admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:51:41 +00:00
parent dcc31bd81d
commit cd44504ee7
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
52 changed files with 4000 additions and 4000 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

210
2006/1xxx/CVE-2006-1201.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1201", "ID": "CVE-2006-1201",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in resetpw.php in eschew.net phpBannerExchange 2.0 and earlier, and other versions before 2.0 Update 5, allows remote attackers to read arbitrary files via a .. (dot dot) in the email parameter during a \"Recover password\" operation (recoverpw.php)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060307 phpBannerExchange 2.0 Directory Traversal Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/426940/100/0/threaded" "lang": "eng",
}, "value": "Directory traversal vulnerability in resetpw.php in eschew.net phpBannerExchange 2.0 and earlier, and other versions before 2.0 Update 5, allows remote attackers to read arbitrary files via a .. (dot dot) in the email parameter during a \"Recover password\" operation (recoverpw.php)."
{ }
"name" : "20060307 phpBannerExchange 2.0 Directory Traversal Vulnerability", ]
"refsource" : "FULLDISC", },
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0879.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.h4cky0u.org/advisories/HYSA-2006-004-phpbanner.txt", "description": [
"refsource" : "MISC", {
"url" : "http://www.h4cky0u.org/advisories/HYSA-2006-004-phpbanner.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.eschew.net/scripts/phpbe/2.0/releasenotes.php", ]
"refsource" : "CONFIRM", }
"url" : "http://www.eschew.net/scripts/phpbe/2.0/releasenotes.php" ]
}, },
{ "references": {
"name" : "16996", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16996" "name": "19127",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19127"
"name" : "ADV-2006-0869", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0869" "name": "20060307 phpBannerExchange 2.0 Directory Traversal Vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/426940/100/0/threaded"
"name" : "23720", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/23720" "name": "ADV-2006-0869",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/0869"
"name" : "19127", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19127" "name": "http://www.eschew.net/scripts/phpbe/2.0/releasenotes.php",
}, "refsource": "CONFIRM",
{ "url": "http://www.eschew.net/scripts/phpbe/2.0/releasenotes.php"
"name" : "phpbannerexchange-resetpw-dir-traversal(25071)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25071" "name": "23720",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/23720"
"name" : "phpbannerexchange-recoverpw-dir-traversal(25080)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25080" "name": "http://www.h4cky0u.org/advisories/HYSA-2006-004-phpbanner.txt",
} "refsource": "MISC",
] "url": "http://www.h4cky0u.org/advisories/HYSA-2006-004-phpbanner.txt"
} },
} {
"name": "20060307 phpBannerExchange 2.0 Directory Traversal Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0879.html"
},
{
"name": "phpbannerexchange-resetpw-dir-traversal(25071)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25071"
},
{
"name": "phpbannerexchange-recoverpw-dir-traversal(25080)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25080"
},
{
"name": "16996",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16996"
}
]
}
}

200
2006/1xxx/CVE-2006-1398.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1398", "ID": "CVE-2006-1398",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in guestbook.php in G-Book 1.0 allows remote attackers to inject arbitrary web script or HTML via the g_message parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060327 HYSA-2006-006 G-Book 1.0 XSS And Other Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/428900/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in guestbook.php in G-Book 1.0 allows remote attackers to inject arbitrary web script or HTML via the g_message parameter."
{ }
"name" : "http://www.h4cky0u.org/advisories/HYSA-2006-006-g-book.txt", ]
"refsource" : "MISC", },
"url" : "http://www.h4cky0u.org/advisories/HYSA-2006-006-g-book.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "17253", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17253" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-1100", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/1100" ]
}, },
{ "references": {
"name" : "24141", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/24141" "name": "17253",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/17253"
"name" : "1015830", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015830" "name": "19414",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19414"
"name" : "19414", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19414" "name": "24141",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/24141"
"name" : "634", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/634" "name": "1015830",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1015830"
"name" : "gbook-guestbook-xss(25475)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25475" "name": "634",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/634"
} },
} {
"name": "gbook-guestbook-xss(25475)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25475"
},
{
"name": "20060327 HYSA-2006-006 G-Book 1.0 XSS And Other Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/428900/100/0/threaded"
},
{
"name": "http://www.h4cky0u.org/advisories/HYSA-2006-006-g-book.txt",
"refsource": "MISC",
"url": "http://www.h4cky0u.org/advisories/HYSA-2006-006-g-book.txt"
},
{
"name": "ADV-2006-1100",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1100"
}
]
}
}

200
2006/5xxx/CVE-2006-5172.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5172", "ID": "CVE-2006-5172",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the \"Mediasvr.exe String Handling Overflow,\" a different vulnerability than CVE-2006-5171."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070111 Computer Associates Brightstor ARCserve Mediasvr.exe String Handling Overflow", "description_data": [
"refsource" : "ISS", {
"url" : "http://www.iss.net/threats/253.html" "lang": "eng",
}, "value": "Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the \"Mediasvr.exe String Handling Overflow,\" a different vulnerability than CVE-2006-5171."
{ }
"name" : "20070111 [CAID 34955, 34956, 34957, 34958, 34959, 34817]: CA BrightStor ARCserve Backup Multiple Overflow Vulnerabilities", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/456711" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://supportconnectw.ca.com/public/storage/infodocs/babimpsec-notice.asp", "description": [
"refsource" : "CONFIRM", {
"url" : "http://supportconnectw.ca.com/public/storage/infodocs/babimpsec-notice.asp" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "22016", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/22016" ]
}, },
{ "references": {
"name" : "ADV-2007-0154", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/0154" "name": "http://supportconnectw.ca.com/public/storage/infodocs/babimpsec-notice.asp",
}, "refsource": "CONFIRM",
{ "url": "http://supportconnectw.ca.com/public/storage/infodocs/babimpsec-notice.asp"
"name" : "31320", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/31320" "name": "1017506",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1017506"
"name" : "1017506", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1017506" "name": "20070111 [CAID 34955, 34956, 34957, 34958, 34959, 34817]: CA BrightStor ARCserve Backup Multiple Overflow Vulnerabilities",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/456711"
"name" : "23648", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23648" "name": "22016",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/22016"
"name" : "backup-product-string-overflow(29344)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29344" "name": "backup-product-string-overflow(29344)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29344"
} },
} {
"name": "ADV-2007-0154",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0154"
},
{
"name": "20070111 Computer Associates Brightstor ARCserve Mediasvr.exe String Handling Overflow",
"refsource": "ISS",
"url": "http://www.iss.net/threats/253.html"
},
{
"name": "23648",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23648"
},
{
"name": "31320",
"refsource": "OSVDB",
"url": "http://osvdb.org/31320"
}
]
}
}

190
2006/5xxx/CVE-2006-5278.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5278", "ID": "CVE-2006-5278",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070711 Cisco Call Manager RisDC.exe Remote Code Execution", "description_data": [
"refsource" : "ISS", {
"url" : "http://www.iss.net/threats/271.html" "lang": "eng",
}, "value": "Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow."
{ }
"name" : "20070711 Cisco Unified Communications Manager Overflow Vulnerabilities", ]
"refsource" : "CISCO", },
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "24868", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/24868" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2007-2512", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2007/2512" ]
}, },
{ "references": {
"name" : "36121", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/36121" "name": "negative-integer-bo(19057)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19057"
"name" : "1018369", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1018369" "name": "20070711 Cisco Call Manager RisDC.exe Remote Code Execution",
}, "refsource": "ISS",
{ "url": "http://www.iss.net/threats/271.html"
"name" : "26043", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26043" "name": "20070711 Cisco Unified Communications Manager Overflow Vulnerabilities",
}, "refsource": "CISCO",
{ "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml"
"name" : "negative-integer-bo(19057)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19057" "name": "ADV-2007-2512",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2007/2512"
} },
} {
"name": "26043",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26043"
},
{
"name": "24868",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24868"
},
{
"name": "1018369",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018369"
},
{
"name": "36121",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/36121"
}
]
}
}

160
2006/5xxx/CVE-2006-5771.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5771", "ID": "CVE-2006-5771",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Arkoon SSL360 1.0 and 2.0 before 2.0/2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.arkoon.fr/upload/alertes/42AK-2006-05-FR-1.1_SSL360_XSS.pdf", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.arkoon.fr/upload/alertes/42AK-2006-05-FR-1.1_SSL360_XSS.pdf" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Arkoon SSL360 1.0 and 2.0 before 2.0/2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "20890", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/20890" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-4330", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4330" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "22833", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/22833" ]
}, },
{ "references": {
"name" : "arkoon-portal-xss(29993)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29993" "name": "22833",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/22833"
} },
} {
"name": "arkoon-portal-xss(29993)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29993"
},
{
"name": "20890",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20890"
},
{
"name": "http://www.arkoon.fr/upload/alertes/42AK-2006-05-FR-1.1_SSL360_XSS.pdf",
"refsource": "CONFIRM",
"url": "http://www.arkoon.fr/upload/alertes/42AK-2006-05-FR-1.1_SSL360_XSS.pdf"
},
{
"name": "ADV-2006-4330",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4330"
}
]
}
}

190
2006/5xxx/CVE-2006-5791.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5791", "ID": "CVE-2006-5791",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the filename for downloading, which is not quoted in an error message by the send_file_direct function, and (2) the Type or Category values in a New entry, which is not properly handled in an error message by the submit_elog function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392016", "description_data": [
"refsource" : "MISC", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392016" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the filename for downloading, which is not quoted in an error message by the send_file_direct function, and (2) the Type or Category values in a New entry, which is not properly handled in an error message by the submit_elog function."
{ }
"name" : "DSA-1242", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2006/dsa-1242" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20881", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/20881" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20882", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/20882" ]
}, },
{ "references": {
"name" : "ADV-2006-4315", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4315" "name": "23580",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/23580"
"name" : "22638", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22638" "name": "elog-nonexistent-files-xss(29986)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29986"
"name" : "23580", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23580" "name": "20881",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/20881"
"name" : "elog-nonexistent-files-xss(29986)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29986" "name": "DSA-1242",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2006/dsa-1242"
} },
} {
"name": "22638",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22638"
},
{
"name": "ADV-2006-4315",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4315"
},
{
"name": "20882",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20882"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392016",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392016"
}
]
}
}

160
2006/5xxx/CVE-2006-5880.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5880", "ID": "CVE-2006-5880",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability on the subMenu page in switch.asp in Munch Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "2761", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2761" "lang": "eng",
}, "value": "SQL injection vulnerability on the subMenu page in switch.asp in Munch Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter."
{ }
"name" : "21044", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/21044" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-4464", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4464" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "22844", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/22844" ]
}, },
{ "references": {
"name" : "munchpro-switch-sql-injection(30185)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30185" "name": "ADV-2006-4464",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/4464"
} },
} {
"name": "munchpro-switch-sql-injection(30185)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30185"
},
{
"name": "2761",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2761"
},
{
"name": "22844",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22844"
},
{
"name": "21044",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21044"
}
]
}
}

200
2007/2xxx/CVE-2007-2396.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2396", "ID": "CVE-2007-2396",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The JDirect support in QuickTime for Java in Apple Quicktime before 7.2 exposes certain dangerous interfaces, which allows remote attackers to execute arbitrary code via crafted Java applets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://docs.info.apple.com/article.html?artnum=305947", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://docs.info.apple.com/article.html?artnum=305947" "lang": "eng",
}, "value": "The JDirect support in QuickTime for Java in Apple Quicktime before 7.2 exposes certain dangerous interfaces, which allows remote attackers to execute arbitrary code via crafted Java applets."
{ }
"name" : "APPLE-SA-2007-07-11", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "TA07-193A", "description": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-193A.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "24873", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/24873" ]
}, },
{ "references": {
"name" : "ADV-2007-2510", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/2510" "name": "26034",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/26034"
"name" : "36133", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/36133" "name": "1018373",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1018373"
"name" : "1018373", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1018373" "name": "36133",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/36133"
"name" : "26034", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26034" "name": "TA07-193A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA07-193A.html"
"name" : "quicktime-jdirect-code-execution(35360)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35360" "name": "ADV-2007-2510",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2007/2510"
} },
} {
"name": "24873",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24873"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305947",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305947"
},
{
"name": "quicktime-jdirect-code-execution(35360)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35360"
},
{
"name": "APPLE-SA-2007-07-11",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2007/Jul/msg00001.html"
}
]
}
}

140
2007/2xxx/CVE-2007-2634.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2634", "ID": "CVE-2007-2634",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in common/errormsg.php in aForum 1.32 and possibly earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "35906", "description_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/35906" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in common/errormsg.php in aForum 1.32 and possibly earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "25224", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/25224" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "aforum-func-file-include(34202)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34202" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "25224",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25224"
},
{
"name": "aforum-func-file-include(34202)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34202"
},
{
"name": "35906",
"refsource": "OSVDB",
"url": "http://osvdb.org/35906"
}
]
}
}

260
2007/2xxx/CVE-2007-2925.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2007-2925", "ID": "CVE-2007-2925",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.isc.org/index.pl?/sw/bind/bind-security.php", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.isc.org/index.pl?/sw/bind/bind-security.php" "lang": "eng",
}, "value": "The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache."
{ }
"name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=623903", ]
"refsource" : "CONFIRM", },
"url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=623903" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-200708-13", "description": [
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200708-13.xml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MDKSA-2007:149", ]
"refsource" : "MANDRIVA", }
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:149" ]
}, },
{ "references": {
"name" : "OpenPKG-SA-2007.022", "reference_data": [
"refsource" : "OPENPKG", {
"url" : "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.022.html" "name": "25076",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/25076"
"name" : "SSA:2007-207-01", },
"refsource" : "SLACKWARE", {
"url" : "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.521385" "name": "ADV-2007-2914",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/2914"
"name" : "25076", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/25076" "name": "1018441",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1018441"
"name" : "ADV-2007-2628", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/2628" "name": "ADV-2007-2628",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/2628"
"name" : "ADV-2007-2914", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/2914" "name": "26509",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/26509"
"name" : "1018441", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1018441" "name": "MDKSA-2007:149",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:149"
"name" : "26227", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26227" "name": "isc-bind-acl-security-bypass(35571)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35571"
"name" : "26509", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26509" "name": "GLSA-200708-13",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200708-13.xml"
"name" : "26515", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26515" "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=623903",
}, "refsource": "CONFIRM",
{ "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=623903"
"name" : "26236", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26236" "name": "SSA:2007-207-01",
}, "refsource": "SLACKWARE",
{ "url": "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.521385"
"name" : "isc-bind-acl-security-bypass(35571)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35571" "name": "http://www.isc.org/index.pl?/sw/bind/bind-security.php",
} "refsource": "CONFIRM",
] "url": "http://www.isc.org/index.pl?/sw/bind/bind-security.php"
} },
} {
"name": "26227",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26227"
},
{
"name": "26515",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26515"
},
{
"name": "26236",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26236"
},
{
"name": "OpenPKG-SA-2007.022",
"refsource": "OPENPKG",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.022.html"
}
]
}
}

180
2007/2xxx/CVE-2007-2992.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2992", "ID": "CVE-2007-2992",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in OmegaMw7.asp in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allow remote attackers to execute arbitrary SQL commands via (1) user-created text fields; the (2) F05003, (3) F05005, and (4) F05015 fields; and other unspecified standard fields."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070601 static XSS / SQL-Injection in Omegasoft Insel", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/470240/100/0/threaded" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in OmegaMw7.asp in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allow remote attackers to execute arbitrary SQL commands via (1) user-created text fields; the (2) F05003, (3) F05005, and (4) F05015 fields; and other unspecified standard fields."
{ }
"name" : "20070601 static XSS / SQL-Injection in Omegasoft Insel", ]
"refsource" : "FULLDISC", },
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0003.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "24275", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/24275" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "37020", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/37020" ]
}, },
{ "references": {
"name" : "25545", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25545" "name": "24275",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/24275"
"name" : "2759", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/2759" "name": "20070601 static XSS / SQL-Injection in Omegasoft Insel",
}, "refsource": "FULLDISC",
{ "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0003.html"
"name" : "omegasoft-multiple-sql-injection(34678)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34678" "name": "37020",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/37020"
} },
} {
"name": "omegasoft-multiple-sql-injection(34678)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34678"
},
{
"name": "2759",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2759"
},
{
"name": "25545",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25545"
},
{
"name": "20070601 static XSS / SQL-Injection in Omegasoft Insel",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470240/100/0/threaded"
}
]
}
}

160
2007/6xxx/CVE-2007-6666.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6666", "ID": "CVE-2007-6666",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the albumnr parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "4823", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/4823" "lang": "eng",
}, "value": "SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the albumnr parameter."
{ }
"name" : "27084", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/27084" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "39786", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/39786" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "28281", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/28281" ]
}, },
{ "references": {
"name" : "zenphoto-rss-sql-injection(39341)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39341" "name": "4823",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/4823"
} },
} {
"name": "39786",
"refsource": "OSVDB",
"url": "http://osvdb.org/39786"
},
{
"name": "27084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27084"
},
{
"name": "zenphoto-rss-sql-injection(39341)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39341"
},
{
"name": "28281",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28281"
}
]
}
}

200
2010/0xxx/CVE-2010-0222.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-0222", "ID": "CVE-2010-0222",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://blogs.zdnet.com/hardware/?p=6655", "description_data": [
"refsource" : "MISC", {
"url" : "http://blogs.zdnet.com/hardware/?p=6655" "lang": "eng",
}, "value": "Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key."
{ }
"name" : "http://it.slashdot.org/story/10/01/05/1734242/", ]
"refsource" : "MISC", },
"url" : "http://it.slashdot.org/story/10/01/05/1734242/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://news.zdnet.co.uk/security/0,1000000189,39963327,00.htm", "description": [
"refsource" : "MISC", {
"url" : "http://news.zdnet.co.uk/security/0,1000000189,39963327,00.htm" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html", ]
"refsource" : "MISC", }
"url" : "http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html" ]
}, },
{ "references": {
"name" : "http://www.kingston.com/driveupdate/", "reference_data": [
"refsource" : "MISC", {
"url" : "http://www.kingston.com/driveupdate/" "name": "http://www.kingston.com/driveupdate/",
}, "refsource": "MISC",
{ "url": "http://www.kingston.com/driveupdate/"
"name" : "http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_Kingston_USB-Stick.pdf", },
"refsource" : "MISC", {
"url" : "http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_Kingston_USB-Stick.pdf" "name": "http://www.syss.de/index.php?id=108&tx_ttnews[tt_news]=528&cHash=8d16fa63d9",
}, "refsource": "MISC",
{ "url": "http://www.syss.de/index.php?id=108&tx_ttnews[tt_news]=528&cHash=8d16fa63d9"
"name" : "http://www.syss.de/index.php?id=108&tx_ttnews[tt_news]=528&cHash=8d16fa63d9", },
"refsource" : "MISC", {
"url" : "http://www.syss.de/index.php?id=108&tx_ttnews[tt_news]=528&cHash=8d16fa63d9" "name": "http://it.slashdot.org/story/10/01/05/1734242/",
}, "refsource": "MISC",
{ "url": "http://it.slashdot.org/story/10/01/05/1734242/"
"name" : "https://www.ironkey.com/usb-flash-drive-flaw-exposed", },
"refsource" : "MISC", {
"url" : "https://www.ironkey.com/usb-flash-drive-flaw-exposed" "name": "http://news.zdnet.co.uk/security/0,1000000189,39963327,00.htm",
}, "refsource": "MISC",
{ "url": "http://news.zdnet.co.uk/security/0,1000000189,39963327,00.htm"
"name" : "ADV-2010-0080", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0080" "name": "http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html",
} "refsource": "MISC",
] "url": "http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html"
} },
} {
"name": "http://blogs.zdnet.com/hardware/?p=6655",
"refsource": "MISC",
"url": "http://blogs.zdnet.com/hardware/?p=6655"
},
{
"name": "http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_Kingston_USB-Stick.pdf",
"refsource": "MISC",
"url": "http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_Kingston_USB-Stick.pdf"
},
{
"name": "ADV-2010-0080",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0080"
},
{
"name": "https://www.ironkey.com/usb-flash-drive-flaw-exposed",
"refsource": "MISC",
"url": "https://www.ironkey.com/usb-flash-drive-flaw-exposed"
}
]
}
}

220
2010/0xxx/CVE-2010-0462.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-0462", "ID": "CVE-2010-0462",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://intevydis.blogspot.com/2010/01/ibm-db2-97-heap-overflow.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://intevydis.blogspot.com/2010/01/ibm-db2-97-heap-overflow.html" "lang": "eng",
}, "value": "Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function."
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21426108", ]
"refsource" : "CONFIRM", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21426108" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21432298", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21432298" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", ]
"refsource" : "CONFIRM", }
"url" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT" ]
}, },
{ "references": {
"name" : "IC65922", "reference_data": [
"refsource" : "AIXAPAR", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65922" "name": "db2-sysibm-bo(55899)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55899"
"name" : "IC65933", },
"refsource" : "AIXAPAR", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65933" "name": "IC65935",
}, "refsource": "AIXAPAR",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65935"
"name" : "IC65935", },
"refsource" : "AIXAPAR", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65935" "name": "IC65933",
}, "refsource": "AIXAPAR",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65933"
"name" : "37976", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/37976" "name": "37976",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/37976"
"name" : "oval:org.mitre.oval:def:14518", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14518" "name": "IC65922",
}, "refsource": "AIXAPAR",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65922"
"name" : "1023509", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1023509" "name": "1023509",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1023509"
"name" : "db2-sysibm-bo(55899)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55899" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108",
} "refsource": "CONFIRM",
] "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
} },
} {
"name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
"refsource": "CONFIRM",
"url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
},
{
"name": "http://intevydis.blogspot.com/2010/01/ibm-db2-97-heap-overflow.html",
"refsource": "MISC",
"url": "http://intevydis.blogspot.com/2010/01/ibm-db2-97-heap-overflow.html"
},
{
"name": "oval:org.mitre.oval:def:14518",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14518"
}
]
}
}

130
2010/1xxx/CVE-2010-1226.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-1226", "ID": "CVE-2010-1226",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G and 3.1.3 on the iPhone 3GS allows remote attackers to cause a denial of service (Safari, Mail, or Springboard crash) via a crafted innerHTML property of a DIV element, related to a \"malformed character\" issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "11769", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/11769" "lang": "eng",
}, "value": "The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G and 3.1.3 on the iPhone 3GS allows remote attackers to cause a denial of service (Safari, Mail, or Springboard crash) via a crafted innerHTML property of a DIV element, related to a \"malformed character\" issue."
{ }
"name" : "38758", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/38758" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38758"
},
{
"name": "11769",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11769"
}
]
}
}

160
2010/1xxx/CVE-2010-1250.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2010-1250", "ID": "CVE-2010-1250",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka \"Excel EDG Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100608 VUPEN Security Research - Microsoft Office Excel EDG Heap Overflow Vulnerability (CVE-2010-1250)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/511756/100/0/threaded" "lang": "eng",
}, "value": "Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka \"Excel EDG Memory Corruption Vulnerability.\""
{ }
"name" : "MS10-038", ]
"refsource" : "MS", },
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "TA10-159B", "description": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-159B.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "40528", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/40528" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:7593", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7593" "name": "20100608 VUPEN Security Research - Microsoft Office Excel EDG Heap Overflow Vulnerability (CVE-2010-1250)",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/511756/100/0/threaded"
} },
} {
"name": "MS10-038",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038"
},
{
"name": "oval:org.mitre.oval:def:7593",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7593"
},
{
"name": "TA10-159B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
},
{
"name": "40528",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40528"
}
]
}
}

240
2010/1xxx/CVE-2010-1429.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-1429", "ID": "CVE-2010-1429",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "44009", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/44009/" "lang": "eng",
}, "value": "Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=585900", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=585900" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "HPSBMU02736", "description": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=132698550418872&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SSRT100699", ]
"refsource" : "HP", }
"url" : "http://marc.info/?l=bugtraq&m=132698550418872&w=2" ]
}, },
{ "references": {
"name" : "RHSA-2010:0376", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0376.html" "name": "RHSA-2010:0379",
}, "refsource": "REDHAT",
{ "url": "https://rhn.redhat.com/errata/RHSA-2010-0379.html"
"name" : "RHSA-2010:0377", },
"refsource" : "REDHAT", {
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0377.html" "name": "RHSA-2010:0378",
}, "refsource": "REDHAT",
{ "url": "https://rhn.redhat.com/errata/RHSA-2010-0378.html"
"name" : "RHSA-2010:0378", },
"refsource" : "REDHAT", {
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0378.html" "name": "HPSBMU02736",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=132698550418872&w=2"
"name" : "RHSA-2010:0379", },
"refsource" : "REDHAT", {
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0379.html" "name": "RHSA-2010:0376",
}, "refsource": "REDHAT",
{ "url": "https://rhn.redhat.com/errata/RHSA-2010-0376.html"
"name" : "39710", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/39710" "name": "RHSA-2010:0377",
}, "refsource": "REDHAT",
{ "url": "https://rhn.redhat.com/errata/RHSA-2010-0377.html"
"name" : "1023918", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1023918" "name": "jboss-status-servlet-information-disclosure(58149)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58149"
"name" : "39563", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39563" "name": "SSRT100699",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=132698550418872&w=2"
"name" : "ADV-2010-0992", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0992" "name": "ADV-2010-0992",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/0992"
"name" : "jboss-status-servlet-information-disclosure(58149)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58149" "name": "44009",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/44009/"
} },
} {
"name": "39710",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39710"
},
{
"name": "39563",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39563"
},
{
"name": "1023918",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023918"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=585900",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=585900"
}
]
}
}

180
2010/1xxx/CVE-2010-1531.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-1531", "ID": "CVE-2010-1531",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/1004-exploits/joomlaredshop-lfi.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/1004-exploits/joomlaredshop-lfi.txt" "lang": "eng",
}, "value": "Directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php."
{ }
"name" : "http://redcomponent.com/redshop/redshop-changelog", ]
"refsource" : "MISC", },
"url" : "http://redcomponent.com/redshop/redshop-changelog" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "12054", "description": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/12054" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "39206", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/39206" ]
}, },
{ "references": {
"name" : "63535", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/63535" "name": "63535",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/63535"
"name" : "39343", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39343" "name": "39206",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/39206"
"name" : "redshop-view-file-include(57512)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57512" "name": "http://redcomponent.com/redshop/redshop-changelog",
} "refsource": "MISC",
] "url": "http://redcomponent.com/redshop/redshop-changelog"
} },
} {
"name": "12054",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12054"
},
{
"name": "39343",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39343"
},
{
"name": "redshop-view-file-include(57512)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57512"
},
{
"name": "http://packetstormsecurity.org/1004-exploits/joomlaredshop-lfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1004-exploits/joomlaredshop-lfi.txt"
}
]
}
}

170
2010/1xxx/CVE-2010-1906.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-1906", "ID": "CVE-2010-1906",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manager, Subscriber Activation, and Subscriber Agent relies on a predictable timestamp field to validate input to the \\\\.\\pipe\\__RepairService_pipe__company named pipe, which allows remote authenticated users to execute arbitrary code by obtaining the current time from (1) tcpip.sys or (2) an SMB2 service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/511176/100/0/threaded" "lang": "eng",
}, "value": "tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manager, Subscriber Activation, and Subscriber Agent relies on a predictable timestamp field to validate input to the \\\\.\\pipe\\__RepairService_pipe__company named pipe, which allows remote authenticated users to execute arbitrary code by obtaining the current time from (1) tcpip.sys or (2) an SMB2 service."
{ }
"name" : "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html", ]
"refsource" : "MISC", },
"url" : "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.wintercore.com/downloads/rootedcon_0day.pdf", "description": [
"refsource" : "MISC", {
"url" : "http://www.wintercore.com/downloads/rootedcon_0day.pdf" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf", ]
"refsource" : "CONFIRM", }
"url" : "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf" ]
}, },
{ "references": {
"name" : "VU#602801", "reference_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/602801" "name": "39752",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/39752"
"name" : "39752", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39752" "name": "VU#602801",
} "refsource": "CERT-VN",
] "url": "http://www.kb.cert.org/vuls/id/602801"
} },
} {
"name": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html",
"refsource": "MISC",
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"name": "http://www.wintercore.com/downloads/rootedcon_0day.pdf",
"refsource": "MISC",
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
},
{
"name": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf",
"refsource": "CONFIRM",
"url": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf"
}
]
}
}

290
2010/4xxx/CVE-2010-4078.json
View File

@ -1,147 +1,147 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4078", "ID": "CVE-2010-4078",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The sisfb_ioctl function in drivers/video/sis/sis_main.c in the Linux kernel before 2.6.36-rc6 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FBIOGET_VBLANK ioctl call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20100925 CVE request: multiple kernel stack memory disclosures", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2010/09/25/2" "lang": "eng",
}, "value": "The sisfb_ioctl function in drivers/video/sis/sis_main.c in the Linux kernel before 2.6.36-rc6 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FBIOGET_VBLANK ioctl call."
{ }
"name" : "[oss-security] 20101006 Re: CVE request: multiple kernel stack memory disclosures", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2010/10/07/1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20101006 Re: CVE request: multiple kernel stack memory disclosures", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2010/10/06/6" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20101025 Re: CVE request: multiple kernel stack memory disclosures", ]
"refsource" : "MLIST", }
"url" : "http://www.openwall.com/lists/oss-security/2010/10/25/3" ]
}, },
{ "references": {
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fd02db9de73faebc51240619c7c7f99bee9f65c7", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fd02db9de73faebc51240619c7c7f99bee9f65c7" "name": "[oss-security] 20100925 CVE request: multiple kernel stack memory disclosures",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2010/09/25/2"
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc6", },
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc6" "name": "42778",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42778"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=648665", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=648665" "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fd02db9de73faebc51240619c7c7f99bee9f65c7",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fd02db9de73faebc51240619c7c7f99bee9f65c7"
"name" : "DSA-2126", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2010/dsa-2126" "name": "43810",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/43810"
"name" : "MDVSA-2011:051", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051" "name": "42801",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42801"
"name" : "SUSE-SA:2011:001", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html" "name": "SUSE-SA:2011:002",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html"
"name" : "SUSE-SA:2011:002", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html" "name": "[oss-security] 20101006 Re: CVE request: multiple kernel stack memory disclosures",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2010/10/06/6"
"name" : "SUSE-SA:2010:060", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html" "name": "SUSE-SA:2011:001",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html"
"name" : "SUSE-SA:2011:007", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" "name": "SUSE-SA:2011:007",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
"name" : "43810", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/43810" "name": "SUSE-SA:2010:060",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html"
"name" : "42778", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42778" "name": "ADV-2011-0298",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0298"
"name" : "42801", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42801" "name": "MDVSA-2011:051",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051"
"name" : "ADV-2011-0012", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0012" "name": "[oss-security] 20101006 Re: CVE request: multiple kernel stack memory disclosures",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2010/10/07/1"
"name" : "ADV-2011-0298", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0298" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=648665",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.redhat.com/show_bug.cgi?id=648665"
} },
} {
"name": "ADV-2011-0012",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0012"
},
{
"name": "[oss-security] 20101025 Re: CVE request: multiple kernel stack memory disclosures",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/10/25/3"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc6",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.36/ChangeLog-2.6.36-rc6"
},
{
"name": "DSA-2126",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2126"
}
]
}
}

200
2010/4xxx/CVE-2010-4604.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4604", "ID": "CVE-2010-4604",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.2.10, and 6.1.x before 6.1.3.1 on Unix and Linux allows local users to gain privileges by specifying a long LANG environment variable, and then sending a request over a pipe."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20101215 Kryptos Logic Advisory: IBM Tivoli Storage Manager (TSM) Local Root", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/515263/100/0/threaded" "lang": "eng",
}, "value": "Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.2.10, and 6.1.x before 6.1.3.1 on Unix and Linux allows local users to gain privileges by specifying a long LANG environment variable, and then sending a request over a pipe."
{ }
"name" : "15745", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/15745" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca-exploit.c", "description": [
"refsource" : "MISC", {
"url" : "http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca-exploit.c" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca.txt", ]
"refsource" : "MISC", }
"url" : "http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca.txt" ]
}, },
{ "references": {
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21454745", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21454745" "name": "1024901",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1024901"
"name" : "IC65491", },
"refsource" : "AIXAPAR", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65491" "name": "IC65491",
}, "refsource": "AIXAPAR",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65491"
"name" : "1024901", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1024901" "name": "ADV-2010-3251",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/3251"
"name" : "42639", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42639" "name": "15745",
}, "refsource": "EXPLOIT-DB",
{ "url": "http://www.exploit-db.com/exploits/15745"
"name" : "ADV-2010-3251", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/3251" "name": "42639",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/42639"
} },
} {
"name": "http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca.txt",
"refsource": "MISC",
"url": "http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca.txt"
},
{
"name": "20101215 Kryptos Logic Advisory: IBM Tivoli Storage Manager (TSM) Local Root",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/515263/100/0/threaded"
},
{
"name": "http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca-exploit.c",
"refsource": "MISC",
"url": "http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca-exploit.c"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21454745",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21454745"
}
]
}
}

140
2010/4xxx/CVE-2010-4718.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4718", "ID": "CVE-2010-4718",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Lyftenbloggie (com_lyftenbloggie) component 1.1.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) tag and (2) category parameters to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/files/view/96761/joomlalyftenbloggie-xss.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/files/view/96761/joomlalyftenbloggie-xss.txt" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Lyftenbloggie (com_lyftenbloggie) component 1.1.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) tag and (2) category parameters to index.php."
{ }
"name" : "45468", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/45468" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "42677", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42677" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/files/view/96761/joomlalyftenbloggie-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/96761/joomlalyftenbloggie-xss.txt"
},
{
"name": "45468",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45468"
},
{
"name": "42677",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42677"
}
]
}
}

120
2010/4xxx/CVE-2010-4973.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4973", "ID": "CVE-2010-4973",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the search feature in Campsite 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the f_search_keywords parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "40589", "description_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40589" "lang": "eng",
} "value": "Cross-site scripting (XSS) vulnerability in the search feature in Campsite 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the f_search_keywords parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40589",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40589"
}
]
}
}

130
2010/5xxx/CVE-2010-5209.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-5209", "ID": "CVE-2010-5209",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple untrusted search path vulnerabilities in Nuance PDF Reader 6.0 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) exceptiondumpdll.dll file in the current working directory, as demonstrated by a directory that contains a .pdf file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bnuance_pdf_reader%5D_6.0_insecure_dll_hijacking", "description_data": [
"refsource" : "MISC", {
"url" : "http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bnuance_pdf_reader%5D_6.0_insecure_dll_hijacking" "lang": "eng",
}, "value": "Multiple untrusted search path vulnerabilities in Nuance PDF Reader 6.0 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) exceptiondumpdll.dll file in the current working directory, as demonstrated by a directory that contains a .pdf file. NOTE: some of these details are obtained from third party information."
{ }
"name" : "41410", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/41410" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bnuance_pdf_reader%5D_6.0_insecure_dll_hijacking",
"refsource": "MISC",
"url": "http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bnuance_pdf_reader%5D_6.0_insecure_dll_hijacking"
},
{
"name": "41410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41410"
}
]
}
}

34
2014/0xxx/CVE-2014-0024.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-0024", "ID": "CVE-2014-0024",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

180
2014/0xxx/CVE-2014-0652.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2014-0652", "ID": "CVE-2014-0652",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Mappings page in Cisco Context Directory Agent (CDA) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuj45358."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32365", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32365" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Mappings page in Cisco Context Directory Agent (CDA) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuj45358."
{ }
"name" : "20140107 Cisco Context Directory Agent Mappings Page Cross-Site Scripting Vulnerability", ]
"refsource" : "CISCO", },
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0652" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "64703", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/64703" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "101803", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/101803" ]
}, },
{ "references": {
"name" : "1029572", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1029572" "name": "64703",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/64703"
"name" : "56365", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56365" "name": "101803",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/101803"
"name" : "cisco-cda-cve20140652-xss(90167)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90167" "name": "20140107 Cisco Context Directory Agent Mappings Page Cross-Site Scripting Vulnerability",
} "refsource": "CISCO",
] "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0652"
} },
} {
"name": "56365",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56365"
},
{
"name": "cisco-cda-cve20140652-xss(90167)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90167"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32365",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32365"
},
{
"name": "1029572",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029572"
}
]
}
}

180
2014/0xxx/CVE-2014-0677.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2014-0677", "ID": "CVE-2014-0677",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed Hello messages, aka Bug ID CSCul88851."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32532", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32532" "lang": "eng",
}, "value": "The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed Hello messages, aka Bug ID CSCul88851."
{ }
"name" : "20140122 Cisco NX-OS Software Label Distribution Protocol Message Vulnerability", ]
"refsource" : "CISCO", },
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0677" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "65074", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/65074" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "102368", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/102368" ]
}, },
{ "references": {
"name" : "1029691", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1029691" "name": "65074",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/65074"
"name" : "56611", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56611" "name": "56611",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/56611"
"name" : "cisco-nxos-cve20140677-dos(90623)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90623" "name": "cisco-nxos-cve20140677-dos(90623)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90623"
} },
} {
"name": "20140122 Cisco NX-OS Software Label Distribution Protocol Message Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0677"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32532",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32532"
},
{
"name": "102368",
"refsource": "OSVDB",
"url": "http://osvdb.org/102368"
},
{
"name": "1029691",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029691"
}
]
}
}

130
2014/0xxx/CVE-2014-0848.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2014-0848", "ID": "CVE-2014-0848",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) ssl.conf and (2) httpd.conf files in the Apache HTTP Server component in IBM Netezza Performance Portal 2.0 before 2.0.0.4 have weak SSLCipherSuite values, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21665278", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21665278" "lang": "eng",
}, "value": "The (1) ssl.conf and (2) httpd.conf files in the Apache HTTP Server component in IBM Netezza Performance Portal 2.0 before 2.0.0.4 have weak SSLCipherSuite values, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack."
{ }
"name" : "ibm-netezza-cve20140848-weak-sec(90723)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90723" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-netezza-cve20140848-weak-sec(90723)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90723"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21665278",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21665278"
}
]
}
}

34
2014/0xxx/CVE-2014-0934.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-0934", "ID": "CVE-2014-0934",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2014/10xxx/CVE-2014-10021.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-10021", "ID": "CVE-2014-10021",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in server/php/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "35543", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/35543" "lang": "eng",
}, "value": "Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in server/php/."
{ }
"name" : "71686", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/71686" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35543",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35543"
},
{
"name": "71686",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71686"
}
]
}
}

190
2014/1xxx/CVE-2014-1213.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-1213", "ID": "CVE-2014-1213",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Sophos Anti-Virus engine (SAVi) before 3.50.1, as used in VDL 4.97G 9.7.x before 9.7.9, 10.0.x before 10.0.11, and 10.3.x before 10.3.1 does not set an ACL for certain global and session objects, which allows local users to bypass anti-virus protection, cause a denial of service (resource consumption, CPU consumption, and eventual crash) or spoof \"ready for update\" messages by performing certain operations on mutexes or events including (1) DataUpdateRequest, (2) MmfMutexSAV-****, (3) MmfMutexSAV-Info, (4) ReadyForUpdateSAV-****, (5) ReadyForUpdateSAV-Info, (6) SAV-****, (7) SAV-Info, (8) StateChange, (9) SuspendedSAV-****, (10) SuspendedSAV-Info, (11) UpdateComplete, (12) UpdateMutex, (13) UpdateRequest, or (14) SophosALMonSessionInstance, as demonstrated by triggering a ReadyForUpdateSAV event and modifying the UpdateComplete, UpdateMutex, and UpdateRequest objects."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20140131 CVE-2014-1213 - Denial of Service in Sophos Anti Virus", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/530915/100/0/threaded" "lang": "eng",
}, "value": "Sophos Anti-Virus engine (SAVi) before 3.50.1, as used in VDL 4.97G 9.7.x before 9.7.9, 10.0.x before 10.0.11, and 10.3.x before 10.3.1 does not set an ACL for certain global and session objects, which allows local users to bypass anti-virus protection, cause a denial of service (resource consumption, CPU consumption, and eventual crash) or spoof \"ready for update\" messages by performing certain operations on mutexes or events including (1) DataUpdateRequest, (2) MmfMutexSAV-****, (3) MmfMutexSAV-Info, (4) ReadyForUpdateSAV-****, (5) ReadyForUpdateSAV-Info, (6) SAV-****, (7) SAV-Info, (8) StateChange, (9) SuspendedSAV-****, (10) SuspendedSAV-Info, (11) UpdateComplete, (12) UpdateMutex, (13) UpdateRequest, or (14) SophosALMonSessionInstance, as demonstrated by triggering a ReadyForUpdateSAV event and modifying the UpdateComplete, UpdateMutex, and UpdateRequest objects."
{ }
"name" : "20140131 CVE-2014-1213 - Denial of Service in Sophos Anti Virus", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2014/Feb/1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://packetstormsecurity.com/files/125024/Sophos-Anti-Virus-Denial-Of-Service.html", "description": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/125024/Sophos-Anti-Virus-Denial-Of-Service.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1213/", ]
"refsource" : "MISC", }
"url" : "http://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1213/" ]
}, },
{ "references": {
"name" : "http://www.sophos.com/en-us/support/knowledgebase/2300/7200/1031/120401.aspx", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.sophos.com/en-us/support/knowledgebase/2300/7200/1031/120401.aspx" "name": "http://www.sophos.com/en-us/support/knowledgebase/2300/7200/1031/120401.aspx",
}, "refsource": "CONFIRM",
{ "url": "http://www.sophos.com/en-us/support/knowledgebase/2300/7200/1031/120401.aspx"
"name" : "65286", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/65286" "name": "http://packetstormsecurity.com/files/125024/Sophos-Anti-Virus-Denial-Of-Service.html",
}, "refsource": "MISC",
{ "url": "http://packetstormsecurity.com/files/125024/Sophos-Anti-Virus-Denial-Of-Service.html"
"name" : "102762", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/102762" "name": "20140131 CVE-2014-1213 - Denial of Service in Sophos Anti Virus",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/530915/100/0/threaded"
"name" : "1029713", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1029713" "name": "20140131 CVE-2014-1213 - Denial of Service in Sophos Anti Virus",
} "refsource": "FULLDISC",
] "url": "http://seclists.org/fulldisclosure/2014/Feb/1"
} },
} {
"name": "102762",
"refsource": "OSVDB",
"url": "http://osvdb.org/102762"
},
{
"name": "1029713",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029713"
},
{
"name": "http://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1213/",
"refsource": "MISC",
"url": "http://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1213/"
},
{
"name": "65286",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65286"
}
]
}
}

120
2014/4xxx/CVE-2014-4912.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-4912", "ID": "CVE-2014-4912",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "33983", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/33983/" "lang": "eng",
} "value": "An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33983",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/33983/"
}
]
}
}

120
2014/9xxx/CVE-2014-9049.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9049", "ID": "CVE-2014-9049",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote authenticated users to obtain all valid session IDs via an unspecified API method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://owncloud.org/security/advisory/?id=oc-sa-2014-025", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://owncloud.org/security/advisory/?id=oc-sa-2014-025" "lang": "eng",
} "value": "The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote authenticated users to obtain all valid session IDs via an unspecified API method."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2014-025",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2014-025"
}
]
}
}

34
2014/9xxx/CVE-2014-9168.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-9168", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-9168",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }
} }

160
2014/9xxx/CVE-2014-9466.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9466", "ID": "CVE-2014-9466",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the \"folder identifier.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150212 Open-Xchange Security Advisory 2015-02-12", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/534695/100/0/threaded" "lang": "eng",
}, "value": "Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the \"folder identifier.\""
{ }
"name" : "http://packetstormsecurity.com/files/130379/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Exposure.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/130379/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Exposure.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "72587", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/72587" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1031744", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1031744" ]
}, },
{ "references": {
"name" : "openxchange-cve20149466-info-disc(100867)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100867" "name": "72587",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/72587"
} },
} {
"name": "1031744",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031744"
},
{
"name": "20150212 Open-Xchange Security Advisory 2015-02-12",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534695/100/0/threaded"
},
{
"name": "openxchange-cve20149466-info-disc(100867)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100867"
},
{
"name": "http://packetstormsecurity.com/files/130379/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Exposure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130379/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Exposure.html"
}
]
}
}

160
2014/9xxx/CVE-2014-9505.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9505", "ID": "CVE-2014-9505",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the School Administration module 7.x-1.x before 7.x-1.8 for Drupal allows remote authenticated users with permission to create or edit a class node to inject arbitrary web script or HTML via a node title."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20150103 CVE requests: Drupal contributed modules", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/01/03/2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the School Administration module 7.x-1.x before 7.x-1.8 for Drupal allows remote authenticated users with permission to create or edit a class node to inject arbitrary web script or HTML via a node title."
{ }
"name" : "[oss-security] 20150103 Re: CVE requests: Drupal contributed modules", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2015/01/04/6" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.drupal.org/node/2395015", "description": [
"refsource" : "MISC", {
"url" : "https://www.drupal.org/node/2395015" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://www.drupal.org/node/2391119", ]
"refsource" : "CONFIRM", }
"url" : "https://www.drupal.org/node/2391119" ]
}, },
{ "references": {
"name" : "schooladmin-drupal-cve20149505-xss(99654)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99654" "name": "https://www.drupal.org/node/2395015",
} "refsource": "MISC",
] "url": "https://www.drupal.org/node/2395015"
} },
} {
"name": "[oss-security] 20150103 Re: CVE requests: Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/04/6"
},
{
"name": "https://www.drupal.org/node/2391119",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2391119"
},
{
"name": "[oss-security] 20150103 CVE requests: Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/03/2"
},
{
"name": "schooladmin-drupal-cve20149505-xss(99654)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99654"
}
]
}
}

140
2014/9xxx/CVE-2014-9740.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9740", "ID": "CVE-2014-9740",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Rules Link module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the \"administer rules links\" permission to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in the (1) question and (2) description strings in a confirmation form for a triggering Rules link."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.drupal.org/node/2328567", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.drupal.org/node/2328567" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Rules Link module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the \"administer rules links\" permission to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in the (1) question and (2) description strings in a confirmation form for a triggering Rules link."
{ }
"name" : "https://www.drupal.org/node/2328549", ]
"refsource" : "CONFIRM", },
"url" : "https://www.drupal.org/node/2328549" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "69447", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/69447" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2328567",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2328567"
},
{
"name": "https://www.drupal.org/node/2328549",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2328549"
},
{
"name": "69447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69447"
}
]
}
}

140
2014/9xxx/CVE-2014-9868.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@android.com",
"ID" : "CVE-2014-9868", "ID": "CVE-2014-9868",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an application that provides a crafted mask value, aka Android internal bug 28749721 and Qualcomm internal bug CR511976."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://source.android.com/security/bulletin/2016-08-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://source.android.com/security/bulletin/2016-08-01.html" "lang": "eng",
}, "value": "drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an application that provides a crafted mask value, aka Android internal bug 28749721 and Qualcomm internal bug CR511976."
{ }
"name" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=1f274b74c00187ba1c379971503f51944148b22f", ]
"refsource" : "CONFIRM", },
"url" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=1f274b74c00187ba1c379971503f51944148b22f" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "92219", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/92219" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name": "92219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92219"
},
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=1f274b74c00187ba1c379971503f51944148b22f",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=1f274b74c00187ba1c379971503f51944148b22f"
}
]
}
}

160
2016/3xxx/CVE-2016-3658.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-3658", "ID": "CVE-2016-3658",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160408 CVE-2016-3658 - libtiff 4.0.6 illegel read", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/04/08/12" "lang": "eng",
}, "value": "The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable."
{ }
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2546", ]
"refsource" : "MISC", },
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2546" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-3844", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3844" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201701-16", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201701-16" ]
}, },
{ "references": {
"name" : "93331", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/93331" "name": "DSA-3844",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2017/dsa-3844"
} },
} {
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2546",
"refsource": "MISC",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2546"
},
{
"name": "GLSA-201701-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-16"
},
{
"name": "[oss-security] 20160408 CVE-2016-3658 - libtiff 4.0.6 illegel read",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/08/12"
},
{
"name": "93331",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93331"
}
]
}
}

34
2016/3xxx/CVE-2016-3779.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-3779", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-3779",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

150
2016/3xxx/CVE-2016-3883.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-3883", "ID": "CVE-2016-3883",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "internal/telephony/SMSDispatcher.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not properly construct warnings about premium SMS messages, which allows attackers to spoof the premium-payment confirmation dialog via a crafted application, aka internal bug 28557603."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://source.android.com/security/bulletin/2016-09-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://source.android.com/security/bulletin/2016-09-01.html" "lang": "eng",
}, "value": "internal/telephony/SMSDispatcher.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not properly construct warnings about premium SMS messages, which allows attackers to spoof the premium-payment confirmation dialog via a crafted application, aka internal bug 28557603."
{ }
"name" : "https://android.googlesource.com/platform/frameworks/opt/telephony/+/b2c89e6f8962dc7aff88cb38aa3ee67d751edda9", ]
"refsource" : "CONFIRM", },
"url" : "https://android.googlesource.com/platform/frameworks/opt/telephony/+/b2c89e6f8962dc7aff88cb38aa3ee67d751edda9" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "92861", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/92861" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1036763", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1036763" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://source.android.com/security/bulletin/2016-09-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-09-01.html"
},
{
"name": "1036763",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036763"
},
{
"name": "https://android.googlesource.com/platform/frameworks/opt/telephony/+/b2c89e6f8962dc7aff88cb38aa3ee67d751edda9",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/opt/telephony/+/b2c89e6f8962dc7aff88cb38aa3ee67d751edda9"
},
{
"name": "92861",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92861"
}
]
}
}

150
2016/3xxx/CVE-2016-3941.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-3941", "ID": "CVE-2016-3941",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to \"seek across EOF.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[vlc-commits] 20150131 stream: handle seek across EOF correctly (hopefully)", "description_data": [
"refsource" : "MLIST", {
"url" : "https://mailman.videolan.org/pipermail/vlc-commits/2015-January/028938.html" "lang": "eng",
}, "value": "Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to \"seek across EOF.\""
{ }
"name" : "https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1533633", ]
"refsource" : "CONFIRM", },
"url" : "https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1533633" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "openSUSE-SU-2016:1651", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00045.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1035456", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1035456" ]
} },
] "references": {
} "reference_data": [
} {
"name": "openSUSE-SU-2016:1651",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00045.html"
},
{
"name": "[vlc-commits] 20150131 stream: handle seek across EOF correctly (hopefully)",
"refsource": "MLIST",
"url": "https://mailman.videolan.org/pipermail/vlc-commits/2015-January/028938.html"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1533633",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1533633"
},
{
"name": "1035456",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035456"
}
]
}
}

140
2016/6xxx/CVE-2016-6332.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2016-6332", "ID": "CVE-2016-6332",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html" "lang": "eng",
}, "value": "MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1369613", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1369613" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://phabricator.wikimedia.org/T129738", "description": [
"refsource" : "CONFIRM", {
"url" : "https://phabricator.wikimedia.org/T129738" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15",
"refsource": "MLIST",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
},
{
"name": "https://phabricator.wikimedia.org/T129738",
"refsource": "CONFIRM",
"url": "https://phabricator.wikimedia.org/T129738"
}
]
}
}

150
2016/7xxx/CVE-2016-7215.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2016-7215", "ID": "CVE-2016-7215",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-592", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-592" "lang": "eng",
}, "value": "The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability.\""
{ }
"name" : "MS16-135", ]
"refsource" : "MS", },
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-135" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "94000", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/94000" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1037251", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1037251" ]
} },
] "references": {
} "reference_data": [
} {
"name": "94000",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94000"
},
{
"name": "1037251",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037251"
},
{
"name": "MS16-135",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-135"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-592",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-592"
}
]
}
}

34
2016/7xxx/CVE-2016-7316.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-7316", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-7316",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

34
2016/7xxx/CVE-2016-7347.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-7347", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-7347",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

34
2016/7xxx/CVE-2016-7352.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-7352", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-7352",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

140
2016/7xxx/CVE-2016-7502.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-7502", "ID": "CVE-2016-7502",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20161008 ffmpeg before 3.1.4 [CVE-2016-7562] [CVE-2016-7122] [CVE-2016-7450] [CVE-2016-7502] [CVE-2016-7555] [CVE-2016-7785] [CVE-2016-7905]", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/10/08/1" "lang": "eng",
}, "value": "The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode."
{ }
"name" : "GLSA-201701-71", ]
"refsource" : "GENTOO", },
"url" : "https://security.gentoo.org/glsa/201701-71" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "94834", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/94834" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20161008 ffmpeg before 3.1.4 [CVE-2016-7562] [CVE-2016-7122] [CVE-2016-7450] [CVE-2016-7502] [CVE-2016-7555] [CVE-2016-7785] [CVE-2016-7905]",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/1"
},
{
"name": "GLSA-201701-71",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-71"
},
{
"name": "94834",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94834"
}
]
}
}

130
2016/8xxx/CVE-2016-8354.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2016-8354", "ID": "CVE-2016-8354",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Schneider Electric Unity PRO Control prior to V11.1", "product_name": "Schneider Electric Unity PRO Control prior to V11.1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Schneider Electric Unity PRO Control prior to V11.1" "version_value": "Schneider Electric Unity PRO Control prior to V11.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instructions are subsequently executed directly by the simulator. A specially crafted patched Unity project file can make the simulator execute malicious code by redirecting the control flow of these instructions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Schneider Electric Unity PRO Control Flow Management Vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-306-03", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-306-03" "lang": "eng",
}, "value": "An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instructions are subsequently executed directly by the simulator. A specially crafted patched Unity project file can make the simulator execute malicious code by redirecting the control flow of these instructions."
{ }
"name" : "93830", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/93830" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Schneider Electric Unity PRO Control Flow Management Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-306-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-306-03"
},
{
"name": "93830",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93830"
}
]
}
}

34
2016/8xxx/CVE-2016-8897.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-8897", "ID": "CVE-2016-8897",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

438
2016/8xxx/CVE-2016-8940.json
View File

@ -1,221 +1,221 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2016-8940", "ID": "CVE-2016-8940",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Tivoli Storage Manager", "product_name": "Tivoli Storage Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.3.5.3" "version_value": "5.3.5.3"
}, },
{ {
"version_value" : "5.4.1.2" "version_value": "5.4.1.2"
}, },
{ {
"version_value" : "4.2" "version_value": "4.2"
}, },
{ {
"version_value" : "4.2.1" "version_value": "4.2.1"
}, },
{ {
"version_value" : "5.1.8" "version_value": "5.1.8"
}, },
{ {
"version_value" : "5.2.5.1" "version_value": "5.2.5.1"
}, },
{ {
"version_value" : "5.2.7" "version_value": "5.2.7"
}, },
{ {
"version_value" : "5.2.8" "version_value": "5.2.8"
}, },
{ {
"version_value" : "5.2.9" "version_value": "5.2.9"
}, },
{ {
"version_value" : "5.3.0" "version_value": "5.3.0"
}, },
{ {
"version_value" : "5.3.1" "version_value": "5.3.1"
}, },
{ {
"version_value" : "5.3.2" "version_value": "5.3.2"
}, },
{ {
"version_value" : "5.3.3" "version_value": "5.3.3"
}, },
{ {
"version_value" : "5.4.4.0" "version_value": "5.4.4.0"
}, },
{ {
"version_value" : "5.4.2.4" "version_value": "5.4.2.4"
}, },
{ {
"version_value" : "5.4.2.3" "version_value": "5.4.2.3"
}, },
{ {
"version_value" : "5.4.2.2" "version_value": "5.4.2.2"
}, },
{ {
"version_value" : "5.3.6.9" "version_value": "5.3.6.9"
}, },
{ {
"version_value" : "5.3.6.2" "version_value": "5.3.6.2"
}, },
{ {
"version_value" : "5.3.6.1" "version_value": "5.3.6.1"
}, },
{ {
"version_value" : "5.3.4" "version_value": "5.3.4"
}, },
{ {
"version_value" : "5.2.5.3" "version_value": "5.2.5.3"
}, },
{ {
"version_value" : "5.2.5.2" "version_value": "5.2.5.2"
}, },
{ {
"version_value" : "5.2.4" "version_value": "5.2.4"
}, },
{ {
"version_value" : "5.3.5.1" "version_value": "5.3.5.1"
}, },
{ {
"version_value" : "5.3.2.4" "version_value": "5.3.2.4"
}, },
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "5.1.0" "version_value": "5.1.0"
}, },
{ {
"version_value" : "5.1.1" "version_value": "5.1.1"
}, },
{ {
"version_value" : "5.1.10" "version_value": "5.1.10"
}, },
{ {
"version_value" : "5.1.5" "version_value": "5.1.5"
}, },
{ {
"version_value" : "5.1.6" "version_value": "5.1.6"
}, },
{ {
"version_value" : "5.1.7" "version_value": "5.1.7"
}, },
{ {
"version_value" : "5.1.9" "version_value": "5.1.9"
}, },
{ {
"version_value" : "5.2.0" "version_value": "5.2.0"
}, },
{ {
"version_value" : "5.2.1" "version_value": "5.2.1"
}, },
{ {
"version_value" : "4.2.2" "version_value": "4.2.2"
}, },
{ {
"version_value" : "4.2.3" "version_value": "4.2.3"
}, },
{ {
"version_value" : "4.2.4" "version_value": "4.2.4"
}, },
{ {
"version_value" : "5.2.2" "version_value": "5.2.2"
}, },
{ {
"version_value" : "5.3" "version_value": "5.3"
}, },
{ {
"version_value" : "5.2 Client" "version_value": "5.2 Client"
}, },
{ {
"version_value" : "5.4 Client" "version_value": "5.4 Client"
}, },
{ {
"version_value" : "5.5.7" "version_value": "5.5.7"
}, },
{ {
"version_value" : "5.2.3.4 Client" "version_value": "5.2.3.4 Client"
}, },
{ {
"version_value" : "5.5.1.0" "version_value": "5.5.1.0"
}, },
{ {
"version_value" : "5.5.1.6" "version_value": "5.5.1.6"
}, },
{ {
"version_value" : "5.4" "version_value": "5.4"
}, },
{ {
"version_value" : "5.5" "version_value": "5.5"
}, },
{ {
"version_value" : "6.1" "version_value": "6.1"
}, },
{ {
"version_value" : "6.2" "version_value": "6.2"
}, },
{ {
"version_value" : "6.3" "version_value": "6.3"
}, },
{ {
"version_value" : "6.4" "version_value": "6.4"
}, },
{ {
"version_value" : "7.1" "version_value": "7.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM Corporation" "vendor_name": "IBM Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21998946", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21998946" "lang": "eng",
} "value": "IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21998946",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21998946"
}
]
}
}

190
2016/9xxx/CVE-2016-9084.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-9084", "ID": "CVE-2016-9084",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20161027 kernel: low-severity vfio driver integer overflow", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/10/26/11" "lang": "eng",
}, "value": "drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file."
{ }
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05692d7005a364add85c6e25a6c4447ce08f913a", ]
"refsource" : "CONFIRM", },
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05692d7005a364add85c6e25a6c4447ce08f913a" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1389259", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1389259" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/torvalds/linux/commit/05692d7005a364add85c6e25a6c4447ce08f913a", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/torvalds/linux/commit/05692d7005a364add85c6e25a6c4447ce08f913a" ]
}, },
{ "references": {
"name" : "https://patchwork.kernel.org/patch/9373631/", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://patchwork.kernel.org/patch/9373631/" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1389259",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1389259"
"name" : "RHSA-2017:0386", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0386.html" "name": "[oss-security] 20161027 kernel: low-severity vfio driver integer overflow",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2016/10/26/11"
"name" : "RHSA-2017:0387", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0387.html" "name": "93930",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/93930"
"name" : "93930", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/93930" "name": "https://patchwork.kernel.org/patch/9373631/",
} "refsource": "CONFIRM",
] "url": "https://patchwork.kernel.org/patch/9373631/"
} },
} {
"name": "RHSA-2017:0387",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0387.html"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05692d7005a364add85c6e25a6c4447ce08f913a",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05692d7005a364add85c6e25a6c4447ce08f913a"
},
{
"name": "https://github.com/torvalds/linux/commit/05692d7005a364add85c6e25a6c4447ce08f913a",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/05692d7005a364add85c6e25a6c4447ce08f913a"
},
{
"name": "RHSA-2017:0386",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0386.html"
}
]
}
}