},
{
"name" : "SUSE-SA:2010:041",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html"
},
{
"name" : "SUSE-SA:2010:050",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html"
},
{
"name" : "SUSE-SA:2010:054",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html"
},
{
"name" : "SUSE-SA:2011:007",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
},
{
"name" : "USN-1000-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1000-1"
},
{
"name" : "41234",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41234"
},
{
"name" : "41512",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41512"
},
{
"name" : "ADV-2010-2266",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2266"
},
{
"name" : "ADV-2010-2430",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2430"
},
{
"name" : "ADV-2011-0298",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0298"
},
{
"name" : "kernel-irdabind-dos(61522)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61522"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The irda_bind function in net/irda/af_irda.c in the Linux kernel before 2.6.36-rc3-next-20100901 does not properly handle failure of the irda_open_tsap function, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via multiple unsuccessful calls to bind on an AF_IRDA (aka PF_IRDA) socket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1000-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1000-1"
},
{
"name": "SUSE-SA:2010:041",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html"
},
{
"name": "41234",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41234"
},
{
"name": "http://twitter.com/taviso/statuses/22635752128",
"refsource": "MISC",
"url": "http://twitter.com/taviso/statuses/22635752128"
},
{
"name": "kernel-irdabind-dos(61522)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61522"
},
{
"name": "ADV-2010-2430",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2430"
},
{
"name": "[oss-security] 20100901 CVE-2010-2954 kernel: irda null ptr deref",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=128331787923285&w=2"
},
{
"name": "SUSE-SA:2011:007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
},
{
"name": "[netdev] 20100830 [PATCH] irda: Correctly clean up self->ias_obj on irda_bind() failure.",
"refsource": "MLIST",
"url": "http://www.spinics.net/lists/netdev/msg139404.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=628770",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=628770"
},
{
"name": "ADV-2011-0298",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0298"
},
{
"name": "SUSE-SA:2010:050",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html"
},
{
"name": "ADV-2010-2266",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2266"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc3-next-20100901.bz2",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc3-next-20100901.bz2"
},
{
"name": "SUSE-SA:2010:054",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html"
},
{
"name": "41512",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41512"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=628e300cccaa628d8fb92aa28cb7530a3d5f2257",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=628e300cccaa628d8fb92aa28cb7530a3d5f2257"
}
]
}
}

200
2010/3xxx/CVE-2010-3000.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3000",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3000",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100826 ZDI-10-167: RealNetworks RealPlayer FLV Parsing Multiple Integer Overflow Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/513383/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-167",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-167"
},
{
"name" : "http://service.real.com/realplayer/security/08262010_player/en/",
"refsource" : "CONFIRM",
"url" : "http://service.real.com/realplayer/security/08262010_player/en/"
},
{
"name" : "oval:org.mitre.oval:def:6651",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6651"
},
{
"name" : "1024370",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024370"
},
{
"name" : "41096",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41096"
},
{
"name" : "41154",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41154"
},
{
"name" : "ADV-2010-2216",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2216"
},
{
"name" : "realplayer-parseknowntype-code-exec(61423)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61423"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-2216",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2216"
},
{
"name": "41096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41096"
},
{
"name": "realplayer-parseknowntype-code-exec(61423)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61423"
},
{
"name": "oval:org.mitre.oval:def:6651",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6651"
},
{
"name": "20100826 ZDI-10-167: RealNetworks RealPlayer FLV Parsing Multiple Integer Overflow Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513383/100/0/threaded"
},
{
"name": "http://service.real.com/realplayer/security/08262010_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/08262010_player/en/"
},
{
"name": "1024370",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024370"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-167",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-167"
},
{
"name": "41154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41154"
}
]
}
}

150
2010/3xxx/CVE-2010-3163.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3163",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Fenrir Sleipnir before 2.9.5 and Grani before 4.4 allows local users to gain privileges via a Trojan horse DLL in the current working directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2010-3163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.fenrir.co.jp/blog/2010/10/sleipnirsleipnir_295.html",
"refsource" : "CONFIRM",
"url" : "http://www.fenrir.co.jp/blog/2010/10/sleipnirsleipnir_295.html"
},
{
"name" : "http://www.fenrir.co.jp/grani/note.html",
"refsource" : "CONFIRM",
"url" : "http://www.fenrir.co.jp/grani/note.html"
},
{
"name" : "JVN#50610528",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN50610528/index.html"
},
{
"name" : "JVNDB-2010-000047",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000047.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Fenrir Sleipnir before 2.9.5 and Grani before 4.4 allows local users to gain privileges via a Trojan horse DLL in the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2010-000047",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000047.html"
},
{
"name": "JVN#50610528",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN50610528/index.html"
},
{
"name": "http://www.fenrir.co.jp/grani/note.html",
"refsource": "CONFIRM",
"url": "http://www.fenrir.co.jp/grani/note.html"
},
{
"name": "http://www.fenrir.co.jp/blog/2010/10/sleipnirsleipnir_295.html",
"refsource": "CONFIRM",
"url": "http://www.fenrir.co.jp/blog/2010/10/sleipnirsleipnir_295.html"
}
]
}
}

140
2010/3xxx/CVE-2010-3404.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3404",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in eshtery CMS (aka eshtery.com) allow remote attackers to execute arbitrary SQL commands via the (1) Criteria field in an unspecified form related to catlgsearch.aspx or (2) user name to an unspecified form related to adminlogin.aspx."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14980",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14980"
},
{
"name" : "43168",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43168"
},
{
"name" : "eshtery-multiple-sql-injection(61767)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61767"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in eshtery CMS (aka eshtery.com) allow remote attackers to execute arbitrary SQL commands via the (1) Criteria field in an unspecified form related to catlgsearch.aspx or (2) user name to an unspecified form related to adminlogin.aspx."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43168",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43168"
},
{
"name": "14980",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14980"
},
{
"name": "eshtery-multiple-sql-injection(61767)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61767"
}
]
}
}

130
2010/3xxx/CVE-2010-3975.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3975",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Adobe Flash Player 9 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that is located in the same folder as a file that is processed by Flash."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-3975",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100827 Flash Player 9 DLL Hijacking Exploit (schannel.dll)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/513397"
},
{
"name" : "oval:org.mitre.oval:def:12212",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12212"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Adobe Flash Player 9 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that is located in the same folder as a file that is processed by Flash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100827 Flash Player 9 DLL Hijacking Exploit (schannel.dll)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513397"
},
{
"name": "oval:org.mitre.oval:def:12212",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12212"
}
]
}
}

220
2010/4xxx/CVE-2010-4161.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4161",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The udp_queue_rcv_skb function in net/ipv4/udp.c in a certain Red Hat build of the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (deadlock and system hang) by sending UDP traffic to a socket that has a crafted socket filter, a related issue to CVE-2010-4158."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101118 Re: Kernel 0-day",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/514845"
},
{
"name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name" : "[netdev] 20101110 Re: [PATCH] Prevent reading uninitialized memory with socket filters",
"refsource" : "MLIST",
"url" : "http://www.spinics.net/lists/netdev/msg146404.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=651698",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=651698"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=652534",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=652534"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name" : "RHSA-2011:0004",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0004.html"
},
{
"name" : "42789",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42789"
},
{
"name" : "46397",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46397"
},
{
"name" : "ADV-2011-0024",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0024"
},
{
"name" : "kernel-udpqueuercvskb-dos(64497)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The udp_queue_rcv_skb function in net/ipv4/udp.c in a certain Red Hat build of the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (deadlock and system hang) by sending UDP traffic to a socket that has a crafted socket filter, a related issue to CVE-2010-4158."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[netdev] 20101110 Re: [PATCH] Prevent reading uninitialized memory with socket filters",
"refsource": "MLIST",
"url": "http://www.spinics.net/lists/netdev/msg146404.html"
},
{
"name": "42789",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42789"
},
{
"name": "ADV-2011-0024",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0024"
},
{
"name": "RHSA-2011:0004",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0004.html"
},
{
"name": "kernel-udpqueuercvskb-dos(64497)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64497"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46397"
},
{
"name": "20101118 Re: Kernel 0-day",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514845"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=651698",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=651698"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=652534",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=652534"
}
]
}
}

160
2010/4xxx/CVE-2010-4583.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4583",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera before 11.00, when Opera Turbo is enabled, does not display a page's security indication, which makes it easier for remote attackers to spoof trusted content via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.opera.com/docs/changelogs/mac/1100/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/mac/1100/"
},
{
"name" : "http://www.opera.com/docs/changelogs/unix/1100/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/unix/1100/"
},
{
"name" : "http://www.opera.com/docs/changelogs/windows/1100/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/windows/1100/"
},
{
"name" : "SUSE-SR:2010:024",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name" : "42653",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42653"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera before 11.00, when Opera Turbo is enabled, does not display a page's security indication, which makes it easier for remote attackers to spoof trusted content via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42653",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42653"
},
{
"name": "http://www.opera.com/docs/changelogs/unix/1100/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/unix/1100/"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/1100/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/1100/"
},
{
"name": "http://www.opera.com/docs/changelogs/mac/1100/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/mac/1100/"
},
{
"name": "SUSE-SR:2010:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
}
]
}
}

120
2011/0xxx/CVE-2011-0825.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0825",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote attackers to affect confidentiality, integrity, and availability, related to Enterprise Infrastructure SEC."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2011-0825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote attackers to affect confidentiality, integrity, and availability, related to Enterprise Infrastructure SEC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
}
]
}
}

340
2011/1xxx/CVE-2011-1018.json
View File

@ -1,172 +1,172 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1018",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[Logwatch-devel] 20110216 Remote command execution issue with root privileges",
"refsource" : "MLIST",
"url" : "http://sourceforge.net/mailarchive/forum.php?thread_name=4D604843.7040303%40mblmail.net&forum_name=logwatch-devel"
},
{
"name" : "[oss-security] 20110224 CVE Request -- logwatch: Privilege escalation due improper sanitization of special characters in log file names",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/02/24/13"
},
{
"name" : "[oss-security] 20110224 Re: CVE Request -- logwatch: Privilege escalation due improper sanitization of special characters in log file names",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/02/24/15"
},
{
"name" : "http://logwatch.svn.sourceforge.net/viewvc/logwatch/scripts/logwatch.pl?r1=3&r2=26&pathrev=26",
"refsource" : "CONFIRM",
"url" : "http://logwatch.svn.sourceforge.net/viewvc/logwatch/scripts/logwatch.pl?r1=3&r2=26&pathrev=26"
},
{
"name" : "http://sourceforge.net/tracker/?func=detail&aid=3184223&group_id=312875&atid=1316824",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/tracker/?func=detail&aid=3184223&group_id=312875&atid=1316824"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=680237",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=680237"
},
{
"name" : "DSA-2182",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2182"
},
{
"name" : "FEDORA-2011-2318",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055585.html"
},
{
"name" : "FEDORA-2011-2328",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055579.html"
},
{
"name" : "FEDORA-2011-2396",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055617.html"
},
{
"name" : "RHSA-2011:0324",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0324.html"
},
{
"name" : "SUSE-SR:2011:005",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name" : "USN-1078-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1078-1"
},
{
"name" : "46554",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46554"
},
{
"name" : "1025165",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025165"
},
{
"name" : "43495",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43495"
},
{
"name" : "43356",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43356"
},
{
"name" : "43622",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43622"
},
{
"name" : "43644",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43644"
},
{
"name" : "43734",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43734"
},
{
"name" : "ADV-2011-0533",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0533"
},
{
"name" : "ADV-2011-0581",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0581"
},
{
"name" : "ADV-2011-0596",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0596"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110224 Re: CVE Request -- logwatch: Privilege escalation due improper sanitization of special characters in log file names",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/02/24/15"
},
{
"name": "http://sourceforge.net/tracker/?func=detail&aid=3184223&group_id=312875&atid=1316824",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/?func=detail&aid=3184223&group_id=312875&atid=1316824"
},
{
"name": "ADV-2011-0581",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0581"
},
{
"name": "43495",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43495"
},
{
"name": "FEDORA-2011-2318",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055585.html"
},
{
"name": "DSA-2182",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2182"
},
{
"name": "FEDORA-2011-2396",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055617.html"
},
{
"name": "43356",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43356"
},
{
"name": "ADV-2011-0533",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0533"
},
{
"name": "SUSE-SR:2011:005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name": "[oss-security] 20110224 CVE Request -- logwatch: Privilege escalation due improper sanitization of special characters in log file names",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/02/24/13"
},
{
"name": "43644",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43644"
},
{
"name": "RHSA-2011:0324",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0324.html"
},
{
"name": "43622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43622"
},
{
"name": "46554",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46554"
},
{
"name": "http://logwatch.svn.sourceforge.net/viewvc/logwatch/scripts/logwatch.pl?r1=3&r2=26&pathrev=26",
"refsource": "CONFIRM",
"url": "http://logwatch.svn.sourceforge.net/viewvc/logwatch/scripts/logwatch.pl?r1=3&r2=26&pathrev=26"
},
{
"name": "USN-1078-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1078-1"
},
{
"name": "ADV-2011-0596",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0596"
},
{
"name": "FEDORA-2011-2328",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055579.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=680237",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680237"
},
{
"name": "[Logwatch-devel] 20110216 Remote command execution issue with root privileges",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4D604843.7040303%40mblmail.net&forum_name=logwatch-devel"
},
{
"name": "43734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43734"
},
{
"name": "1025165",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025165"
}
]
}
}

140
2011/1xxx/CVE-2011-1265.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1265",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka \"Bluetooth Stack Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS11-053",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-053"
},
{
"name" : "TA11-193A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-193A.html"
},
{
"name" : "oval:org.mitre.oval:def:12094",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12094"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka \"Bluetooth Stack Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:12094",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12094"
},
{
"name": "MS11-053",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-053"
},
{
"name": "TA11-193A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-193A.html"
}
]
}
}

130
2011/1xxx/CVE-2011-1306.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1306",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Scratchpad application in Google Chrome OS before R10 0.10.156.46 Beta has unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2011/03/chrome-os-beta-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/03/chrome-os-beta-channel-update.html"
},
{
"name" : "google-chrome-scratchpad-unspecified(65991)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65991"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Scratchpad application in Google Chrome OS before R10 0.10.156.46 Beta has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://googlechromereleases.blogspot.com/2011/03/chrome-os-beta-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/03/chrome-os-beta-channel-update.html"
},
{
"name": "google-chrome-scratchpad-unspecified(65991)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65991"
}
]
}
}

170
2011/1xxx/CVE-2011-1913.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1913",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the login form in the web interface in Mercator SENTINEL 2.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-1913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://cert.netpeas.org/2011/06/cert-nps2011005-vulnerabilite-potentielle-dans-la-solution-de-gestion-de-la-securite-operationnelle-des-compagnies-aeriennes-%C2%AB-sentinel-safety-information-management-system-%C2%BB/",
"refsource" : "MISC",
"url" : "http://cert.netpeas.org/2011/06/cert-nps2011005-vulnerabilite-potentielle-dans-la-solution-de-gestion-de-la-securite-operationnelle-des-compagnies-aeriennes-%C2%AB-sentinel-safety-information-management-system-%C2%BB/"
},
{
"name" : "http://cert.netpeas.org/2011/06/cert-nps2011005-vulnerabilite-potentielle-dans-la-solution-de-gestion-de-la-securite-operationnelle-des-compagnies-aeriennes-suite/",
"refsource" : "MISC",
"url" : "http://cert.netpeas.org/2011/06/cert-nps2011005-vulnerabilite-potentielle-dans-la-solution-de-gestion-de-la-securite-operationnelle-des-compagnies-aeriennes-suite/"
},
{
"name" : "VU#122142",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/122142"
},
{
"name" : "49638",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/49638"
},
{
"name" : "46014",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46014"
},
{
"name" : "mercator-unspecified-sql-injection(69847)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69847"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the login form in the web interface in Mercator SENTINEL 2.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mercator-unspecified-sql-injection(69847)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69847"
},
{
"name": "VU#122142",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/122142"
},
{
"name": "http://cert.netpeas.org/2011/06/cert-nps2011005-vulnerabilite-potentielle-dans-la-solution-de-gestion-de-la-securite-operationnelle-des-compagnies-aeriennes-%C2%AB-sentinel-safety-information-management-system-%C2%BB/",
"refsource": "MISC",
"url": "http://cert.netpeas.org/2011/06/cert-nps2011005-vulnerabilite-potentielle-dans-la-solution-de-gestion-de-la-securite-operationnelle-des-compagnies-aeriennes-%C2%AB-sentinel-safety-information-management-system-%C2%BB/"
},
{
"name": "49638",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49638"
},
{
"name": "46014",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46014"
},
{
"name": "http://cert.netpeas.org/2011/06/cert-nps2011005-vulnerabilite-potentielle-dans-la-solution-de-gestion-de-la-securite-operationnelle-des-compagnies-aeriennes-suite/",
"refsource": "MISC",
"url": "http://cert.netpeas.org/2011/06/cert-nps2011005-vulnerabilite-potentielle-dans-la-solution-de-gestion-de-la-securite-operationnelle-des-compagnies-aeriennes-suite/"
}
]
}
}

150
2011/5xxx/CVE-2011-5055.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5055",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without properly restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set. NOTE: this issue exists because of an incomplete fix for CVE-2012-0024."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120103 CVE request: maradns hash table collision cpu dos",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2012/01/03/6"
},
{
"name" : "[oss-security] 20120103 Re: CVE request: maradns hash table collision cpu dos",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2012/01/03/13"
},
{
"name" : "http://samiam.org/blog/20111230.html",
"refsource" : "CONFIRM",
"url" : "http://samiam.org/blog/20111230.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=771428",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=771428"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without properly restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set. NOTE: this issue exists because of an incomplete fix for CVE-2012-0024."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://samiam.org/blog/20111230.html",
"refsource": "CONFIRM",
"url": "http://samiam.org/blog/20111230.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=771428",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=771428"
},
{
"name": "[oss-security] 20120103 CVE request: maradns hash table collision cpu dos",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/01/03/6"
},
{
"name": "[oss-security] 20120103 Re: CVE request: maradns hash table collision cpu dos",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/01/03/13"
}
]
}
}

170
2011/5xxx/CVE-2011-5145.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5145",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Open Business Management (OBM) 2.4.0-rc13 and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sel_domain_id or (2) action parameter to obm.php; (3) tf_user parameter in a search action to group/group_index.php; (4) tf_delegation, (5) tf_ip, (6) tf_name to host/host_index.php; or (7) lang, (8) theme, (9) cal_alert, (10) cal_first_hour, (11) cal_interval, (12) cal_last_hour, (13) commentorder, (14) csv_sep, (15) date, (16) date_upd, (17) debug_exe, (18) debug_id, (19) debug_param, (20) debug_sess, (21) debug_solr, (22) debug_sql, (23) dsrc, (24) menu, (25) rows, (26) sel_display_days, (27) timeformat, (28) timezone, or (29) todo parameter to settings/settings_index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_obm.html",
"refsource" : "MISC",
"url" : "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_obm.html"
},
{
"name" : "78004",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/78004"
},
{
"name" : "78005",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/78005"
},
{
"name" : "78006",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/78006"
},
{
"name" : "47139",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47139"
},
{
"name" : "obm-multiple-sql-injection(71922)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71922"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Open Business Management (OBM) 2.4.0-rc13 and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sel_domain_id or (2) action parameter to obm.php; (3) tf_user parameter in a search action to group/group_index.php; (4) tf_delegation, (5) tf_ip, (6) tf_name to host/host_index.php; or (7) lang, (8) theme, (9) cal_alert, (10) cal_first_hour, (11) cal_interval, (12) cal_last_hour, (13) commentorder, (14) csv_sep, (15) date, (16) date_upd, (17) debug_exe, (18) debug_id, (19) debug_param, (20) debug_sess, (21) debug_solr, (22) debug_sql, (23) dsrc, (24) menu, (25) rows, (26) sel_display_days, (27) timeformat, (28) timezone, or (29) todo parameter to settings/settings_index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_obm.html",
"refsource": "MISC",
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_obm.html"
},
{
"name": "78006",
"refsource": "OSVDB",
"url": "http://osvdb.org/78006"
},
{
"name": "78005",
"refsource": "OSVDB",
"url": "http://osvdb.org/78005"
},
{
"name": "78004",
"refsource": "OSVDB",
"url": "http://osvdb.org/78004"
},
{
"name": "obm-multiple-sql-injection(71922)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71922"
},
{
"name": "47139",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47139"
}
]
}
}

150
2011/5xxx/CVE-2011-5154.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5154",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and (2) BExAnalyzer.exe in SAP GUI 6.4 through 7.2 allow local users to gain privileges via a Trojan horse MFC80LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .sap file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://dsecrg.com/pages/vul/show.php?id=314",
"refsource" : "MISC",
"url" : "http://dsecrg.com/pages/vul/show.php?id=314"
},
{
"name" : "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a",
"refsource" : "MISC",
"url" : "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a"
},
{
"name" : "https://service.sap.com/sap/support/notes/1511179",
"refsource" : "MISC",
"url" : "https://service.sap.com/sap/support/notes/1511179"
},
{
"name" : "43707",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43707"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and (2) BExAnalyzer.exe in SAP GUI 6.4 through 7.2 allow local users to gain privileges via a Trojan horse MFC80LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .sap file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43707",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43707"
},
{
"name": "https://service.sap.com/sap/support/notes/1511179",
"refsource": "MISC",
"url": "https://service.sap.com/sap/support/notes/1511179"
},
{
"name": "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a",
"refsource": "MISC",
"url": "http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a"
},
{
"name": "http://dsecrg.com/pages/vul/show.php?id=314",
"refsource": "MISC",
"url": "http://dsecrg.com/pages/vul/show.php?id=314"
}
]
}
}

280
2014/3xxx/CVE-2014-3144.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3144",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140509 Re: CVE request Linux kernel: filter: prevent nla extensions to peek beyond the end of the message",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/05/09/6"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=05ab8f2647e4221cbdb3856dd7d32bd5407316b3",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=05ab8f2647e4221cbdb3856dd7d32bd5407316b3"
},
{
"name" : "https://github.com/torvalds/linux/commit/05ab8f2647e4221cbdb3856dd7d32bd5407316b3",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/05ab8f2647e4221cbdb3856dd7d32bd5407316b3"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2014-3052.html",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2014-3052.html"
},
{
"name" : "DSA-2949",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2949"
},
{
"name" : "USN-2259-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2259-1"
},
{
"name" : "USN-2261-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2261-1"
},
{
"name" : "USN-2262-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2262-1"
},
{
"name" : "USN-2263-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2263-1"
},
{
"name" : "USN-2264-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2264-1"
},
{
"name" : "USN-2251-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2251-1"
},
{
"name" : "USN-2252-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2252-1"
},
{
"name" : "67309",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67309"
},
{
"name" : "58990",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58990"
},
{
"name" : "59597",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59597"
},
{
"name" : "60613",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60613"
},
{
"name" : "59311",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59311"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140509 Re: CVE request Linux kernel: filter: prevent nla extensions to peek beyond the end of the message",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/09/6"
},
{
"name": "USN-2263-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2263-1"
},
{
"name": "DSA-2949",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2949"
},
{
"name": "USN-2261-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2261-1"
},
{
"name": "USN-2252-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2252-1"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-3052.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-3052.html"
},
{
"name": "58990",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58990"
},
{
"name": "60613",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60613"
},
{
"name": "USN-2264-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2264-1"
},
{
"name": "https://github.com/torvalds/linux/commit/05ab8f2647e4221cbdb3856dd7d32bd5407316b3",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/05ab8f2647e4221cbdb3856dd7d32bd5407316b3"
},
{
"name": "67309",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67309"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=05ab8f2647e4221cbdb3856dd7d32bd5407316b3",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=05ab8f2647e4221cbdb3856dd7d32bd5407316b3"
},
{
"name": "USN-2262-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2262-1"
},
{
"name": "USN-2259-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2259-1"
},
{
"name": "USN-2251-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2251-1"
},
{
"name": "59311",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59311"
},
{
"name": "59597",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59597"
}
]
}
}

120
2014/3xxx/CVE-2014-3150.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3150",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://archive.fo/TZQpD",
"refsource" : "MISC",
"url" : "https://archive.fo/TZQpD"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://archive.fo/TZQpD",
"refsource": "MISC",
"url": "https://archive.fo/TZQpD"
}
]
}
}

170
2014/3xxx/CVE-2014-3195.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3195",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of double-precision floating-point numbers, which allows remote attackers to obtain sensitive information via crafted JavaScript code, related to the PagedSpace::AllocateRaw and NewSpace::AllocateRaw functions in heap/spaces-inl.h, the LargeObjectSpace::AllocateRaw function in heap/spaces.cc, and the Runtime_ArrayConcat function in runtime.cc."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-3195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html"
},
{
"name" : "https://code.google.com/p/v8/source/detail?r=23144",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/v8/source/detail?r=23144"
},
{
"name" : "https://code.google.com/p/v8/source/detail?r=23268",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/v8/source/detail?r=23268"
},
{
"name" : "https://crbug.com/403409",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/403409"
},
{
"name" : "RHSA-2014:1626",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1626.html"
},
{
"name" : "70273",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70273"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of double-precision floating-point numbers, which allows remote attackers to obtain sensitive information via crafted JavaScript code, related to the PagedSpace::AllocateRaw and NewSpace::AllocateRaw functions in heap/spaces-inl.h, the LargeObjectSpace::AllocateRaw function in heap/spaces.cc, and the Runtime_ArrayConcat function in runtime.cc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:1626",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1626.html"
},
{
"name": "https://crbug.com/403409",
"refsource": "CONFIRM",
"url": "https://crbug.com/403409"
},
{
"name": "https://code.google.com/p/v8/source/detail?r=23144",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/v8/source/detail?r=23144"
},
{
"name": "https://code.google.com/p/v8/source/detail?r=23268",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/v8/source/detail?r=23268"
},
{
"name": "70273",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70273"
},
{
"name": "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html"
}
]
}
}

150
2014/3xxx/CVE-2014-3370.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3370",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.1.1 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug IDs CSCum60442 and CSCum60447."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35829",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35829"
},
{
"name" : "20141015 Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs"
},
{
"name" : "1031055",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031055"
},
{
"name" : "60850",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60850"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco TelePresence Video Communication Server (VCS) and Expressway Software before X8.1.1 allow remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug IDs CSCum60442 and CSCum60447."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60850",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60850"
},
{
"name": "1031055",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031055"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35829",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35829"
},
{
"name": "20141015 Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs"
}
]
}
}

150
2014/3xxx/CVE-2014-3548.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3548",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger an AJAX exception dialog."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140721 Moodle security notifications public",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/07/21/1"
},
{
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45471",
"refsource" : "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45471"
},
{
"name" : "https://moodle.org/mod/forum/discuss.php?d=264270",
"refsource" : "CONFIRM",
"url" : "https://moodle.org/mod/forum/discuss.php?d=264270"
},
{
"name" : "68766",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68766"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger an AJAX exception dialog."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140721 Moodle security notifications public",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/07/21/1"
},
{
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45471",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45471"
},
{
"name": "68766",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68766"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=264270",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=264270"
}
]
}
}

170
2014/3xxx/CVE-2014-3990.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3990",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted serialized PHP object, related to the quantity parameter in an update request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140714 [KIS-2014-08] OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/532763/100/0/threaded"
},
{
"name" : "20140714 [KIS-2014-08] OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Jul/67"
},
{
"name" : "http://karmainsecurity.com/KIS-2014-08",
"refsource" : "MISC",
"url" : "http://karmainsecurity.com/KIS-2014-08"
},
{
"name" : "http://packetstormsecurity.com/files/127460/OpenCart-1.5.6.4-PHP-Object-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127460/OpenCart-1.5.6.4-PHP-Object-Injection.html"
},
{
"name" : "https://github.com/opencart-ce/opencart-ce/commit/c2aafc823bd85876f5e888f8ebc421069a5e076f",
"refsource" : "CONFIRM",
"url" : "https://github.com/opencart-ce/opencart-ce/commit/c2aafc823bd85876f5e888f8ebc421069a5e076f"
},
{
"name" : "68529",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68529"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted serialized PHP object, related to the quantity parameter in an update request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140714 [KIS-2014-08] OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532763/100/0/threaded"
},
{
"name": "https://github.com/opencart-ce/opencart-ce/commit/c2aafc823bd85876f5e888f8ebc421069a5e076f",
"refsource": "CONFIRM",
"url": "https://github.com/opencart-ce/opencart-ce/commit/c2aafc823bd85876f5e888f8ebc421069a5e076f"
},
{
"name": "20140714 [KIS-2014-08] OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jul/67"
},
{
"name": "http://karmainsecurity.com/KIS-2014-08",
"refsource": "MISC",
"url": "http://karmainsecurity.com/KIS-2014-08"
},
{
"name": "http://packetstormsecurity.com/files/127460/OpenCart-1.5.6.4-PHP-Object-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127460/OpenCart-1.5.6.4-PHP-Object-Injection.html"
},
{
"name": "68529",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68529"
}
]
}
}

140
2014/7xxx/CVE-2014-7443.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7443",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Face Fun Photo Collage Maker 2 (aka com.kauf.facefunphotocollagemaker2) application 1.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7443",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#893753",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/893753"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Face Fun Photo Collage Maker 2 (aka com.kauf.facefunphotocollagemaker2) application 1.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "VU#893753",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/893753"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7691.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7691",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Life Story of Sheikh Mujib (aka com.wbongobondho) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#318497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/318497"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Life Story of Sheikh Mujib (aka com.wbongobondho) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#318497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/318497"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

160
2014/7xxx/CVE-2014-7874.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7874",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2014-7874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBUX03139",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04476799"
},
{
"name" : "SSRT101608",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04476799"
},
{
"name" : "1031050",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031050"
},
{
"name" : "60945",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60945"
},
{
"name" : "hp-smh-cve20147874-csrf(97024)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97024"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60945",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60945"
},
{
"name": "hp-smh-cve20147874-csrf(97024)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97024"
},
{
"name": "1031050",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031050"
},
{
"name": "HPSBUX03139",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04476799"
},
{
"name": "SSRT101608",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04476799"
}
]
}
}

180
2014/8xxx/CVE-2014-8764.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8764",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\\0) character, which triggers an anonymous bind."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8764",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[dokuwiki] 20140918 Fwd: Dokuwiki (maybe) security issue: Null byte poisoning in LDAP authentication",
"refsource" : "MLIST",
"url" : "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication"
},
{
"name" : "[oss-security] 20141013 CVE request: various security flaws in dokuwiki",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/10/13/3"
},
{
"name" : "[oss-security] 20141016 Re: CVE request: various security flaws in dokuwiki",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/10/16/9"
},
{
"name" : "https://github.com/splitbrain/dokuwiki/pull/868",
"refsource" : "CONFIRM",
"url" : "https://github.com/splitbrain/dokuwiki/pull/868"
},
{
"name" : "http://advisories.mageia.org/MGASA-2014-0438.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2014-0438.html"
},
{
"name" : "DSA-3059",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3059"
},
{
"name" : "61983",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61983"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\\0) character, which triggers an anonymous bind."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[dokuwiki] 20140918 Fwd: Dokuwiki (maybe) security issue: Null byte poisoning in LDAP authentication",
"refsource": "MLIST",
"url": "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication"
},
{
"name": "61983",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61983"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0438.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0438.html"
},
{
"name": "[oss-security] 20141013 CVE request: various security flaws in dokuwiki",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"
},
{
"name": "[oss-security] 20141016 Re: CVE request: various security flaws in dokuwiki",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"
},
{
"name": "DSA-3059",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3059"
},
{
"name": "https://github.com/splitbrain/dokuwiki/pull/868",
"refsource": "CONFIRM",
"url": "https://github.com/splitbrain/dokuwiki/pull/868"
}
]
}
}

120
2014/9xxx/CVE-2014-9455.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9455",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in showads.php in CTS Projects & Software ClassAd 3.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/129451/ClassAd-3.0-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129451/ClassAd-3.0-SQL-Injection.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in showads.php in CTS Projects & Software ClassAd 3.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/129451/ClassAd-3.0-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129451/ClassAd-3.0-SQL-Injection.html"
}
]
}
}

140
2016/2xxx/CVE-2016-2244.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2244",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HP LaserJet printers and MFPs and OfficeJet Enterprise printers with firmware before 3.7.01 allow remote attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2016-2244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBPI03546",
"refsource" : "HP",
"url" : "https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05030353"
},
{
"name" : "PSR-2016-0021",
"refsource" : "HP",
"url" : "https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05030353"
},
{
"name" : "1035191",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035191"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HP LaserJet printers and MFPs and OfficeJet Enterprise printers with firmware before 3.7.01 allow remote attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035191",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035191"
},
{
"name": "HPSBPI03546",
"refsource": "HP",
"url": "https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05030353"
},
{
"name": "PSR-2016-0021",
"refsource": "HP",
"url": "https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05030353"
}
]
}
}

170
2016/2xxx/CVE-2016-2371.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-2371",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Pidgin",
"version" : {
"version_data" : [
{
"version_value" : "2.10.11"
}
]
}
}
]
},
"vendor_name" : "Pidgin"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "out-of-bounds write"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pidgin",
"version": {
"version_data": [
{
"version_value": "2.10.11"
}
]
}
}
]
},
"vendor_name": "Pidgin"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.talosintelligence.com/reports/TALOS-2016-0139/",
"refsource" : "MISC",
"url" : "http://www.talosintelligence.com/reports/TALOS-2016-0139/"
},
{
"name" : "http://www.pidgin.im/news/security/?id=104",
"refsource" : "CONFIRM",
"url" : "http://www.pidgin.im/news/security/?id=104"
},
{
"name" : "DSA-3620",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3620"
},
{
"name" : "GLSA-201701-38",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-38"
},
{
"name" : "USN-3031-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3031-1"
},
{
"name" : "91335",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91335"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out-of-bounds write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91335"
},
{
"name": "http://www.pidgin.im/news/security/?id=104",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=104"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0139/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0139/"
},
{
"name": "DSA-3620",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3620"
},
{
"name": "GLSA-201701-38",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"name": "USN-3031-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3031-1"
}
]
}
}

34
2016/2xxx/CVE-2016-2587.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2587",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2587",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

160
2016/6xxx/CVE-2016-6043.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-6043",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Tivoli Storage Manager Extended Edition",
"version" : {
"version_data" : [
{
"version_value" : "6.4"
},
{
"version_value" : "7.1"
},
{
"version_value" : "7.1.1"
},
{
"version_value" : "6.1"
},
{
"version_value" : "6.2"
},
{
"version_value" : "6.3"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Bypass Security"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Storage Manager Extended Edition",
"version": {
"version_data": [
{
"version_value": "6.4"
},
{
"version_value": "7.1"
},
{
"version_value": "7.1.1"
},
{
"version_value": "6.1"
},
{
"version_value": "6.2"
},
{
"version_value": "6.3"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21995754",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21995754"
},
{
"name" : "95090",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95090"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass Security"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21995754",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995754"
},
{
"name": "95090",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95090"
}
]
}
}

140
2016/6xxx/CVE-2016-6373.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6373",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web-based GUI in Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote authenticated administrators to execute arbitrary OS commands as root via crafted platform commands, aka Bug ID CSCva00541."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160921 Cisco Cloud Services Platform 2100 Command Injection Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-csp2100-1"
},
{
"name" : "93093",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93093"
},
{
"name" : "1036865",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036865"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web-based GUI in Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote authenticated administrators to execute arbitrary OS commands as root via crafted platform commands, aka Bug ID CSCva00541."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160921 Cisco Cloud Services Platform 2100 Command Injection Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-csp2100-1"
},
{
"name": "93093",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93093"
},
{
"name": "1036865",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036865"
}
]
}
}

34
2016/6xxx/CVE-2016-6571.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6571",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6571",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2016/6xxx/CVE-2016-6680.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6680",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to obtain sensitive information via a crafted application that makes an iw_set_priv ioctl call, aka Android internal bug 29982678 and Qualcomm internal bug CR 1048052."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-6680",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-10-01.html"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=2f2fa073b95d4700de88c0f7558b4a18c13ac552",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=2f2fa073b95d4700de88c0f7558b4a18c13ac552"
},
{
"name" : "93309",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93309"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to obtain sensitive information via a crafted application that makes an iw_set_priv ioctl call, aka Android internal bug 29982678 and Qualcomm internal bug CR 1048052."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-10-01.html"
},
{
"name": "93309",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93309"
},
{
"name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=2f2fa073b95d4700de88c0f7558b4a18c13ac552",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=2f2fa073b95d4700de88c0f7558b4a18c13ac552"
}
]
}
}

130
2016/6xxx/CVE-2016-6687.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6687",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30162222."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-6687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-10-01.html"
},
{
"name" : "93324",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93324"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30162222."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-10-01.html"
},
{
"name": "93324",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93324"
}
]
}
}

170
2017/5xxx/CVE-2017-5083.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-5083",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Google Chrome prior to 59.0.3071.86 for Mac, Windows and Linux, and 59.0.3071.92 for Android",
"version" : {
"version_data" : [
{
"version_value" : "Google Chrome prior to 59.0.3071.86 for Mac, Windows and Linux, and 59.0.3071.92 for Android"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Inappropriate implementation"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 59.0.3071.86 for Mac, Windows and Linux, and 59.0.3071.92 for Android",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 59.0.3071.86 for Mac, Windows and Linux, and 59.0.3071.92 for Android"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html",
"refsource" : "MISC",
"url" : "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html"
},
{
"name" : "https://crbug.com/714849",
"refsource" : "MISC",
"url" : "https://crbug.com/714849"
},
{
"name" : "GLSA-201706-20",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201706-20"
},
{
"name" : "RHSA-2017:1399",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1399"
},
{
"name" : "98861",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98861"
},
{
"name" : "1038622",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038622"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98861",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98861"
},
{
"name": "RHSA-2017:1399",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1399"
},
{
"name": "1038622",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038622"
},
{
"name": "GLSA-201706-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-20"
},
{
"name": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/714849",
"refsource": "MISC",
"url": "https://crbug.com/714849"
}
]
}
}

286
2017/5xxx/CVE-2017-5383.json
View File

@ -1,145 +1,145 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2017-5383",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Thunderbird",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "45.7"
}
]
}
},
{
"product_name" : "Firefox ESR",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "45.7"
}
]
}
},
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "51"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Location bar spoofing with unicode characters"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-5383",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "45.7"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "45.7"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "51"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1323338",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1323338"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1324716",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1324716"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-01/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-01/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-02/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-02/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-03/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-03/"
},
{
"name" : "DSA-3771",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3771"
},
{
"name" : "DSA-3832",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3832"
},
{
"name" : "GLSA-201702-13",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-13"
},
{
"name" : "GLSA-201702-22",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-22"
},
{
"name" : "RHSA-2017:0190",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
},
{
"name" : "RHSA-2017:0238",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
},
{
"name" : "95769",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95769"
},
{
"name" : "1037693",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037693"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Location bar spoofing with unicode characters"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-03/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-03/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-02/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-02/"
},
{
"name": "GLSA-201702-22",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-22"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1323338",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1323338"
},
{
"name": "DSA-3832",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3832"
},
{
"name": "GLSA-201702-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-13"
},
{
"name": "DSA-3771",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3771"
},
{
"name": "1037693",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037693"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-01/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-01/"
},
{
"name": "RHSA-2017:0190",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0190.html"
},
{
"name": "RHSA-2017:0238",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0238.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1324716",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1324716"
},
{
"name": "95769",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95769"
}
]
}
}

34
2017/5xxx/CVE-2017-5773.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5773",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5773",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2017/5xxx/CVE-2017-5994.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5994",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and crash) via the num_elements parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170215 CVE-2017-5994 Virglrenderer: out-of-bounds access in vrend_create_vertex_elements_state",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/02/15/8"
},
{
"name" : "[virglrenderer-devel] 20170210 [ANNOUNCE] virglrenderer 0.6.0",
"refsource" : "MLIST",
"url" : "https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1422452",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1422452"
},
{
"name" : "https://cgit.freedesktop.org/virglrenderer/commit/?id=114688c526fe45f341d75ccd1d85473c3b08f7a7",
"refsource" : "CONFIRM",
"url" : "https://cgit.freedesktop.org/virglrenderer/commit/?id=114688c526fe45f341d75ccd1d85473c3b08f7a7"
},
{
"name" : "GLSA-201707-06",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201707-06"
},
{
"name" : "96276",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96276"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and crash) via the num_elements parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201707-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-06"
},
{
"name": "[virglrenderer-devel] 20170210 [ANNOUNCE] virglrenderer 0.6.0",
"refsource": "MLIST",
"url": "https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1422452",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422452"
},
{
"name": "https://cgit.freedesktop.org/virglrenderer/commit/?id=114688c526fe45f341d75ccd1d85473c3b08f7a7",
"refsource": "CONFIRM",
"url": "https://cgit.freedesktop.org/virglrenderer/commit/?id=114688c526fe45f341d75ccd1d85473c3b08f7a7"
},
{
"name": "96276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96276"
},
{
"name": "[oss-security] 20170215 CVE-2017-5994 Virglrenderer: out-of-bounds access in vrend_create_vertex_elements_state",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/15/8"
}
]
}
}