admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:07:09 +00:00
parent c454d54440
commit bff87e7d07
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
56 changed files with 3796 additions and 3796 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
2006/5xxx/CVE-2006-5141.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5141",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in script.php in Kevin A. Gordon Open Geo Targeting (aka geotarget) allows remote attackers to execute arbitrary PHP code via a URL in the anp_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20272",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20272"
},
{
"name" : "37969",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37969"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in script.php in Kevin A. Gordon Open Geo Targeting (aka geotarget) allows remote attackers to execute arbitrary PHP code via a URL in the anp_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37969",
"refsource": "OSVDB",
"url": "http://osvdb.org/37969"
},
{
"name": "20272",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20272"
}
]
}
}

170
2007/2xxx/CVE-2007-2781.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2781",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in include/sessionRegister.php in WikyBlog before 1.4.13 allows remote attackers to inject arbitrary web script or HTML, probably via vectors related to a certain data2 array element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2781",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=509254",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=509254"
},
{
"name" : "http://wikyblog.svn.sourceforge.net/viewvc/wikyblog/trunk/include/sessionRegister.php?r1=127&r2=133",
"refsource" : "CONFIRM",
"url" : "http://wikyblog.svn.sourceforge.net/viewvc/wikyblog/trunk/include/sessionRegister.php?r1=127&r2=133"
},
{
"name" : "http://wikyblog.svn.sourceforge.net/viewvc/wikyblog/trunk/include/sessionRegister.php?view=log",
"refsource" : "CONFIRM",
"url" : "http://wikyblog.svn.sourceforge.net/viewvc/wikyblog/trunk/include/sessionRegister.php?view=log"
},
{
"name" : "36076",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36076"
},
{
"name" : "25308",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25308"
},
{
"name" : "wikyblog-unspecified-xss(34373)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34373"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in include/sessionRegister.php in WikyBlog before 1.4.13 allows remote attackers to inject arbitrary web script or HTML, probably via vectors related to a certain data2 array element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25308",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25308"
},
{
"name": "http://wikyblog.svn.sourceforge.net/viewvc/wikyblog/trunk/include/sessionRegister.php?r1=127&r2=133",
"refsource": "CONFIRM",
"url": "http://wikyblog.svn.sourceforge.net/viewvc/wikyblog/trunk/include/sessionRegister.php?r1=127&r2=133"
},
{
"name": "36076",
"refsource": "OSVDB",
"url": "http://osvdb.org/36076"
},
{
"name": "http://wikyblog.svn.sourceforge.net/viewvc/wikyblog/trunk/include/sessionRegister.php?view=log",
"refsource": "CONFIRM",
"url": "http://wikyblog.svn.sourceforge.net/viewvc/wikyblog/trunk/include/sessionRegister.php?view=log"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=509254",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=509254"
},
{
"name": "wikyblog-unspecified-xss(34373)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34373"
}
]
}
}

240
2007/2xxx/CVE-2007-2950.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2950",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara Asset Manager 8.0 and (2) Symantec Discovery 6.5, uses insecure permissions on certain directories, which allows local users to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2007-2950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://secunia.com/secunia_research/2007-58/advisory/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2007-58/advisory/"
},
{
"name" : "http://secunia.com/secunia_research/2007-59/advisory/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2007-59/advisory/"
},
{
"name" : "http://secunia.com/secunia_research/2007-60/advisory/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2007-60/advisory/"
},
{
"name" : "25000",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25000"
},
{
"name" : "ADV-2007-2599",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2599"
},
{
"name" : "ADV-2007-2600",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2600"
},
{
"name" : "ADV-2007-2603",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2603"
},
{
"name" : "25354",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25354"
},
{
"name" : "25374",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25374"
},
{
"name" : "25379",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25379"
},
{
"name" : "centennial-discovery-privilege-escalation(35562)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35562"
},
{
"name" : "numara-assetmanager-privilege-escalation(35564)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35564"
},
{
"name" : "symantec-discovery-privilege-escalation(35563)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35563"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara Asset Manager 8.0 and (2) Symantec Discovery 6.5, uses insecure permissions on certain directories, which allows local users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secunia.com/secunia_research/2007-59/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2007-59/advisory/"
},
{
"name": "numara-assetmanager-privilege-escalation(35564)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35564"
},
{
"name": "25000",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25000"
},
{
"name": "ADV-2007-2603",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2603"
},
{
"name": "symantec-discovery-privilege-escalation(35563)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35563"
},
{
"name": "ADV-2007-2600",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2600"
},
{
"name": "25354",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25354"
},
{
"name": "http://secunia.com/secunia_research/2007-58/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2007-58/advisory/"
},
{
"name": "ADV-2007-2599",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2599"
},
{
"name": "25374",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25374"
},
{
"name": "25379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25379"
},
{
"name": "centennial-discovery-privilege-escalation(35562)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35562"
},
{
"name": "http://secunia.com/secunia_research/2007-60/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2007-60/advisory/"
}
]
}
}

440
2007/3xxx/CVE-2007-3386.json
View File

@ -1,222 +1,222 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3386",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2007-3386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070814 CVE-2007-3386: XSS in Host Manager",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/476448/100/0/threaded"
},
{
"name" : "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
},
{
"name" : "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
},
{
"name" : "http://tomcat.apache.org/security-6.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-6.html"
},
{
"name" : "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx",
"refsource" : "CONFIRM",
"url" : "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
},
{
"name" : "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540",
"refsource" : "CONFIRM",
"url" : "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
},
{
"name" : "DSA-1447",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1447"
},
{
"name" : "FEDORA-2007-3456",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html"
},
{
"name" : "HPSBUX02262",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
},
{
"name" : "SSRT071447",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
},
{
"name" : "HPSBTU02276",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554"
},
{
"name" : "SSRT071472",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554"
},
{
"name" : "MDKSA-2007:241",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241"
},
{
"name" : "RHSA-2007:0871",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0871.html"
},
{
"name" : "SUSE-SR:2009:004",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name" : "JVN#59851336",
"refsource" : "JVN",
"url" : "http://jvn.jp/jp/JVN%2359851336/index.html"
},
{
"name" : "25314",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25314"
},
{
"name" : "oval:org.mitre.oval:def:10077",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10077"
},
{
"name" : "ADV-2007-2880",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2880"
},
{
"name" : "ADV-2007-3386",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3386"
},
{
"name" : "ADV-2007-3527",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3527"
},
{
"name" : "ADV-2009-0233",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0233"
},
{
"name" : "36417",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36417"
},
{
"name" : "1018558",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1018558"
},
{
"name" : "26465",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26465"
},
{
"name" : "26898",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26898"
},
{
"name" : "27037",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27037"
},
{
"name" : "27267",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27267"
},
{
"name" : "27727",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27727"
},
{
"name" : "28317",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28317"
},
{
"name" : "33668",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33668"
},
{
"name" : "3010",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3010"
},
{
"name" : "tomcat-hostmanager-alias-xss(36001)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36001"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36417",
"refsource": "OSVDB",
"url": "http://osvdb.org/36417"
},
{
"name": "FEDORA-2007-3456",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00525.html"
},
{
"name": "27267",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27267"
},
{
"name": "ADV-2007-3527",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3527"
},
{
"name": "JVN#59851336",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2359851336/index.html"
},
{
"name": "tomcat-hostmanager-alias-xss(36001)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36001"
},
{
"name": "25314",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25314"
},
{
"name": "26465",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26465"
},
{
"name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
},
{
"name": "33668",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33668"
},
{
"name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
},
{
"name": "26898",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26898"
},
{
"name": "1018558",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018558"
},
{
"name": "3010",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3010"
},
{
"name": "ADV-2007-2880",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2880"
},
{
"name": "SSRT071472",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554"
},
{
"name": "28317",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28317"
},
{
"name": "ADV-2009-0233",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0233"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "http://tomcat.apache.org/security-6.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-6.html"
},
{
"name": "RHSA-2007:0871",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0871.html"
},
{
"name": "ADV-2007-3386",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3386"
},
{
"name": "oval:org.mitre.oval:def:10077",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10077"
},
{
"name": "20070814 CVE-2007-3386: XSS in Host Manager",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/476448/100/0/threaded"
},
{
"name": "27037",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27037"
},
{
"name": "SSRT071447",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
},
{
"name": "27727",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27727"
},
{
"name": "HPSBUX02262",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
},
{
"name": "HPSBTU02276",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01192554"
},
{
"name": "DSA-1447",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1447"
},
{
"name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx",
"refsource": "CONFIRM",
"url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
},
{
"name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540",
"refsource": "CONFIRM",
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
},
{
"name": "MDKSA-2007:241",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:241"
}
]
}
}

430
2007/3xxx/CVE-2007-3475.json
View File

@ -1,217 +1,217 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3475",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070907 FLEA-2007-0052-1 gd",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/478796/100/0/threaded"
},
{
"name" : "http://www.libgd.org/ReleaseNote020035",
"refsource" : "MISC",
"url" : "http://www.libgd.org/ReleaseNote020035"
},
{
"name" : "http://bugs.libgd.org/?do=details&task_id=70",
"refsource" : "CONFIRM",
"url" : "http://bugs.libgd.org/?do=details&task_id=70"
},
{
"name" : "ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz",
"refsource" : "CONFIRM",
"url" : "ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz"
},
{
"name" : "https://issues.rpath.com/browse/RPL-1643",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-1643"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=277421",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=277421"
},
{
"name" : "FEDORA-2007-2055",
"refsource" : "FEDORA",
"url" : "http://fedoranews.org/updates/FEDORA-2007-205.shtml"
},
{
"name" : "FEDORA-2007-692",
"refsource" : "FEDORA",
"url" : "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html"
},
{
"name" : "FEDORA-2010-19022",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html"
},
{
"name" : "FEDORA-2010-19033",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html"
},
{
"name" : "GLSA-200708-05",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200708-05.xml"
},
{
"name" : "GLSA-200711-34",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200711-34.xml"
},
{
"name" : "GLSA-200805-13",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200805-13.xml"
},
{
"name" : "MDKSA-2007:153",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:153"
},
{
"name" : "MDKSA-2007:164",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164"
},
{
"name" : "RHSA-2008:0146",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0146.html"
},
{
"name" : "SUSE-SR:2007:015",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"name" : "2007-0024",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2007/0024/"
},
{
"name" : "24651",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24651"
},
{
"name" : "oval:org.mitre.oval:def:9728",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9728"
},
{
"name" : "25860",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25860"
},
{
"name" : "26272",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26272"
},
{
"name" : "26390",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26390"
},
{
"name" : "26415",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26415"
},
{
"name" : "26467",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26467"
},
{
"name" : "26663",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26663"
},
{
"name" : "26766",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26766"
},
{
"name" : "26856",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26856"
},
{
"name" : "29157",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29157"
},
{
"name" : "30168",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30168"
},
{
"name" : "42813",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42813"
},
{
"name" : "ADV-2011-0022",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0022"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2007-0024",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0024/"
},
{
"name": "MDKSA-2007:164",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164"
},
{
"name": "29157",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29157"
},
{
"name": "http://www.libgd.org/ReleaseNote020035",
"refsource": "MISC",
"url": "http://www.libgd.org/ReleaseNote020035"
},
{
"name": "26415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26415"
},
{
"name": "https://issues.rpath.com/browse/RPL-1643",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1643"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=277421",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=277421"
},
{
"name": "GLSA-200805-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"
},
{
"name": "oval:org.mitre.oval:def:9728",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9728"
},
{
"name": "http://bugs.libgd.org/?do=details&task_id=70",
"refsource": "CONFIRM",
"url": "http://bugs.libgd.org/?do=details&task_id=70"
},
{
"name": "20070907 FLEA-2007-0052-1 gd",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/478796/100/0/threaded"
},
{
"name": "26467",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26467"
},
{
"name": "42813",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42813"
},
{
"name": "GLSA-200708-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200708-05.xml"
},
{
"name": "30168",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30168"
},
{
"name": "FEDORA-2007-692",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html"
},
{
"name": "ADV-2011-0022",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0022"
},
{
"name": "25860",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25860"
},
{
"name": "26663",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26663"
},
{
"name": "FEDORA-2010-19033",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html"
},
{
"name": "26856",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26856"
},
{
"name": "26272",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26272"
},
{
"name": "GLSA-200711-34",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"
},
{
"name": "RHSA-2008:0146",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0146.html"
},
{
"name": "FEDORA-2010-19022",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html"
},
{
"name": "24651",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24651"
},
{
"name": "MDKSA-2007:153",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:153"
},
{
"name": "26766",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26766"
},
{
"name": "26390",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26390"
},
{
"name": "ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz",
"refsource": "CONFIRM",
"url": "ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz"
},
{
"name": "SUSE-SR:2007:015",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"name": "FEDORA-2007-2055",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA-2007-205.shtml"
}
]
}
}

170
2007/3xxx/CVE-2007-3491.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3491",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in _mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to have an unknown impact via a malformed TCP/IP message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070627 Openedge _mprosrv buffer overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/472349/100/0/threaded"
},
{
"name" : "http://www.psdn.com/library/servlet/KbServlet/download/2629-102-4821/README_101B_01.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.psdn.com/library/servlet/KbServlet/download/2629-102-4821/README_101B_01.pdf"
},
{
"name" : "37747",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37747"
},
{
"name" : "25865",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25865"
},
{
"name" : "2851",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2851"
},
{
"name" : "openedge-mprosrv-bo(35104)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35104"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in _mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to have an unknown impact via a malformed TCP/IP message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070627 Openedge _mprosrv buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472349/100/0/threaded"
},
{
"name": "25865",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25865"
},
{
"name": "2851",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2851"
},
{
"name": "http://www.psdn.com/library/servlet/KbServlet/download/2629-102-4821/README_101B_01.pdf",
"refsource": "CONFIRM",
"url": "http://www.psdn.com/library/servlet/KbServlet/download/2629-102-4821/README_101B_01.pdf"
},
{
"name": "37747",
"refsource": "OSVDB",
"url": "http://osvdb.org/37747"
},
{
"name": "openedge-mprosrv-bo(35104)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35104"
}
]
}
}

140
2007/4xxx/CVE-2007-4175.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-4175",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in OpenRat CMS 0.8-beta1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) subaction and (2) action parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels-team.blogspot.com/2007/08/openrat-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels-team.blogspot.com/2007/08/openrat-vuln.html"
},
{
"name" : "25169",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25169"
},
{
"name" : "openrat-index-xss(35748)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35748"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in OpenRat CMS 0.8-beta1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) subaction and (2) action parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25169",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25169"
},
{
"name": "http://pridels-team.blogspot.com/2007/08/openrat-vuln.html",
"refsource": "MISC",
"url": "http://pridels-team.blogspot.com/2007/08/openrat-vuln.html"
},
{
"name": "openrat-index-xss(35748)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35748"
}
]
}
}

210
2007/6xxx/CVE-2007-6180.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6180",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the Remote Procedure Call kernel module (rpcmod) in Sun Solaris 8 through 10 allows local users to cause a denial of service (NULL dereference and panic) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-508.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-508.htm"
},
{
"name" : "103083",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103083-1"
},
{
"name" : "200661",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200661-1"
},
{
"name" : "26627",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26627"
},
{
"name" : "ADV-2007-4035",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4035"
},
{
"name" : "40821",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/40821"
},
{
"name" : "1019011",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019011"
},
{
"name" : "27831",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27831"
},
{
"name" : "28057",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28057"
},
{
"name" : "solaris-rpc-module-dos(38718)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38718"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the Remote Procedure Call kernel module (rpcmod) in Sun Solaris 8 through 10 allows local users to cause a denial of service (NULL dereference and panic) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "solaris-rpc-module-dos(38718)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38718"
},
{
"name": "26627",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26627"
},
{
"name": "ADV-2007-4035",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4035"
},
{
"name": "200661",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200661-1"
},
{
"name": "1019011",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019011"
},
{
"name": "28057",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28057"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-508.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-508.htm"
},
{
"name": "40821",
"refsource": "OSVDB",
"url": "http://osvdb.org/40821"
},
{
"name": "27831",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27831"
},
{
"name": "103083",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103083-1"
}
]
}
}

120
2007/6xxx/CVE-2007-6369.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6369",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in resize.php in the PictPress 0.91 and earlier plugin for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) size or (2) path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4695",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4695"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in resize.php in the PictPress 0.91 and earlier plugin for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) size or (2) path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4695",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4695"
}
]
}
}

140
2007/6xxx/CVE-2007-6729.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6729",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the web management interface in the ZyXEL P-330W router allows remote attackers to inject arbitrary web script or HTML via the pingstr parameter and other unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6729",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071225 Ho Ho H0-Day - ZyXEL P-330W multiple XSS and XSRF vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2007/Dec/0559.html"
},
{
"name" : "27024",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27024"
},
{
"name" : "28172",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28172"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the web management interface in the ZyXEL P-330W router allows remote attackers to inject arbitrary web script or HTML via the pingstr parameter and other unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27024",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27024"
},
{
"name": "28172",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28172"
},
{
"name": "20071225 Ho Ho H0-Day - ZyXEL P-330W multiple XSS and XSRF vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2007/Dec/0559.html"
}
]
}
}

310
2010/0xxx/CVE-2010-0425.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0425",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and \"orphaned callback pointers.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues",
"refsource" : "MLIST",
"url" : "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"
},
{
"name" : "http://www.senseofsecurity.com.au/advisories/SOS-10-002",
"refsource" : "MISC",
"url" : "http://www.senseofsecurity.com.au/advisories/SOS-10-002"
},
{
"name" : "http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=917870&r2=917869&pathrev=917870",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=917870&r2=917869&pathrev=917870"
},
{
"name" : "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/arch/win32/mod_isapi.c?r1=917870&r2=917869&pathrev=917870",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/arch/win32/mod_isapi.c?r1=917870&r2=917869&pathrev=917870"
},
{
"name" : "http://svn.apache.org/viewvc?view=revision&revision=917870",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=revision&revision=917870"
},
{
"name" : "http://httpd.apache.org/security/vulnerabilities_20.html",
"refsource" : "CONFIRM",
"url" : "http://httpd.apache.org/security/vulnerabilities_20.html"
},
{
"name" : "http://httpd.apache.org/security/vulnerabilities_22.html",
"refsource" : "CONFIRM",
"url" : "http://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2010-0014.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
},
{
"name" : "PM09447",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM09447"
},
{
"name" : "PM12247",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247"
},
{
"name" : "VU#280613",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/280613"
},
{
"name" : "38494",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38494"
},
{
"name" : "oval:org.mitre.oval:def:8439",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8439"
},
{
"name" : "1023701",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023701"
},
{
"name" : "38978",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38978"
},
{
"name" : "39628",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39628"
},
{
"name" : "ADV-2010-0634",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0634"
},
{
"name" : "ADV-2010-0994",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0994"
},
{
"name" : "apache-http-modisapi-ocp-unspecified(56624)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56624"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and \"orphaned callback pointers.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"
},
{
"name": "39628",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39628"
},
{
"name": "ADV-2010-0634",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0634"
},
{
"name": "PM12247",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247"
},
{
"name": "1023701",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023701"
},
{
"name": "38494",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38494"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
},
{
"name": "PM09447",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM09447"
},
{
"name": "http://httpd.apache.org/security/vulnerabilities_20.html",
"refsource": "CONFIRM",
"url": "http://httpd.apache.org/security/vulnerabilities_20.html"
},
{
"name": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/arch/win32/mod_isapi.c?r1=917870&r2=917869&pathrev=917870",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/arch/win32/mod_isapi.c?r1=917870&r2=917869&pathrev=917870"
},
{
"name": "VU#280613",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/280613"
},
{
"name": "38978",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38978"
},
{
"name": "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"
},
{
"name": "http://httpd.apache.org/security/vulnerabilities_22.html",
"refsource": "CONFIRM",
"url": "http://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"name": "http://svn.apache.org/viewvc?view=revision&revision=917870",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=917870"
},
{
"name": "http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=917870&r2=917869&pathrev=917870",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=917870&r2=917869&pathrev=917870"
},
{
"name": "oval:org.mitre.oval:def:8439",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8439"
},
{
"name": "http://www.senseofsecurity.com.au/advisories/SOS-10-002",
"refsource": "MISC",
"url": "http://www.senseofsecurity.com.au/advisories/SOS-10-002"
},
{
"name": "apache-http-modisapi-ocp-unspecified(56624)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56624"
},
{
"name": "ADV-2010-0994",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0994"
}
]
}
}

170
2010/0xxx/CVE-2010-0766.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0766",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the Swap4 function in valet4.dll in Luxology Modo 401 allows user-assisted remote attackers to execute arbitrary code via a .LXO file containing a CHNL subchunk associated with an invalid length."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0766",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100302 Luxology Modo 401 .LXO Integer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/509810/100/0/threaded"
},
{
"name" : "20100303 CORRECTION: CORE-2009-0913 - Luxology Modo 401 .LXO Integer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/509843/100/0/threaded"
},
{
"name" : "http://www.coresecurity.com/content/luxology-modo-lxo-vulnerability",
"refsource" : "MISC",
"url" : "http://www.coresecurity.com/content/luxology-modo-lxo-vulnerability"
},
{
"name" : "38460",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38460"
},
{
"name" : "62669",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/62669"
},
{
"name" : "38784",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38784"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the Swap4 function in valet4.dll in Luxology Modo 401 allows user-assisted remote attackers to execute arbitrary code via a .LXO file containing a CHNL subchunk associated with an invalid length."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100302 Luxology Modo 401 .LXO Integer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509810/100/0/threaded"
},
{
"name": "20100303 CORRECTION: CORE-2009-0913 - Luxology Modo 401 .LXO Integer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509843/100/0/threaded"
},
{
"name": "http://www.coresecurity.com/content/luxology-modo-lxo-vulnerability",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/luxology-modo-lxo-vulnerability"
},
{
"name": "38784",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38784"
},
{
"name": "62669",
"refsource": "OSVDB",
"url": "http://osvdb.org/62669"
},
{
"name": "38460",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38460"
}
]
}
}

130
2010/1xxx/CVE-2010-1009.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1009",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name" : "38789",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38789"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38789",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38789"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
]
}
}

250
2010/1xxx/CVE-2010-1188.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1188",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in net/ipv4/tcp_input.c in the Linux kernel 2.6 before 2.6.20, when IPV6_RECVPKTINFO is set on a listening socket, allows remote attackers to cause a denial of service (kernel panic) via a SYN packet while the socket is in a listening (TCP_LISTEN) state, which is not properly handled and causes the skb structure to be freed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100329 CVE request: kernel: ipv6: skb is unexpectedly freed (remote DoS)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/03/29/1"
},
{
"name" : "http://git.kernel.org/linus/fb7e2399ec17f1004c0e0ccfd17439f8759ede01",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/linus/fb7e2399ec17f1004c0e0ccfd17439f8759ede01"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100090459",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100090459"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0009.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
},
{
"name" : "RHSA-2010:0380",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0380.html"
},
{
"name" : "RHSA-2010:0394",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0394.html"
},
{
"name" : "RHSA-2010:0424",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0424.html"
},
{
"name" : "RHSA-2010:0439",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0439.html"
},
{
"name" : "RHSA-2010:0882",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0882.html"
},
{
"name" : "39016",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39016"
},
{
"name" : "oval:org.mitre.oval:def:9878",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9878"
},
{
"name" : "1023992",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023992"
},
{
"name" : "39652",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39652"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in net/ipv4/tcp_input.c in the Linux kernel 2.6 before 2.6.20, when IPV6_RECVPKTINFO is set on a listening socket, allows remote attackers to cause a denial of service (kernel panic) via a SYN packet while the socket is in a listening (TCP_LISTEN) state, which is not properly handled and causes the skb structure to be freed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1023992",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023992"
},
{
"name": "RHSA-2010:0380",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0380.html"
},
{
"name": "oval:org.mitre.oval:def:9878",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9878"
},
{
"name": "RHSA-2010:0394",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0394.html"
},
{
"name": "http://support.avaya.com/css/P8/documents/100090459",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100090459"
},
{
"name": "RHSA-2010:0882",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0882.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20"
},
{
"name": "[oss-security] 20100329 CVE request: kernel: ipv6: skb is unexpectedly freed (remote DoS)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/03/29/1"
},
{
"name": "39652",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39652"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0009.html"
},
{
"name": "http://git.kernel.org/linus/fb7e2399ec17f1004c0e0ccfd17439f8759ede01",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/linus/fb7e2399ec17f1004c0e0ccfd17439f8759ede01"
},
{
"name": "RHSA-2010:0439",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0439.html"
},
{
"name": "39016",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39016"
},
{
"name": "RHSA-2010:0424",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0424.html"
}
]
}
}

130
2010/1xxx/CVE-2010-1441.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1441",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) A/52, (2) DTS, or (3) MPEG Audio decoder."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-1441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100428 Re: CVE request: VLC <1.0.6 Multiple issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/04/28/4"
},
{
"name" : "http://www.videolan.org/security/sa1003.html",
"refsource" : "CONFIRM",
"url" : "http://www.videolan.org/security/sa1003.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) A/52, (2) DTS, or (3) MPEG Audio decoder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.videolan.org/security/sa1003.html",
"refsource": "CONFIRM",
"url": "http://www.videolan.org/security/sa1003.html"
},
{
"name": "[oss-security] 20100428 Re: CVE request: VLC <1.0.6 Multiple issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/04/28/4"
}
]
}
}

180
2010/1xxx/CVE-2010-1493.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1493",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the AWDwall (com_awdwall) component before 1.5.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cbuser parameter in an awdwall action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1004-exploits/joomlaawdwall-lfisql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1004-exploits/joomlaawdwall-lfisql.txt"
},
{
"name" : "12113",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/12113"
},
{
"name" : "http://www.awdwall.com/index.php/awdwall-updates-logs-",
"refsource" : "CONFIRM",
"url" : "http://www.awdwall.com/index.php/awdwall-updates-logs-"
},
{
"name" : "38194",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38194"
},
{
"name" : "63942",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/63942"
},
{
"name" : "39553",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39553"
},
{
"name" : "comawdwall-itemid-sql-injection(57694)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57694"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the AWDwall (com_awdwall) component before 1.5.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cbuser parameter in an awdwall action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38194",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38194"
},
{
"name": "39553",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39553"
},
{
"name": "http://www.awdwall.com/index.php/awdwall-updates-logs-",
"refsource": "CONFIRM",
"url": "http://www.awdwall.com/index.php/awdwall-updates-logs-"
},
{
"name": "http://packetstormsecurity.org/1004-exploits/joomlaawdwall-lfisql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1004-exploits/joomlaawdwall-lfisql.txt"
},
{
"name": "comawdwall-itemid-sql-injection(57694)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57694"
},
{
"name": "12113",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12113"
},
{
"name": "63942",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/63942"
}
]
}
}

150
2010/1xxx/CVE-2010-1993.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1993",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (resource consumption) via an HTML document with many IFRAME elements."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100518 DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera and other browsers",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/511327/100/0/threaded"
},
{
"name" : "http://websecurity.com.ua/4206/",
"refsource" : "MISC",
"url" : "http://websecurity.com.ua/4206/"
},
{
"name" : "SUSE-SR:2010:014",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name" : "oval:org.mitre.oval:def:11952",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11952"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (resource consumption) via an HTML document with many IFRAME elements."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://websecurity.com.ua/4206/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/4206/"
},
{
"name": "20100518 DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera and other browsers",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511327/100/0/threaded"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "oval:org.mitre.oval:def:11952",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11952"
}
]
}
}

150
2014/0xxx/CVE-2014-0102.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0102",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The keyring_detect_cycle_iterator function in security/keys/keyring.c in the Linux kernel through 3.13.6 does not properly determine whether keyrings are identical, which allows local users to cause a denial of service (OOPS) via crafted keyctl commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[linux-kernel] 20140227 kernel BUG at security/keys/keyring.c:1003!",
"refsource" : "MLIST",
"url" : "http://lkml.org/lkml/2014/2/27/507"
},
{
"name" : "[oss-security] 20140304 CVE-2014-0102 -- Linux kernel: security: keyring cycle detector DoS",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/03/04/21"
},
{
"name" : "http://www.kernelhub.org/?msg=425013&p=2",
"refsource" : "MISC",
"url" : "http://www.kernelhub.org/?msg=425013&p=2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1072419",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1072419"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The keyring_detect_cycle_iterator function in security/keys/keyring.c in the Linux kernel through 3.13.6 does not properly determine whether keyrings are identical, which allows local users to cause a denial of service (OOPS) via crafted keyctl commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140304 CVE-2014-0102 -- Linux kernel: security: keyring cycle detector DoS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/03/04/21"
},
{
"name": "http://www.kernelhub.org/?msg=425013&p=2",
"refsource": "MISC",
"url": "http://www.kernelhub.org/?msg=425013&p=2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1072419",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1072419"
},
{
"name": "[linux-kernel] 20140227 kernel BUG at security/keys/keyring.c:1003!",
"refsource": "MLIST",
"url": "http://lkml.org/lkml/2014/2/27/507"
}
]
}
}

140
2014/0xxx/CVE-2014-0357.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0357",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Amtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML request containing a valid license key and a modified contactID value, as demonstrated by a request from the iOS or Android application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-0357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-121-01",
"refsource" : "MISC",
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-121-01"
},
{
"name" : "https://service.amtelco.com/INFINITY/MSM/MSM6.2SecurityBriefing.pdf",
"refsource" : "MISC",
"url" : "https://service.amtelco.com/INFINITY/MSM/MSM6.2SecurityBriefing.pdf"
},
{
"name" : "VU#251628",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/251628"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Amtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML request containing a valid license key and a modified contactID value, as demonstrated by a request from the iOS or Android application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#251628",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/251628"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-121-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-121-01"
},
{
"name": "https://service.amtelco.com/INFINITY/MSM/MSM6.2SecurityBriefing.pdf",
"refsource": "MISC",
"url": "https://service.amtelco.com/INFINITY/MSM/MSM6.2SecurityBriefing.pdf"
}
]
}
}

150
2014/0xxx/CVE-2014-0565.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0565",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0566."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2014-0565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://helpx.adobe.com/security/products/reader/apsb14-20.html",
"refsource" : "CONFIRM",
"url" : "http://helpx.adobe.com/security/products/reader/apsb14-20.html"
},
{
"name" : "69824",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69824"
},
{
"name" : "1030853",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030853"
},
{
"name" : "adobe-reader-cve20140565-code-exec(96002)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96002"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0566."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://helpx.adobe.com/security/products/reader/apsb14-20.html",
"refsource": "CONFIRM",
"url": "http://helpx.adobe.com/security/products/reader/apsb14-20.html"
},
{
"name": "adobe-reader-cve20140565-code-exec(96002)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96002"
},
{
"name": "1030853",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030853"
},
{
"name": "69824",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69824"
}
]
}
}

180
2014/0xxx/CVE-2014-0648.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0648",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authentication and authorization requirements, which allows remote attackers to obtain administrative access via a request to this interface, aka Bug ID CSCud75187."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-0648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32379",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32379"
},
{
"name" : "20140115 Multiple Vulnerabilities in Cisco Secure Access Control System",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140115-csacs"
},
{
"name" : "64962",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64962"
},
{
"name" : "102117",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102117"
},
{
"name" : "1029634",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029634"
},
{
"name" : "56213",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56213"
},
{
"name" : "cisco-acs-cve20140648-unauth-access(90431)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90431"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authentication and authorization requirements, which allows remote attackers to obtain administrative access via a request to this interface, aka Bug ID CSCud75187."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64962",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64962"
},
{
"name": "56213",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56213"
},
{
"name": "cisco-acs-cve20140648-unauth-access(90431)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90431"
},
{
"name": "102117",
"refsource": "OSVDB",
"url": "http://osvdb.org/102117"
},
{
"name": "1029634",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029634"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32379",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32379"
},
{
"name": "20140115 Multiple Vulnerabilities in Cisco Secure Access Control System",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140115-csacs"
}
]
}
}

140
2014/0xxx/CVE-2014-0993.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0993",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote attackers to execute arbitrary code via a crafted BMP file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-0993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.coresecurity.com/advisories/delphi-and-c-builder-vcl-library-buffer-overflow",
"refsource" : "MISC",
"url" : "http://www.coresecurity.com/advisories/delphi-and-c-builder-vcl-library-buffer-overflow"
},
{
"name" : "http://support.embarcadero.com/article/44015",
"refsource" : "CONFIRM",
"url" : "http://support.embarcadero.com/article/44015"
},
{
"name" : "VU#646748",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/646748"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote attackers to execute arbitrary code via a crafted BMP file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#646748",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/646748"
},
{
"name": "http://www.coresecurity.com/advisories/delphi-and-c-builder-vcl-library-buffer-overflow",
"refsource": "MISC",
"url": "http://www.coresecurity.com/advisories/delphi-and-c-builder-vcl-library-buffer-overflow"
},
{
"name": "http://support.embarcadero.com/article/44015",
"refsource": "CONFIRM",
"url": "http://support.embarcadero.com/article/44015"
}
]
}
}

150
2014/100xxx/CVE-2014-100021.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-100021",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in symfony/web/index.php/pim/viewEmployeeList in OrangeHRM before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the empsearch[employee_name][empId] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-100021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://hauntit.blogspot.com/2014/02/en-xss-in-orangehrm.html",
"refsource" : "MISC",
"url" : "http://hauntit.blogspot.com/2014/02/en-xss-in-orangehrm.html"
},
{
"name" : "http://sourceforge.net/projects/orangehrm/files/stable/3.1.2/",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/projects/orangehrm/files/stable/3.1.2/"
},
{
"name" : "65904",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65904"
},
{
"name" : "57206",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57206"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in symfony/web/index.php/pim/viewEmployeeList in OrangeHRM before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the empsearch[employee_name][empId] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57206",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57206"
},
{
"name": "65904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65904"
},
{
"name": "http://sourceforge.net/projects/orangehrm/files/stable/3.1.2/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/orangehrm/files/stable/3.1.2/"
},
{
"name": "http://hauntit.blogspot.com/2014/02/en-xss-in-orangehrm.html",
"refsource": "MISC",
"url": "http://hauntit.blogspot.com/2014/02/en-xss-in-orangehrm.html"
}
]
}
}

160
2014/1xxx/CVE-2014-1202.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1202",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "30908",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/30908"
},
{
"name" : "http://packetstormsecurity.com/files/124773/SoapUI-Remote-Code-Execution.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/124773/SoapUI-Remote-Code-Execution.html"
},
{
"name" : "http://baraktawily.blogspot.com/2014/01/soapui-code-execution-vulnerability-cve.html",
"refsource" : "MISC",
"url" : "http://baraktawily.blogspot.com/2014/01/soapui-code-execution-vulnerability-cve.html"
},
{
"name" : "http://www.youtube.com/watch?v=3lCLE64rsc0",
"refsource" : "MISC",
"url" : "http://www.youtube.com/watch?v=3lCLE64rsc0"
},
{
"name" : "https://github.com/SmartBear/soapui/blob/master/RELEASENOTES.txt",
"refsource" : "CONFIRM",
"url" : "https://github.com/SmartBear/soapui/blob/master/RELEASENOTES.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.youtube.com/watch?v=3lCLE64rsc0",
"refsource": "MISC",
"url": "http://www.youtube.com/watch?v=3lCLE64rsc0"
},
{
"name": "http://packetstormsecurity.com/files/124773/SoapUI-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124773/SoapUI-Remote-Code-Execution.html"
},
{
"name": "30908",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/30908"
},
{
"name": "http://baraktawily.blogspot.com/2014/01/soapui-code-execution-vulnerability-cve.html",
"refsource": "MISC",
"url": "http://baraktawily.blogspot.com/2014/01/soapui-code-execution-vulnerability-cve.html"
},
{
"name": "https://github.com/SmartBear/soapui/blob/master/RELEASENOTES.txt",
"refsource": "CONFIRM",
"url": "https://github.com/SmartBear/soapui/blob/master/RELEASENOTES.txt"
}
]
}
}

140
2014/1xxx/CVE-2014-1353.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1353",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Lock Screen in Apple iOS before 7.1.2 does not properly manage the telephony state in Airplane Mode, which allows physically proximate attackers to bypass the lock protection mechanism, and access a certain foreground application, via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-1353",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2014-06-30-3",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
},
{
"name" : "68276",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68276"
},
{
"name" : "1030500",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030500"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lock Screen in Apple iOS before 7.1.2 does not properly manage the telephony state in Airplane Mode, which allows physically proximate attackers to bypass the lock protection mechanism, and access a certain foreground application, via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68276"
},
{
"name": "APPLE-SA-2014-06-30-3",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
},
{
"name": "1030500",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030500"
}
]
}
}

210
2014/1xxx/CVE-2014-1744.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1744",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the AudioInputRendererHost::OnCreateStream function in content/browser/renderer_host/media/audio_input_renderer_host.cc in Google Chrome before 35.0.1916.114 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large shared-memory allocation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-1744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=359454",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=359454"
},
{
"name" : "https://src.chromium.org/viewvc/chrome?revision=261549&view=revision",
"refsource" : "CONFIRM",
"url" : "https://src.chromium.org/viewvc/chrome?revision=261549&view=revision"
},
{
"name" : "DSA-2939",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2939"
},
{
"name" : "GLSA-201408-16",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201408-16.xml"
},
{
"name" : "openSUSE-SU-2014:0783",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html"
},
{
"name" : "1030270",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030270"
},
{
"name" : "58920",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58920"
},
{
"name" : "59155",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59155"
},
{
"name" : "60372",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60372"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the AudioInputRendererHost::OnCreateStream function in content/browser/renderer_host/media/audio_input_renderer_host.cc in Google Chrome before 35.0.1916.114 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large shared-memory allocation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://src.chromium.org/viewvc/chrome?revision=261549&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/chrome?revision=261549&view=revision"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=359454",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=359454"
},
{
"name": "DSA-2939",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2939"
},
{
"name": "http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html"
},
{
"name": "GLSA-201408-16",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201408-16.xml"
},
{
"name": "60372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60372"
},
{
"name": "openSUSE-SU-2014:0783",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html"
},
{
"name": "59155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59155"
},
{
"name": "58920",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58920"
},
{
"name": "1030270",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030270"
}
]
}
}

160
2014/1xxx/CVE-2014-1944.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1944",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the text parameter to index.php/guestbook/index/newentry."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140305 Cross-Site Scripting (XSS) in Ilch CMS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/531350/100/0/threaded"
},
{
"name" : "32076",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/32076"
},
{
"name" : "https://www.htbridge.com/advisory/HTB23203",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23203"
},
{
"name" : "https://github.com/IlchCMS/Ilch-2.0/commit/381e15f39d07d3cdf6aaaa25c0f2321f817935f7",
"refsource" : "CONFIRM",
"url" : "https://github.com/IlchCMS/Ilch-2.0/commit/381e15f39d07d3cdf6aaaa25c0f2321f817935f7"
},
{
"name" : "ilchcms-cve20141944-xss(91538)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91538"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the text parameter to index.php/guestbook/index/newentry."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ilchcms-cve20141944-xss(91538)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91538"
},
{
"name": "32076",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/32076"
},
{
"name": "https://www.htbridge.com/advisory/HTB23203",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23203"
},
{
"name": "https://github.com/IlchCMS/Ilch-2.0/commit/381e15f39d07d3cdf6aaaa25c0f2321f817935f7",
"refsource": "CONFIRM",
"url": "https://github.com/IlchCMS/Ilch-2.0/commit/381e15f39d07d3cdf6aaaa25c0f2321f817935f7"
},
{
"name": "20140305 Cross-Site Scripting (XSS) in Ilch CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/531350/100/0/threaded"
}
]
}
}

130
2014/5xxx/CVE-2014-5088.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5088",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Status2k allows remote attackers to inject arbitrary web script or HTML via the username to login.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
},
{
"name" : "69012",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69012"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Status2k allows remote attackers to inject arbitrary web script or HTML via the username to login.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69012",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69012"
},
{
"name": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
}
]
}
}

34
2014/5xxx/CVE-2014-5299.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5299",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5299",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/5xxx/CVE-2014-5331.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5331",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Aflax allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-5331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#66285408",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN66285408/index.html"
},
{
"name" : "JVNDB-2014-000122",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000122"
},
{
"name" : "70605",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70605"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Aflax allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2014-000122",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000122"
},
{
"name": "JVN#66285408",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN66285408/index.html"
},
{
"name": "70605",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70605"
}
]
}
}

34
2014/5xxx/CVE-2014-5484.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5484",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5484",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/5xxx/CVE-2014-5582.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5582",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Ingress Intel Helper (aka com.bb.ingressintel) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#826345",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/826345"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ingress Intel Helper (aka com.bb.ingressintel) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#826345",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/826345"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/5xxx/CVE-2014-5990.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5990",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The cookbible (aka net.bookjam.cookbible) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#258657",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/258657"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cookbible (aka net.bookjam.cookbible) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#258657",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/258657"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

130
2015/2xxx/CVE-2015-2633.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2633",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.0.1 and 12.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Ops Center."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-2633",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name" : "1033897",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033897"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.0.1 and 12.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Ops Center."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name": "1033897",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033897"
}
]
}
}

122
2016/10xxx/CVE-2016-10620.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2016-10620",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "atom-node-module-installer node module",
"version" : {
"version_data" : [
{
"version_value" : "All versions"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "atom-node-module-installer installs node modules for atom-shell applications. atom-node-module-installer binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Missing Encryption of Sensitive Data (CWE-311)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2016-10620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "atom-node-module-installer node module",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/216",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/216"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "atom-node-module-installer installs node modules for atom-shell applications. atom-node-module-installer binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Encryption of Sensitive Data (CWE-311)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/216",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/216"
}
]
}
}

122
2016/10xxx/CVE-2016-10633.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2016-10633",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "dwebp-bin node module",
"version" : {
"version_data" : [
{
"version_value" : "All versions"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG. dwebp-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Missing Encryption of Sensitive Data (CWE-311)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2016-10633",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dwebp-bin node module",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/232",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/232"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG. dwebp-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Encryption of Sensitive Data (CWE-311)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/232",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/232"
}
]
}
}

122
2016/10xxx/CVE-2016-10695.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2016-10695",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "npm-test-sqlite3-trunk node module",
"version" : {
"version_data" : [
{
"version_value" : "All versions"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The npm-test-sqlite3-trunk module provides asynchronous, non-blocking SQLite3 bindings. npm-test-sqlite3-trunk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Missing Encryption of Sensitive Data (CWE-311)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2016-10695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "npm-test-sqlite3-trunk node module",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/297",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/297"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The npm-test-sqlite3-trunk module provides asynchronous, non-blocking SQLite3 bindings. npm-test-sqlite3-trunk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Encryption of Sensitive Data (CWE-311)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/297",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/297"
}
]
}
}

130
2016/3xxx/CVE-2016-3198.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3198",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Edge allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted document, aka \"Microsoft Edge Security Feature Bypass.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-068",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068"
},
{
"name" : "1036099",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036099"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Edge allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted document, aka \"Microsoft Edge Security Feature Bypass.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036099",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036099"
},
{
"name": "MS16-068",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068"
}
]
}
}

190
2016/3xxx/CVE-2016-3222.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3222",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Edge Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "40880",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40880/"
},
{
"name" : "20161205 CVE-2016-3222: MS Edge CBaseScriptable::PrivateQueryInterface memory corruption",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/Dec/16"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-371",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-371"
},
{
"name" : "http://blog.skylined.nl/20161205001.html",
"refsource" : "MISC",
"url" : "http://blog.skylined.nl/20161205001.html"
},
{
"name" : "http://packetstormsecurity.com/files/140043/Microsoft-Edge-CBase-Scriptable-Private-Query-Interface-Memory-Corruption.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/140043/Microsoft-Edge-CBase-Scriptable-Private-Query-Interface-Memory-Corruption.html"
},
{
"name" : "MS16-068",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068"
},
{
"name" : "91094",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91094"
},
{
"name" : "1036099",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036099"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Edge Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.skylined.nl/20161205001.html",
"refsource": "MISC",
"url": "http://blog.skylined.nl/20161205001.html"
},
{
"name": "40880",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40880/"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-371",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-371"
},
{
"name": "http://packetstormsecurity.com/files/140043/Microsoft-Edge-CBase-Scriptable-Private-Query-Interface-Memory-Corruption.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/140043/Microsoft-Edge-CBase-Scriptable-Private-Query-Interface-Memory-Corruption.html"
},
{
"name": "20161205 CVE-2016-3222: MS Edge CBaseScriptable::PrivateQueryInterface memory corruption",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Dec/16"
},
{
"name": "1036099",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036099"
},
{
"name": "MS16-068",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-068"
},
{
"name": "91094",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91094"
}
]
}
}

34
2016/3xxx/CVE-2016-3253.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3253",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-3253",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

130
2016/8xxx/CVE-2016-8791.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2016-8791",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Mate 8,Mate S,P8 Versions before NXT-AL10C00B386,Versions before NXT-CL00C92B386,Versions before NXT-DL00C17B386,Versions before NXT-TL00C01B386,Versions before CRR-CL00C92B368,Versions before CRR-CL20C92B368,Versions before CRR-TL00C01B368,Versions before CRR-UL00C00B368,Versions before CRR-UL20C00B368,Versions before GRA-TL00C01B366,Versions before GRA-CL00C92B366,Versions before GRA-CL10C92B366,Versions before GRA-UL00C00B366,Versions before GRA-UL10C00B366",
"version" : {
"version_data" : [
{
"version_value" : "Mate 8,Mate S,P8 Versions before NXT-AL10C00B386,Versions before NXT-CL00C92B386,Versions before NXT-DL00C17B386,Versions before NXT-TL00C01B386,Versions before CRR-CL00C92B368,Versions before CRR-CL20C92B368,Versions before CRR-TL00C01B368,Versions before CRR-UL00C00B368,Versions before CRR-UL20C00B368,Versions before GRA-TL00C01B366,Versions before GRA-CL00C92B366,Versions before GRA-CL10C92B366,Versions before GRA-UL00C00B366,Versions before GRA-UL10C00B366"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "input validation"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2016-8791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate 8,Mate S,P8 Versions before NXT-AL10C00B386,Versions before NXT-CL00C92B386,Versions before NXT-DL00C17B386,Versions before NXT-TL00C01B386,Versions before CRR-CL00C92B368,Versions before CRR-CL20C92B368,Versions before CRR-TL00C01B368,Versions before CRR-UL00C00B368,Versions before CRR-UL20C00B368,Versions before GRA-TL00C01B366,Versions before GRA-CL00C92B366,Versions before GRA-CL10C92B366,Versions before GRA-UL00C00B366,Versions before GRA-UL10C00B366",
"version": {
"version_data": [
{
"version_value": "Mate 8,Mate S,P8 Versions before NXT-AL10C00B386,Versions before NXT-CL00C92B386,Versions before NXT-DL00C17B386,Versions before NXT-TL00C01B386,Versions before CRR-CL00C92B368,Versions before CRR-CL20C92B368,Versions before CRR-TL00C01B368,Versions before CRR-UL00C00B368,Versions before CRR-UL20C00B368,Versions before GRA-TL00C01B366,Versions before GRA-CL00C92B366,Versions before GRA-CL10C92B366,Versions before GRA-UL00C00B366,Versions before GRA-UL10C00B366"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-smartphone-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-smartphone-en"
},
{
"name" : "94404",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94404"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "input validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-smartphone-en"
},
{
"name": "94404",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94404"
}
]
}
}

34
2016/8xxx/CVE-2016-8850.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8850",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-8850",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/8xxx/CVE-2016-8851.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8851",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-8851",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

130
2016/8xxx/CVE-2016-8855.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8855",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting (XSS) in \"/sitecore/client/Applications/List Manager/Taskpages/Contact list\" in Sitecore Experience Platform 8.1 rev. 160519 (8.1 Update-3) allows remote attacks via the Name or Description parameter. This is fixed in 8.2 Update-2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41618",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41618/"
},
{
"name" : "https://packetstormsecurity.com/files/141655/Sitecore-Experience-Platform-8.1-Update-3-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/141655/Sitecore-Experience-Platform-8.1-Update-3-Cross-Site-Scripting.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Scripting (XSS) in \"/sitecore/client/Applications/List Manager/Taskpages/Contact list\" in Sitecore Experience Platform 8.1 rev. 160519 (8.1 Update-3) allows remote attacks via the Name or Description parameter. This is fixed in 8.2 Update-2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41618",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41618/"
},
{
"name": "https://packetstormsecurity.com/files/141655/Sitecore-Experience-Platform-8.1-Update-3-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/141655/Sitecore-Experience-Platform-8.1-Update-3-Cross-Site-Scripting.html"
}
]
}
}

140
2016/9xxx/CVE-2016-9202.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2016-9202",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Email Security Appliance (ESA)",
"version" : {
"version_data" : [
{
"version_value" : "Cisco Email Security Appliance (ESA)"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an affected device. More Information: CSCvb37346. Known Affected Releases: 9.1.1-036 9.7.1-066."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unspecified"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-9202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Email Security Appliance (ESA)",
"version": {
"version_data": [
{
"version_value": "Cisco Email Security Appliance (ESA)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1"
},
{
"name" : "94799",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94799"
},
{
"name" : "1037423",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037423"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the affected interface on an affected device. More Information: CSCvb37346. Known Affected Releases: 9.1.1-036 9.7.1-066."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037423",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037423"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1"
},
{
"name": "94799",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94799"
}
]
}
}

130
2016/9xxx/CVE-2016-9253.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "f5sirt@f5.com",
"ID" : "CVE-2016-9253",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BIG-IP",
"version" : {
"version_data" : [
{
"version_value" : "12.1.0-12.1.2"
}
]
}
}
]
},
"vendor_name" : "F5 Networks, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Websocket profile vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2016-9253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP",
"version": {
"version_data": [
{
"version_value": "12.1.0-12.1.2"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.f5.com/csp/article/K51351360",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/csp/article/K51351360"
},
{
"name" : "1038415",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038415"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Websocket profile vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K51351360",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K51351360"
},
{
"name": "1038415",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038415"
}
]
}
}

130
2016/9xxx/CVE-2016-9976.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-9976",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Maximo Asset Management",
"version" : {
"version_data" : [
{
"version_value" : "7.1, 7.5, 7.6"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-9976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.1, 7.5, 7.6"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22002018",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22002018"
},
{
"name" : "98305",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98305"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22002018",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22002018"
},
{
"name": "98305",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98305"
}
]
}
}

34
2019/2xxx/CVE-2019-2657.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2657",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2657",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2971.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2971",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2971",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2978.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2978",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2978",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/6xxx/CVE-2019-6467.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6467",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6467",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/6xxx/CVE-2019-6658.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6658",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6658",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/6xxx/CVE-2019-6668.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6668",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6668",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/6xxx/CVE-2019-6801.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6801",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6801",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/6xxx/CVE-2019-6923.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6923",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6923",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/7xxx/CVE-2019-7924.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7924",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7924",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}