admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:43:16 +00:00
parent 6d9f823c18
commit b8d786b0a6
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 3766 additions and 3766 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2006/5xxx/CVE-2006-5389.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5389",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "tools/tellhim.php in PHP-Wyana allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061014 Full Path Disclosure in PHP-Wyana",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/448789/100/0/threaded"
},
{
"name" : "1743",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1743"
},
{
"name" : "phpwyana-tellhim-path-disclosure(29601)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29601"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "tools/tellhim.php in PHP-Wyana allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1743",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1743"
},
{
"name": "20061014 Full Path Disclosure in PHP-Wyana",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448789/100/0/threaded"
},
{
"name": "phpwyana-tellhim-path-disclosure(29601)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29601"
}
]
}
}

160
2006/5xxx/CVE-2006-5834.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5834",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in general.php in OpenSolution Quick.Cms.Lite 0.3 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the sLanguage Cookie parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2719",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2719"
},
{
"name" : "20923",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20923"
},
{
"name" : "ADV-2006-4402",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4402"
},
{
"name" : "22703",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22703"
},
{
"name" : "quickcmslite-general-file-include(30024)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30024"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in general.php in OpenSolution Quick.Cms.Lite 0.3 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the sLanguage Cookie parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "quickcmslite-general-file-include(30024)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30024"
},
{
"name": "20923",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20923"
},
{
"name": "ADV-2006-4402",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4402"
},
{
"name": "22703",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22703"
},
{
"name": "2719",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2719"
}
]
}
}

240
2007/2xxx/CVE-2007-2165.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2165",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419255",
"refsource" : "MISC",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419255"
},
{
"name" : "http://bugs.proftpd.org/show_bug.cgi?id=2922",
"refsource" : "CONFIRM",
"url" : "http://bugs.proftpd.org/show_bug.cgi?id=2922"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=237533",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=237533"
},
{
"name" : "FEDORA-2007-2613",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00065.html"
},
{
"name" : "MDKSA-2007:130",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:130"
},
{
"name" : "23546",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23546"
},
{
"name" : "ADV-2007-1444",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1444"
},
{
"name" : "34602",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/34602"
},
{
"name" : "1017931",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017931"
},
{
"name" : "24867",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24867"
},
{
"name" : "25724",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25724"
},
{
"name" : "27516",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27516"
},
{
"name" : "proftpd-authapi-security-bypass(33733)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33733"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419255",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419255"
},
{
"name": "http://bugs.proftpd.org/show_bug.cgi?id=2922",
"refsource": "CONFIRM",
"url": "http://bugs.proftpd.org/show_bug.cgi?id=2922"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=237533",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237533"
},
{
"name": "MDKSA-2007:130",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:130"
},
{
"name": "25724",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25724"
},
{
"name": "23546",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23546"
},
{
"name": "24867",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24867"
},
{
"name": "34602",
"refsource": "OSVDB",
"url": "http://osvdb.org/34602"
},
{
"name": "ADV-2007-1444",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1444"
},
{
"name": "1017931",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017931"
},
{
"name": "FEDORA-2007-2613",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00065.html"
},
{
"name": "27516",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27516"
},
{
"name": "proftpd-authapi-security-bypass(33733)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33733"
}
]
}
}

330
2007/2xxx/CVE-2007-2510.json
View File

@ -1,167 +1,167 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2510",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to \"/\" (slash) characters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2510",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://us2.php.net/releases/5_2_2.php",
"refsource" : "CONFIRM",
"url" : "http://us2.php.net/releases/5_2_2.php"
},
{
"name" : "http://viewcvs.php.net/viewvc.cgi/php-src/ext/soap/php_http.c?r1=1.77.2.11.2.5&r2=1.77.2.11.2.6",
"refsource" : "CONFIRM",
"url" : "http://viewcvs.php.net/viewvc.cgi/php-src/ext/soap/php_http.c?r1=1.77.2.11.2.5&r2=1.77.2.11.2.6"
},
{
"name" : "DSA-1295",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2007/dsa-1295"
},
{
"name" : "GLSA-200705-19",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200705-19.xml"
},
{
"name" : "MDKSA-2007:102",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:102"
},
{
"name" : "RHSA-2007:0348",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2007-0348.html"
},
{
"name" : "RHSA-2007:0355",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0355.html"
},
{
"name" : "SUSE-SA:2007:044",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html"
},
{
"name" : "2007-0017",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2007/0017/"
},
{
"name" : "USN-462-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-462-1"
},
{
"name" : "23813",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23813"
},
{
"name" : "24034",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24034"
},
{
"name" : "34675",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/34675"
},
{
"name" : "oval:org.mitre.oval:def:10715",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10715"
},
{
"name" : "1018023",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018023"
},
{
"name" : "25187",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25187"
},
{
"name" : "25191",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25191"
},
{
"name" : "25318",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25318"
},
{
"name" : "25255",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25255"
},
{
"name" : "25372",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25372"
},
{
"name" : "25445",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25445"
},
{
"name" : "26048",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26048"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to \"/\" (slash) characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25187",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25187"
},
{
"name": "25191",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25191"
},
{
"name": "USN-462-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-462-1"
},
{
"name": "MDKSA-2007:102",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:102"
},
{
"name": "26048",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26048"
},
{
"name": "RHSA-2007:0355",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0355.html"
},
{
"name": "GLSA-200705-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200705-19.xml"
},
{
"name": "2007-0017",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0017/"
},
{
"name": "23813",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23813"
},
{
"name": "http://viewcvs.php.net/viewvc.cgi/php-src/ext/soap/php_http.c?r1=1.77.2.11.2.5&r2=1.77.2.11.2.6",
"refsource": "CONFIRM",
"url": "http://viewcvs.php.net/viewvc.cgi/php-src/ext/soap/php_http.c?r1=1.77.2.11.2.5&r2=1.77.2.11.2.6"
},
{
"name": "DSA-1295",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1295"
},
{
"name": "25318",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25318"
},
{
"name": "34675",
"refsource": "OSVDB",
"url": "http://osvdb.org/34675"
},
{
"name": "oval:org.mitre.oval:def:10715",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10715"
},
{
"name": "24034",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24034"
},
{
"name": "http://us2.php.net/releases/5_2_2.php",
"refsource": "CONFIRM",
"url": "http://us2.php.net/releases/5_2_2.php"
},
{
"name": "1018023",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018023"
},
{
"name": "25255",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25255"
},
{
"name": "25445",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25445"
},
{
"name": "25372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25372"
},
{
"name": "RHSA-2007:0348",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2007-0348.html"
},
{
"name": "SUSE-SA:2007:044",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html"
}
]
}
}

200
2007/2xxx/CVE-2007-2529.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2529",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer signedness error in the acl (facl) system call in Solaris 10 before 20070507 allows local users to cause a denial of service (kernel panic) and possibly gain privileges via a certain argument, related to ACE_SETACL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070507 Sun Microsystems Solaris ACE_SETACL Integer Signedness DoS Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=524"
},
{
"name" : "102869",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102869-1"
},
{
"name" : "23863",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23863"
},
{
"name" : "34906",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/34906"
},
{
"name" : "ADV-2007-1683",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1683"
},
{
"name" : "oval:org.mitre.oval:def:1669",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1669"
},
{
"name" : "1018009",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1018009"
},
{
"name" : "25162",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25162"
},
{
"name" : "solaris-acl-system-dos(34147)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34147"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in the acl (facl) system call in Solaris 10 before 20070507 allows local users to cause a denial of service (kernel panic) and possibly gain privileges via a certain argument, related to ACE_SETACL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1683",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1683"
},
{
"name": "34906",
"refsource": "OSVDB",
"url": "http://osvdb.org/34906"
},
{
"name": "1018009",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018009"
},
{
"name": "102869",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102869-1"
},
{
"name": "oval:org.mitre.oval:def:1669",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1669"
},
{
"name": "20070507 Sun Microsystems Solaris ACE_SETACL Integer Signedness DoS Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=524"
},
{
"name": "solaris-acl-system-dos(34147)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34147"
},
{
"name": "25162",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25162"
},
{
"name": "23863",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23863"
}
]
}
}

420
2007/2xxx/CVE-2007-2799.json
View File

@ -1,212 +1,212 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2799",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the \"file\" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2007-2799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070524 FLEA-2007-0022-1: file",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/469520/30/6420/threaded"
},
{
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022"
},
{
"name" : "https://issues.rpath.com/browse/RPL-1311",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-1311"
},
{
"name" : "http://www.amavis.org/security/asa-2007-3.txt",
"refsource" : "CONFIRM",
"url" : "http://www.amavis.org/security/asa-2007-3.txt"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-290.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-290.htm"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=307562",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name" : "APPLE-SA-2008-03-18",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name" : "DSA-1343",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2007/dsa-1343"
},
{
"name" : "GLSA-200705-25",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200705-25.xml"
},
{
"name" : "MDKSA-2007:114",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:114"
},
{
"name" : "NetBSD-SA2008-001",
"refsource" : "NETBSD",
"url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
},
{
"name" : "RHSA-2007:0391",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0391.html"
},
{
"name" : "SUSE-SA:2007:040",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_40_file.html"
},
{
"name" : "2007-0024",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2007/0024/"
},
{
"name" : "USN-439-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-439-2"
},
{
"name" : "24146",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24146"
},
{
"name" : "38498",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38498"
},
{
"name" : "oval:org.mitre.oval:def:11012",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11012"
},
{
"name" : "ADV-2007-2071",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2071"
},
{
"name" : "ADV-2008-0924",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name" : "1018140",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018140"
},
{
"name" : "25394",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25394"
},
{
"name" : "25544",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25544"
},
{
"name" : "25578",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25578"
},
{
"name" : "25931",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25931"
},
{
"name" : "26203",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26203"
},
{
"name" : "26294",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26294"
},
{
"name" : "26415",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26415"
},
{
"name" : "29179",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29179"
},
{
"name" : "29420",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29420"
},
{
"name" : "file-assert-code-execution(34731)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34731"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the \"file\" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1343",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1343"
},
{
"name": "29179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29179"
},
{
"name": "2007-0024",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0024/"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241022"
},
{
"name": "26415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26415"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-290.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-290.htm"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "1018140",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018140"
},
{
"name": "SUSE-SA:2007:040",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_40_file.html"
},
{
"name": "https://issues.rpath.com/browse/RPL-1311",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1311"
},
{
"name": "25931",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25931"
},
{
"name": "http://www.amavis.org/security/asa-2007-3.txt",
"refsource": "CONFIRM",
"url": "http://www.amavis.org/security/asa-2007-3.txt"
},
{
"name": "25544",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25544"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "MDKSA-2007:114",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:114"
},
{
"name": "RHSA-2007:0391",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0391.html"
},
{
"name": "25578",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25578"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "20070524 FLEA-2007-0022-1: file",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/469520/30/6420/threaded"
},
{
"name": "file-assert-code-execution(34731)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34731"
},
{
"name": "ADV-2007-2071",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2071"
},
{
"name": "25394",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25394"
},
{
"name": "NetBSD-SA2008-001",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-001.txt.asc"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "26294",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26294"
},
{
"name": "26203",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26203"
},
{
"name": "GLSA-200705-25",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200705-25.xml"
},
{
"name": "oval:org.mitre.oval:def:11012",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11012"
},
{
"name": "24146",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24146"
},
{
"name": "38498",
"refsource": "OSVDB",
"url": "http://osvdb.org/38498"
},
{
"name": "USN-439-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-439-2"
}
]
}
}

190
2007/2xxx/CVE-2007-2990.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2990",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in inetd in Sun Solaris 10 before 20070529 allows local users to cause a denial of service (daemon termination) via unspecified manipulations of the /var/run/.inetd.uds Unix domain socket file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "102921",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102921-1"
},
{
"name" : "24213",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24213"
},
{
"name" : "ADV-2007-1984",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1984"
},
{
"name" : "36585",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36585"
},
{
"name" : "oval:org.mitre.oval:def:2032",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2032"
},
{
"name" : "1018133",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018133"
},
{
"name" : "25450",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25450"
},
{
"name" : "solaris-inetd-dos(34577)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34577"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in inetd in Sun Solaris 10 before 20070529 allows local users to cause a denial of service (daemon termination) via unspecified manipulations of the /var/run/.inetd.uds Unix domain socket file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "solaris-inetd-dos(34577)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34577"
},
{
"name": "102921",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102921-1"
},
{
"name": "36585",
"refsource": "OSVDB",
"url": "http://osvdb.org/36585"
},
{
"name": "24213",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24213"
},
{
"name": "oval:org.mitre.oval:def:2032",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2032"
},
{
"name": "25450",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25450"
},
{
"name": "ADV-2007-1984",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1984"
},
{
"name": "1018133",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018133"
}
]
}
}

180
2007/3xxx/CVE-2007-3447.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3447",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the \"basic search box.\" NOTE: 4.0.2 and other versions might also be affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3447",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4103",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4103"
},
{
"name" : "http://www.h4cky0u.org/viewtopic.php?t=26834",
"refsource" : "MISC",
"url" : "http://www.h4cky0u.org/viewtopic.php?t=26834"
},
{
"name" : "24629",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24629"
},
{
"name" : "ADV-2007-2322",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2322"
},
{
"name" : "38223",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38223"
},
{
"name" : "25836",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25836"
},
{
"name" : "bugmallshoppingcart-search-sql-injection(35039)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35039"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the \"basic search box.\" NOTE: 4.0.2 and other versions might also be affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4103",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4103"
},
{
"name": "bugmallshoppingcart-search-sql-injection(35039)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35039"
},
{
"name": "http://www.h4cky0u.org/viewtopic.php?t=26834",
"refsource": "MISC",
"url": "http://www.h4cky0u.org/viewtopic.php?t=26834"
},
{
"name": "38223",
"refsource": "OSVDB",
"url": "http://osvdb.org/38223"
},
{
"name": "25836",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25836"
},
{
"name": "24629",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24629"
},
{
"name": "ADV-2007-2322",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2322"
}
]
}
}

150
2007/3xxx/CVE-2007-3637.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3637",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in MKPortal 1.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka ZD-00000008. this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[dailydave] 20070706 (no subject)",
"refsource" : "MLIST",
"url" : "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004448.html"
},
{
"name" : "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?",
"refsource" : "MISC",
"url" : "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"
},
{
"name" : "24783",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24783"
},
{
"name" : "45801",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/45801"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in MKPortal 1.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka ZD-00000008. this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24783"
},
{
"name": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?",
"refsource": "MISC",
"url": "http://www.wslabi.com/wabisabilabi/initPublishedBid.do?"
},
{
"name": "45801",
"refsource": "OSVDB",
"url": "http://osvdb.org/45801"
},
{
"name": "[dailydave] 20070706 (no subject)",
"refsource": "MLIST",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2007-July/004448.html"
}
]
}
}

190
2007/3xxx/CVE-2007-3753.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3753",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apple iPhone 1.1.1, with Bluetooth enabled, allows physically proximate attackers to cause a denial of service (application termination) and execute arbitrary code via crafted Service Discovery Protocol (SDP) packets, related to insufficient input validation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://docs.info.apple.com/article.html?artnum=306586",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=306586"
},
{
"name" : "APPLE-SA-2007-09-27",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"
},
{
"name" : "25855",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25855"
},
{
"name" : "ADV-2007-3287",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3287"
},
{
"name" : "38538",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38538"
},
{
"name" : "1018752",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1018752"
},
{
"name" : "26983",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26983"
},
{
"name" : "iphone-bluetooth-server-code-execution(36844)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36844"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple iPhone 1.1.1, with Bluetooth enabled, allows physically proximate attackers to cause a denial of service (application termination) and execute arbitrary code via crafted Service Discovery Protocol (SDP) packets, related to insufficient input validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2007-09-27",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=306586",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=306586"
},
{
"name": "iphone-bluetooth-server-code-execution(36844)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36844"
},
{
"name": "38538",
"refsource": "OSVDB",
"url": "http://osvdb.org/38538"
},
{
"name": "26983",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26983"
},
{
"name": "25855",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25855"
},
{
"name": "ADV-2007-3287",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3287"
},
{
"name": "1018752",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018752"
}
]
}
}

230
2007/3xxx/CVE-2007-3962.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3962",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in fsplib.c in fsplib before 0.9 might allow remote attackers to execute arbitrary code via (1) a long filename that is not properly handled by the fsp_readdir_native function when MAXNAMLEN is greater than 255, or (2) a long d_name directory (dirent) field in the fsp_readdir function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://fsp.cvs.sourceforge.net/fsp/fsplib/fsplib.c?r1=1.17&r2=1.18",
"refsource" : "MISC",
"url" : "http://fsp.cvs.sourceforge.net/fsp/fsplib/fsplib.c?r1=1.17&r2=1.18"
},
{
"name" : "http://fsp.cvs.sourceforge.net/fsp/fsplib/fsplib.c?r1=1.21&r2=1.22",
"refsource" : "MISC",
"url" : "http://fsp.cvs.sourceforge.net/fsp/fsplib/fsplib.c?r1=1.21&r2=1.22"
},
{
"name" : "http://fsp.cvs.sourceforge.net/fsp/fsplib/ChangeLog?revision=1.17&view=markup",
"refsource" : "CONFIRM",
"url" : "http://fsp.cvs.sourceforge.net/fsp/fsplib/ChangeLog?revision=1.17&view=markup"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=188252",
"refsource" : "CONFIRM",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=188252"
},
{
"name" : "GLSA-200711-01",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200711-01.xml"
},
{
"name" : "MDVSA-2008:018",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:018"
},
{
"name" : "25034",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25034"
},
{
"name" : "38569",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38569"
},
{
"name" : "38570",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38570"
},
{
"name" : "26184",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26184"
},
{
"name" : "26378",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26378"
},
{
"name" : "27501",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27501"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in fsplib.c in fsplib before 0.9 might allow remote attackers to execute arbitrary code via (1) a long filename that is not properly handled by the fsp_readdir_native function when MAXNAMLEN is greater than 255, or (2) a long d_name directory (dirent) field in the fsp_readdir function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://fsp.cvs.sourceforge.net/fsp/fsplib/fsplib.c?r1=1.17&r2=1.18",
"refsource": "MISC",
"url": "http://fsp.cvs.sourceforge.net/fsp/fsplib/fsplib.c?r1=1.17&r2=1.18"
},
{
"name": "GLSA-200711-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-01.xml"
},
{
"name": "http://fsp.cvs.sourceforge.net/fsp/fsplib/fsplib.c?r1=1.21&r2=1.22",
"refsource": "MISC",
"url": "http://fsp.cvs.sourceforge.net/fsp/fsplib/fsplib.c?r1=1.21&r2=1.22"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=188252",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=188252"
},
{
"name": "38569",
"refsource": "OSVDB",
"url": "http://osvdb.org/38569"
},
{
"name": "25034",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25034"
},
{
"name": "http://fsp.cvs.sourceforge.net/fsp/fsplib/ChangeLog?revision=1.17&view=markup",
"refsource": "CONFIRM",
"url": "http://fsp.cvs.sourceforge.net/fsp/fsplib/ChangeLog?revision=1.17&view=markup"
},
{
"name": "MDVSA-2008:018",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:018"
},
{
"name": "26378",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26378"
},
{
"name": "38570",
"refsource": "OSVDB",
"url": "http://osvdb.org/38570"
},
{
"name": "27501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27501"
},
{
"name": "26184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26184"
}
]
}
}

34
2007/6xxx/CVE-2007-6107.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6107",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6107",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

200
2007/6xxx/CVE-2007-6262.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6262",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a \"bad initialized pointer,\" aka a \"recursive plugin release vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071204 CORE-2007-1004: VLC Activex Bad Pointer Initialization Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/484563/100/0/threaded"
},
{
"name" : "http://www.coresecurity.com/?action=item&id=2035",
"refsource" : "MISC",
"url" : "http://www.coresecurity.com/?action=item&id=2035"
},
{
"name" : "http://www.videolan.org/sa0703.html",
"refsource" : "CONFIRM",
"url" : "http://www.videolan.org/sa0703.html"
},
{
"name" : "26675",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26675"
},
{
"name" : "oval:org.mitre.oval:def:14280",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14280"
},
{
"name" : "ADV-2007-4061",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4061"
},
{
"name" : "27878",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27878"
},
{
"name" : "3420",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3420"
},
{
"name" : "vlcmediaplayer-activex-memory-overwrite(38816)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38816"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a \"bad initialized pointer,\" aka a \"recursive plugin release vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vlcmediaplayer-activex-memory-overwrite(38816)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38816"
},
{
"name": "http://www.videolan.org/sa0703.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/sa0703.html"
},
{
"name": "ADV-2007-4061",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4061"
},
{
"name": "http://www.coresecurity.com/?action=item&id=2035",
"refsource": "MISC",
"url": "http://www.coresecurity.com/?action=item&id=2035"
},
{
"name": "oval:org.mitre.oval:def:14280",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14280"
},
{
"name": "27878",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27878"
},
{
"name": "20071204 CORE-2007-1004: VLC Activex Bad Pointer Initialization Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484563/100/0/threaded"
},
{
"name": "26675",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26675"
},
{
"name": "3420",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3420"
}
]
}
}

270
2010/0xxx/CVE-2010-0042.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0042",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-0042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4070",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4070"
},
{
"name" : "http://support.apple.com/kb/HT4077",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4077"
},
{
"name" : "http://support.apple.com/kb/HT4225",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4225"
},
{
"name" : "http://support.apple.com/kb/HT4105",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4105"
},
{
"name" : "http://support.apple.com/kb/HT4456",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4456"
},
{
"name" : "APPLE-SA-2010-03-11-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html"
},
{
"name" : "APPLE-SA-2010-03-29-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name" : "APPLE-SA-2010-03-30-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html"
},
{
"name" : "APPLE-SA-2010-06-21-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"name" : "APPLE-SA-2010-11-22-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"name" : "38671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38671"
},
{
"name" : "38677",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38677"
},
{
"name" : "oval:org.mitre.oval:def:7561",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7561"
},
{
"name" : "1023706",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023706"
},
{
"name" : "39135",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39135"
},
{
"name" : "42314",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42314"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-03-11-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT4225",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "1023706",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023706"
},
{
"name": "39135",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39135"
},
{
"name": "38677",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38677"
},
{
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT4105",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4105"
},
{
"name": "http://support.apple.com/kb/HT4070",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4070"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "42314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42314"
},
{
"name": "oval:org.mitre.oval:def:7561",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7561"
},
{
"name": "http://support.apple.com/kb/HT4456",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "APPLE-SA-2010-03-30-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html"
},
{
"name": "APPLE-SA-2010-06-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"name": "38671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38671"
},
{
"name": "APPLE-SA-2010-11-22-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
]
}
}

130
2010/0xxx/CVE-2010-0069.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0069",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0, SP7, 8.1SP6, 9.0, 9.1, 9.2MP3, 10.0MP1, and 10.3.0 allows remote attackers to affect integrity via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-0069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"
},
{
"name" : "TA10-012A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-012A.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0, SP7, 8.1SP6, 9.0, 9.1, 9.2MP3, 10.0MP1, and 10.3.0 allows remote attackers to affect integrity via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"
},
{
"name": "TA10-012A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-012A.html"
}
]
}
}

200
2010/1xxx/CVE-2010-1277.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1277",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the user.authenticate method in the API in Zabbix 1.8 before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the user parameter in JSON data to api_jsonrpc.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100401 Zabbix <= 1.8.1 SQL Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/510480/100/0/threaded"
},
{
"name" : "20100401 Zabbix <= 1.8.1 SQL Injection",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0001.html"
},
{
"name" : "http://legalhackers.com/advisories/zabbix181api-sql.txt",
"refsource" : "MISC",
"url" : "http://legalhackers.com/advisories/zabbix181api-sql.txt"
},
{
"name" : "http://legalhackers.com/poc/zabbix181api.pl-poc",
"refsource" : "MISC",
"url" : "http://legalhackers.com/poc/zabbix181api.pl-poc"
},
{
"name" : "http://www.zabbix.com/rn1.8.2.php",
"refsource" : "MISC",
"url" : "http://www.zabbix.com/rn1.8.2.php"
},
{
"name" : "39148",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39148"
},
{
"name" : "63456",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/63456"
},
{
"name" : "39119",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39119"
},
{
"name" : "ADV-2010-0799",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0799"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the user.authenticate method in the API in Zabbix 1.8 before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the user parameter in JSON data to api_jsonrpc.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-0799",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0799"
},
{
"name": "http://legalhackers.com/advisories/zabbix181api-sql.txt",
"refsource": "MISC",
"url": "http://legalhackers.com/advisories/zabbix181api-sql.txt"
},
{
"name": "63456",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/63456"
},
{
"name": "http://www.zabbix.com/rn1.8.2.php",
"refsource": "MISC",
"url": "http://www.zabbix.com/rn1.8.2.php"
},
{
"name": "20100401 Zabbix <= 1.8.1 SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510480/100/0/threaded"
},
{
"name": "39148",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39148"
},
{
"name": "20100401 Zabbix <= 1.8.1 SQL Injection",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0001.html"
},
{
"name": "http://legalhackers.com/poc/zabbix181api.pl-poc",
"refsource": "MISC",
"url": "http://legalhackers.com/poc/zabbix181api.pl-poc"
},
{
"name": "39119",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39119"
}
]
}
}

150
2010/1xxx/CVE-2010-1319.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1319",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via a request with a crafted payload length."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf"
},
{
"name" : "39490",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39490"
},
{
"name" : "39279",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39279"
},
{
"name" : "ADV-2010-0889",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0889"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via a request with a crafted payload length."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39490"
},
{
"name": "http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf",
"refsource": "CONFIRM",
"url": "http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf"
},
{
"name": "39279",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39279"
},
{
"name": "ADV-2010-0889",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0889"
}
]
}
}

140
2010/1xxx/CVE-2010-1614.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1614",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the Login-As feature or (2) when the global search feature is enabled, unspecified global search forms in the Global Search Engine. NOTE: vector 1 might be resultant from a cross-site request forgery (CSRF) vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://moodle.org/security/",
"refsource" : "CONFIRM",
"url" : "http://moodle.org/security/"
},
{
"name" : "SUSE-SR:2010:011",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"name" : "ADV-2010-1107",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1107"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the Login-As feature or (2) when the global search feature is enabled, unspecified global search forms in the Global Search Engine. NOTE: vector 1 might be resultant from a cross-site request forgery (CSRF) vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-1107",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"name": "http://moodle.org/security/",
"refsource": "CONFIRM",
"url": "http://moodle.org/security/"
},
{
"name": "SUSE-SR:2010:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
}
]
}
}

140
2010/1xxx/CVE-2010-1800.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1800",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CFNetwork in Apple Mac OS X 10.6.3 and 10.6.4 supports anonymous SSL and TLS connections, which allows man-in-the-middle attackers to redirect a connection and obtain sensitive information via crafted responses."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-1800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4312",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4312"
},
{
"name" : "APPLE-SA-2010-08-24-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html"
},
{
"name" : "1024359",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024359"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CFNetwork in Apple Mac OS X 10.6.3 and 10.6.4 supports anonymous SSL and TLS connections, which allows man-in-the-middle attackers to redirect a connection and obtain sensitive information via crafted responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024359",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024359"
},
{
"name": "APPLE-SA-2010-08-24-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html"
},
{
"name": "http://support.apple.com/kb/HT4312",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4312"
}
]
}
}

170
2010/5xxx/CVE-2010-5009.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5009",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in UTStats Beta 4 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter in a matchp action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "13854",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/13854"
},
{
"name" : "http://packetstormsecurity.org/1006-exploits/utstats-sqlxss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1006-exploits/utstats-sqlxss.txt"
},
{
"name" : "40836",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40836"
},
{
"name" : "8506",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8506"
},
{
"name" : "ADV-2010-1465",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1465"
},
{
"name" : "utstats-index-sql-injection(59402)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59402"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in UTStats Beta 4 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter in a matchp action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8506",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8506"
},
{
"name": "utstats-index-sql-injection(59402)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59402"
},
{
"name": "ADV-2010-1465",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1465"
},
{
"name": "13854",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/13854"
},
{
"name": "40836",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40836"
},
{
"name": "http://packetstormsecurity.org/1006-exploits/utstats-sqlxss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1006-exploits/utstats-sqlxss.txt"
}
]
}
}

130
2010/5xxx/CVE-2010-5247.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5247",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in QtWeb Browser 3.3 build 043 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .html, .htm, or .mhtml file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100828 QtWeb Browser version 3.3 build 043 Insecure DLL Hijacking Vulnerability (wintab32.dll)",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0386.html"
},
{
"name" : "41201",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41201"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in QtWeb Browser 3.3 build 043 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .html, .htm, or .mhtml file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100828 QtWeb Browser version 3.3 build 043 Insecure DLL Hijacking Vulnerability (wintab32.dll)",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0386.html"
},
{
"name": "41201",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41201"
}
]
}
}

150
2010/5xxx/CVE-2010-5297.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5297",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WordPress before 3.0.1, when a Multisite installation is used, permanently retains the \"site administrators can add users\" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://codex.wordpress.org/Changelog/3.0.1",
"refsource" : "CONFIRM",
"url" : "http://codex.wordpress.org/Changelog/3.0.1"
},
{
"name" : "http://core.trac.wordpress.org/query?status=closed&group=resolution&order=priority&milestone=3.0.1&resolution=fixed",
"refsource" : "CONFIRM",
"url" : "http://core.trac.wordpress.org/query?status=closed&group=resolution&order=priority&milestone=3.0.1&resolution=fixed"
},
{
"name" : "https://core.trac.wordpress.org/changeset/15342",
"refsource" : "CONFIRM",
"url" : "https://core.trac.wordpress.org/changeset/15342"
},
{
"name" : "https://core.trac.wordpress.org/ticket/14119",
"refsource" : "CONFIRM",
"url" : "https://core.trac.wordpress.org/ticket/14119"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WordPress before 3.0.1, when a Multisite installation is used, permanently retains the \"site administrators can add users\" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://codex.wordpress.org/Changelog/3.0.1",
"refsource": "CONFIRM",
"url": "http://codex.wordpress.org/Changelog/3.0.1"
},
{
"name": "http://core.trac.wordpress.org/query?status=closed&group=resolution&order=priority&milestone=3.0.1&resolution=fixed",
"refsource": "CONFIRM",
"url": "http://core.trac.wordpress.org/query?status=closed&group=resolution&order=priority&milestone=3.0.1&resolution=fixed"
},
{
"name": "https://core.trac.wordpress.org/ticket/14119",
"refsource": "CONFIRM",
"url": "https://core.trac.wordpress.org/ticket/14119"
},
{
"name": "https://core.trac.wordpress.org/changeset/15342",
"refsource": "CONFIRM",
"url": "https://core.trac.wordpress.org/changeset/15342"
}
]
}
}

160
2014/0xxx/CVE-2014-0132.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0132",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://fedorahosted.org/389/changeset/76acff12a86110d4165f94e2cba13ef5c7ebc38a/",
"refsource" : "CONFIRM",
"url" : "https://fedorahosted.org/389/changeset/76acff12a86110d4165f94e2cba13ef5c7ebc38a/"
},
{
"name" : "https://fedorahosted.org/389/ticket/47739",
"refsource" : "CONFIRM",
"url" : "https://fedorahosted.org/389/ticket/47739"
},
{
"name" : "RHSA-2014:0292",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0292.html"
},
{
"name" : "57412",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57412"
},
{
"name" : "57427",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57427"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fedorahosted.org/389/changeset/76acff12a86110d4165f94e2cba13ef5c7ebc38a/",
"refsource": "CONFIRM",
"url": "https://fedorahosted.org/389/changeset/76acff12a86110d4165f94e2cba13ef5c7ebc38a/"
},
{
"name": "57427",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57427"
},
{
"name": "RHSA-2014:0292",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0292.html"
},
{
"name": "57412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57412"
},
{
"name": "https://fedorahosted.org/389/ticket/47739",
"refsource": "CONFIRM",
"url": "https://fedorahosted.org/389/ticket/47739"
}
]
}
}

120
2014/0xxx/CVE-2014-0628.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0628",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The server in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.5 does not properly process certificate chains, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-0628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140324 ESA-2014-011: RSA BSAFE Micro Edition Suite Server Crash Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-03/0130.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.5 does not properly process certificate chains, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140324 ESA-2014-011: RSA BSAFE Micro Edition Suite Server Crash Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-03/0130.html"
}
]
}
}

160
2014/0xxx/CVE-2014-0943.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0943",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Commerce 6.0 Feature Pack 2 through Feature Pack 5, 7.0.0.0 through 7.0.0.8, and 7.0 Feature Pack 1 through Feature Pack 7 allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a malformed id parameter in a request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21671377",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21671377"
},
{
"name" : "JR49881",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR49881"
},
{
"name" : "JR49996",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR49996"
},
{
"name" : "1030284",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030284"
},
{
"name" : "ibm-websphere-cve20140943-dos(92402)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92402"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Commerce 6.0 Feature Pack 2 through Feature Pack 5, 7.0.0.0 through 7.0.0.8, and 7.0 Feature Pack 1 through Feature Pack 7 allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a malformed id parameter in a request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21671377",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671377"
},
{
"name": "JR49881",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR49881"
},
{
"name": "1030284",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030284"
},
{
"name": "JR49996",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR49996"
},
{
"name": "ibm-websphere-cve20140943-dos(92402)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92402"
}
]
}
}

150
2014/100xxx/CVE-2014-100027.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-100027",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the WP SlimStat plugin before 3.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-100027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/getusedtoit/wp-slimstat/issues/3",
"refsource" : "CONFIRM",
"url" : "https://github.com/getusedtoit/wp-slimstat/issues/3"
},
{
"name" : "66146",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66146"
},
{
"name" : "57305",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57305"
},
{
"name" : "wpslimstat-wordpress-xss(91840)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91840"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the WP SlimStat plugin before 3.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "wpslimstat-wordpress-xss(91840)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91840"
},
{
"name": "https://github.com/getusedtoit/wp-slimstat/issues/3",
"refsource": "CONFIRM",
"url": "https://github.com/getusedtoit/wp-slimstat/issues/3"
},
{
"name": "57305",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57305"
},
{
"name": "66146",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66146"
}
]
}
}

140
2014/1xxx/CVE-2014-1378.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1378",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IOGraphicsFamily in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-1378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT6296",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT6296"
},
{
"name" : "APPLE-SA-2014-06-30-2",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html"
},
{
"name" : "1030505",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030505"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IOGraphicsFamily in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT6296",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6296"
},
{
"name": "1030505",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030505"
},
{
"name": "APPLE-SA-2014-06-30-2",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html"
}
]
}
}

160
2014/1xxx/CVE-2014-1527.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1527",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2014-1527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-40.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-40.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=960146",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=960146"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "FEDORA-2014-5829",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html"
},
{
"name" : "1030163",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030163"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=960146",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=960146"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "http://www.mozilla.org/security/announce/2014/mfsa2014-40.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-40.html"
},
{
"name": "1030163",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030163"
},
{
"name": "FEDORA-2014-5829",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html"
}
]
}
}

120
2014/1xxx/CVE-2014-1752.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1752",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-1752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-018",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-018"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS14-018",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-018"
}
]
}
}

140
2014/4xxx/CVE-2014-4110.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4110",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, and CVE-2014-4111."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-4110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-052",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052"
},
{
"name" : "69616",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69616"
},
{
"name" : "1030818",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030818"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, and CVE-2014-4111."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030818",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030818"
},
{
"name": "MS14-052",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052"
},
{
"name": "69616",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69616"
}
]
}
}

400
2015/2xxx/CVE-2015-2721.json
View File

@ -1,202 +1,202 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2721",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a \"SMACK SKIP-TLS\" issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2015-2721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://smacktls.com",
"refsource" : "MISC",
"url" : "https://smacktls.com"
},
{
"name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-71.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-71.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1086145",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1086145"
},
{
"name" : "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19_release_notes",
"refsource" : "CONFIRM",
"url" : "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19_release_notes"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name" : "DSA-3324",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3324"
},
{
"name" : "DSA-3336",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3336"
},
{
"name" : "GLSA-201512-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201512-10"
},
{
"name" : "GLSA-201701-46",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-46"
},
{
"name" : "RHSA-2015:1664",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1664.html"
},
{
"name" : "RHSA-2015:1185",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1185.html"
},
{
"name" : "SUSE-SU-2015:1268",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html"
},
{
"name" : "SUSE-SU-2015:1269",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html"
},
{
"name" : "SUSE-SU-2015:1449",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"
},
{
"name" : "openSUSE-SU-2015:1266",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"name" : "openSUSE-SU-2015:1229",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html"
},
{
"name" : "USN-2673-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2673-1"
},
{
"name" : "USN-2656-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2656-1"
},
{
"name" : "USN-2672-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2672-1"
},
{
"name" : "USN-2656-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2656-2"
},
{
"name" : "91787",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91787"
},
{
"name" : "75541",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75541"
},
{
"name" : "83398",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/83398"
},
{
"name" : "1032783",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032783"
},
{
"name" : "1032784",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032784"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a \"SMACK SKIP-TLS\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "openSUSE-SU-2015:1229",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html"
},
{
"name": "SUSE-SU-2015:1268",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19_release_notes",
"refsource": "CONFIRM",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19_release_notes"
},
{
"name": "83398",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83398"
},
{
"name": "GLSA-201512-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"name": "GLSA-201701-46",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-46"
},
{
"name": "DSA-3336",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3336"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "75541",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75541"
},
{
"name": "RHSA-2015:1185",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1185.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "DSA-3324",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3324"
},
{
"name": "USN-2672-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2672-1"
},
{
"name": "USN-2673-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2673-1"
},
{
"name": "1032784",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032784"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1086145",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1086145"
},
{
"name": "SUSE-SU-2015:1269",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html"
},
{
"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-71.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-71.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "openSUSE-SU-2015:1266",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"name": "RHSA-2015:1664",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1664.html"
},
{
"name": "USN-2656-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2656-1"
},
{
"name": "SUSE-SU-2015:1449",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"
},
{
"name": "https://smacktls.com",
"refsource": "MISC",
"url": "https://smacktls.com"
},
{
"name": "1032783",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032783"
},
{
"name": "USN-2656-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2656-2"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
]
}
}

140
2016/10xxx/CVE-2016-10317.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-10317",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.ghostscript.com/show_bug.cgi?id=697459",
"refsource" : "MISC",
"url" : "https://bugs.ghostscript.com/show_bug.cgi?id=697459"
},
{
"name" : "USN-3636-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3636-1/"
},
{
"name" : "97410",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97410"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=697459",
"refsource": "MISC",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=697459"
},
{
"name": "USN-3636-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3636-1/"
},
{
"name": "97410",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97410"
}
]
}
}

34
2016/10xxx/CVE-2016-10408.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-10408",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10408",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

132
2016/10xxx/CVE-2016-10535.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2016-10535",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "csrf-lite node module",
"version" : {
"version_data" : [
{
"version_value" : "<=0.1.1"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparison, instead of a time constant string comparison This enables an attacker to guess the secret in no more than (16*18)288 guesses, instead of the 16^18 guesses required were the timing attack not present."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Exposure Through Timing Discrepancy (CWE-208)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2016-10535",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "csrf-lite node module",
"version": {
"version_data": [
{
"version_value": "<=0.1.1"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/isaacs/csrf-lite/pull/1",
"refsource" : "MISC",
"url" : "https://github.com/isaacs/csrf-lite/pull/1"
},
{
"name" : "https://nodesecurity.io/advisories/94",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/94"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparison, instead of a time constant string comparison This enables an attacker to guess the secret in no more than (16*18)288 guesses, instead of the 16^18 guesses required were the timing attack not present."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure Through Timing Discrepancy (CWE-208)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/94",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/94"
},
{
"name": "https://github.com/isaacs/csrf-lite/pull/1",
"refsource": "MISC",
"url": "https://github.com/isaacs/csrf-lite/pull/1"
}
]
}
}

220
2016/3xxx/CVE-2016-3027.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-3027",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Access Manager",
"version" : {
"version_data" : [
{
"version_value" : "9.0"
},
{
"version_value" : "9.0.0.1"
},
{
"version_value" : "9.0.1"
},
{
"version_value" : "7.0.0"
},
{
"version_value" : "8.0.0"
},
{
"version_value" : "8.0.0.1"
},
{
"version_value" : "8.0.0.2"
},
{
"version_value" : "8.0.0.3"
},
{
"version_value" : "8.0.0.4"
},
{
"version_value" : "8.0.0.5"
},
{
"version_value" : "8.0.1"
},
{
"version_value" : "8.0.1.2"
},
{
"version_value" : "8.0.1.3"
},
{
"version_value" : "8.0.1.4"
},
{
"version_value" : "9.0.0"
},
{
"version_value" : "9.0.1.0"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-3027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0"
},
{
"version_value": "9.0.0.1"
},
{
"version_value": "9.0.1"
},
{
"version_value": "7.0.0"
},
{
"version_value": "8.0.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "9.0.0"
},
{
"version_value": "9.0.1.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21994440",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21994440"
},
{
"name" : "96127",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96127"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21994440",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21994440"
},
{
"name": "96127",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96127"
}
]
}
}

34
2016/3xxx/CVE-2016-3730.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3730",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3730",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2016/9xxx/CVE-2016-9046.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9046",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9046",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

162
2016/9xxx/CVE-2016-9159.json
View File

@ -1,83 +1,83 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "productcert@siemens.com",
"ID" : "CVE-2016-9159",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SIMATIC S7-300 CPU family, SIMATIC S7-400 V6 and earlier CPU family, SIMATIC S7-400 V7 CPU family",
"version" : {
"version_data" : [
{
"version_value" : "SIMATIC S7-300 CPU family : All versions"
},
{
"version_value" : "SIMATIC S7-400 V6 and earlier CPU family : All versions"
},
{
"version_value" : "SIMATIC S7-400 V7 CPU family : All versions"
}
]
}
}
]
},
"vendor_name" : "Siemens AG"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability has been identified in SIMATIC S7-300 CPU family, SIMATIC S7-400 V6 and earlier CPU family, SIMATIC S7-400 V7 CPU family. An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices. This vulnerability affects all listed affected products."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-200: Information Exposure"
}
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2016-9159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC S7-300 CPU family, SIMATIC S7-400 V6 and earlier CPU family, SIMATIC S7-400 V7 CPU family",
"version": {
"version_data": [
{
"version_value": "SIMATIC S7-300 CPU family : All versions"
},
{
"version_value": "SIMATIC S7-400 V6 and earlier CPU family : All versions"
},
{
"version_value": "SIMATIC S7-400 V7 CPU family : All versions"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05"
},
{
"name" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf",
"refsource" : "CONFIRM",
"url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf"
},
{
"name" : "94820",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94820"
},
{
"name" : "1037434",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037434"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC S7-300 CPU family, SIMATIC S7-400 V6 and earlier CPU family, SIMATIC S7-400 V7 CPU family. An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices. This vulnerability affects all listed affected products."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94820",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94820"
},
{
"name": "1037434",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037434"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-05"
},
{
"name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf",
"refsource": "CONFIRM",
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf"
}
]
}
}

230
2016/9xxx/CVE-2016-9310.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9310",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://nwtime.org/ntp428p9_release/",
"refsource" : "CONFIRM",
"url" : "http://nwtime.org/ntp428p9_release/"
},
{
"name" : "http://support.ntp.org/bin/view/Main/NtpBug3118",
"refsource" : "CONFIRM",
"url" : "http://support.ntp.org/bin/view/Main/NtpBug3118"
},
{
"name" : "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities",
"refsource" : "CONFIRM",
"url" : "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"name" : "https://bto.bluecoat.com/security-advisory/sa139",
"refsource" : "CONFIRM",
"url" : "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us"
},
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03799en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03799en_us"
},
{
"name" : "FreeBSD-SA-16:39",
"refsource" : "FREEBSD",
"url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"name" : "RHSA-2017:0252",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"name" : "USN-3707-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3707-2/"
},
{
"name" : "VU#633847",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/633847"
},
{
"name" : "94452",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94452"
},
{
"name" : "1037354",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037354"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3118",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3118"
},
{
"name": "USN-3707-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"name": "94452",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94452"
},
{
"name": "RHSA-2017:0252",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"name": "http://nwtime.org/ntp428p9_release/",
"refsource": "CONFIRM",
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"name": "VU#633847",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"name": "1037354",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037354"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa139",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03799en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03799en_us"
},
{
"name": "FreeBSD-SA-16:39",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
}
]
}
}

130
2016/9xxx/CVE-2016-9337.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2016-9337",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Tesla Gateway ECU on Model S automobile",
"version" : {
"version_data" : [
{
"version_value" : "Tesla Gateway ECU on Model S automobile"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Tesla Motors Model S automobile, all firmware versions before version 7.1 (2.36.31) with web browser functionality enabled. The vehicle's Gateway ECU is susceptible to commands that may allow an attacker to install malicious software allowing the attacker to send messages to the vehicle's CAN bus, a Command Injection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Tesla Gateway ECU Command Injection"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-9337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tesla Gateway ECU on Model S automobile",
"version": {
"version_data": [
{
"version_value": "Tesla Gateway ECU on Model S automobile"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-341-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-341-01"
},
{
"name" : "94697",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94697"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Tesla Motors Model S automobile, all firmware versions before version 7.1 (2.36.31) with web browser functionality enabled. The vehicle's Gateway ECU is susceptible to commands that may allow an attacker to install malicious software allowing the attacker to send messages to the vehicle's CAN bus, a Command Injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Tesla Gateway ECU Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94697",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94697"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-341-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-341-01"
}
]
}
}

150
2016/9xxx/CVE-2016-9479.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9479",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The \"lost password\" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://b2evolution.net/downloads/6-7-9-stable",
"refsource" : "CONFIRM",
"url" : "http://b2evolution.net/downloads/6-7-9-stable"
},
{
"name" : "https://github.com/b2evolution/b2evolution/issues/33",
"refsource" : "CONFIRM",
"url" : "https://github.com/b2evolution/b2evolution/issues/33"
},
{
"name" : "95006",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95006"
},
{
"name" : "1037393",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037393"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"lost password\" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://b2evolution.net/downloads/6-7-9-stable",
"refsource": "CONFIRM",
"url": "http://b2evolution.net/downloads/6-7-9-stable"
},
{
"name": "1037393",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037393"
},
{
"name": "https://github.com/b2evolution/b2evolution/issues/33",
"refsource": "CONFIRM",
"url": "https://github.com/b2evolution/b2evolution/issues/33"
},
{
"name": "95006",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95006"
}
]
}
}

170
2016/9xxx/CVE-2016-9921.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9921",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161209 Re: CVE request Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/12/09/1"
},
{
"name" : "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name" : "GLSA-201701-49",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-49"
},
{
"name" : "RHSA-2017:2392",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name" : "RHSA-2017:2408",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name" : "94803",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94803"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "RHSA-2017:2392",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2392"
},
{
"name": "GLSA-201701-49",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-49"
},
{
"name": "94803",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94803"
},
{
"name": "RHSA-2017:2408",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "[oss-security] 20161209 Re: CVE request Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/09/1"
}
]
}
}

34
2019/2xxx/CVE-2019-2745.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2745",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2745",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2805.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2805",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2805",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2903.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2903",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2903",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/6xxx/CVE-2019-6315.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6315",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6315",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/6xxx/CVE-2019-6422.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6422",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6422",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2019/6xxx/CVE-2019-6500.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6500",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of '.' characters, as demonstrated by an initial /h2hdocumentation//%2e%2e/ substring."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/inf0seq/inf0seq.github.io/blob/master/_posts/2019-01-20-Directory-Traversal-in-Axway-File-Transfer-Direct.md",
"refsource" : "MISC",
"url" : "https://github.com/inf0seq/inf0seq.github.io/blob/master/_posts/2019-01-20-Directory-Traversal-in-Axway-File-Transfer-Direct.md"
},
{
"name" : "https://inf0seq.github.io/cve/2019/01/20/Directory-Traversal-in-Axway-File-Transfer-Direct.html",
"refsource" : "MISC",
"url" : "https://inf0seq.github.io/cve/2019/01/20/Directory-Traversal-in-Axway-File-Transfer-Direct.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of '.' characters, as demonstrated by an initial /h2hdocumentation//%2e%2e/ substring."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/inf0seq/inf0seq.github.io/blob/master/_posts/2019-01-20-Directory-Traversal-in-Axway-File-Transfer-Direct.md",
"refsource": "MISC",
"url": "https://github.com/inf0seq/inf0seq.github.io/blob/master/_posts/2019-01-20-Directory-Traversal-in-Axway-File-Transfer-Direct.md"
},
{
"name": "https://inf0seq.github.io/cve/2019/01/20/Directory-Traversal-in-Axway-File-Transfer-Direct.html",
"refsource": "MISC",
"url": "https://inf0seq.github.io/cve/2019/01/20/Directory-Traversal-in-Axway-File-Transfer-Direct.html"
}
]
}
}

34
2019/6xxx/CVE-2019-6735.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6735",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6735",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/6xxx/CVE-2019-6928.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6928",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6928",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/7xxx/CVE-2019-7877.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7877",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7877",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}