admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:15:21 +00:00
parent 7dbb0fbf40
commit cf346002e6
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
46 changed files with 3772 additions and 3772 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2006/1xxx/CVE-2006-1012.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1012",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "GLSA-200603-01",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200603-01.xml"
},
{
"name" : "16950",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16950"
},
{
"name" : "19109",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19109"
},
{
"name" : "19123",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19123"
},
{
"name" : "wordpress-comment-sql-injection(25321)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25321"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16950"
},
{
"name": "wordpress-comment-sql-injection(25321)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25321"
},
{
"name": "GLSA-200603-01",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-01.xml"
},
{
"name": "19123",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19123"
},
{
"name": "19109",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19109"
}
]
}
}

160
2006/1xxx/CVE-2006-1693.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1693",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in GlobalSCAPE Secure FTP Server before 3.1.4 Build 01.10.2006 allows attackers to cause a denial of service (application crash) via a \"custom command\" with a long argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.globalscape.com/gsftps/history.asp",
"refsource" : "CONFIRM",
"url" : "http://www.globalscape.com/gsftps/history.asp"
},
{
"name" : "17398",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17398"
},
{
"name" : "24451",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24451"
},
{
"name" : "19547",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19547"
},
{
"name" : "globalscape-custom-commands-dos(25665)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25665"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in GlobalSCAPE Secure FTP Server before 3.1.4 Build 01.10.2006 allows attackers to cause a denial of service (application crash) via a \"custom command\" with a long argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.globalscape.com/gsftps/history.asp",
"refsource": "CONFIRM",
"url": "http://www.globalscape.com/gsftps/history.asp"
},
{
"name": "24451",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24451"
},
{
"name": "globalscape-custom-commands-dos(25665)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25665"
},
{
"name": "19547",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19547"
},
{
"name": "17398",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17398"
}
]
}
}

140
2006/1xxx/CVE-2006-1748.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1748",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allows remote attackers to inject arbitrary web script or HTML by uploading a Flash (.SWF) video that contains a getURL function call, which causes the video to be rendered without disabling ActionScript."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060409 XMB Forum 1.9.5-Final XSS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/430432/100/0/threaded"
},
{
"name" : "17445",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17445"
},
{
"name" : "xmb-swf-geturl-xss(25737)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25737"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allows remote attackers to inject arbitrary web script or HTML by uploading a Flash (.SWF) video that contains a getURL function call, which causes the video to be rendered without disabling ActionScript."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "xmb-swf-geturl-xss(25737)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25737"
},
{
"name": "17445",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17445"
},
{
"name": "20060409 XMB Forum 1.9.5-Final XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430432/100/0/threaded"
}
]
}
}

170
2006/1xxx/CVE-2006-1919.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1919",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in index.php in Internet Photoshow 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "1694",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1694"
},
{
"name" : "17620",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17620"
},
{
"name" : "ADV-2006-1417",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1417"
},
{
"name" : "24743",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24743"
},
{
"name" : "19726",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19726"
},
{
"name" : "ip-index-file-include(25937)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25937"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in index.php in Internet Photoshow 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1694",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1694"
},
{
"name": "19726",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19726"
},
{
"name": "ADV-2006-1417",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1417"
},
{
"name": "ip-index-file-include(25937)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25937"
},
{
"name": "17620",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17620"
},
{
"name": "24743",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24743"
}
]
}
}

160
2006/5xxx/CVE-2006-5144.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5144",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in userupload.php in OlateDownload 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the description_small parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060930 OlateDownload 3.4.0 Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/447424/100/0/threaded"
},
{
"name" : "20278",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20278"
},
{
"name" : "22241",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22241"
},
{
"name" : "1680",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1680"
},
{
"name" : "olate-download-userupload-xss(29292)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29292"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in userupload.php in OlateDownload 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the description_small parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1680",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1680"
},
{
"name": "20060930 OlateDownload 3.4.0 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447424/100/0/threaded"
},
{
"name": "olate-download-userupload-xss(29292)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29292"
},
{
"name": "20278",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20278"
},
{
"name": "22241",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22241"
}
]
}
}

170
2006/5xxx/CVE-2006-5827.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5827",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpComasy CMS 0.7.9pre and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username or (2) password parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061106 MajorSecurity Advisory #32]phpComasy CMS - Multiple Cross Site Scripting Issues",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/450712"
},
{
"name" : "http://www.majorsecurity.de/index_2.php?major_rls=major_rls32",
"refsource" : "MISC",
"url" : "http://www.majorsecurity.de/index_2.php?major_rls=major_rls32"
},
{
"name" : "20938",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20938"
},
{
"name" : "22760",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22760"
},
{
"name" : "1843",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1843"
},
{
"name" : "phpcomasy-index-xss(30053)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30053"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpComasy CMS 0.7.9pre and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username or (2) password parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1843",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1843"
},
{
"name": "20061106 MajorSecurity Advisory #32]phpComasy CMS - Multiple Cross Site Scripting Issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450712"
},
{
"name": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls32",
"refsource": "MISC",
"url": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls32"
},
{
"name": "22760",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22760"
},
{
"name": "20938",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20938"
},
{
"name": "phpcomasy-index-xss(30053)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30053"
}
]
}
}

180
2007/2xxx/CVE-2007-2492.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2492",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in the v4bJournal module for PostNuke allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a journal_comment action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070502 Post Nuke v4bJournal Module Sql Inject",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/467387/100/0/threaded"
},
{
"name" : "3835",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3835"
},
{
"name" : "23777",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23777"
},
{
"name" : "ADV-2007-1632",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1632"
},
{
"name" : "35703",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35703"
},
{
"name" : "2674",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2674"
},
{
"name" : "pnjournal-index-sql-injection(34024)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34024"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in the v4bJournal module for PostNuke allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a journal_comment action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2674",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2674"
},
{
"name": "23777",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23777"
},
{
"name": "3835",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3835"
},
{
"name": "pnjournal-index-sql-injection(34024)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34024"
},
{
"name": "20070502 Post Nuke v4bJournal Module Sql Inject",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/467387/100/0/threaded"
},
{
"name": "35703",
"refsource": "OSVDB",
"url": "http://osvdb.org/35703"
},
{
"name": "ADV-2007-1632",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1632"
}
]
}
}

150
2007/2xxx/CVE-2007-2985.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2985",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Pheap 2.0 allows remote attackers to bypass authentication by setting a pheap_login cookie value to the administrator's username, which can be used to (1) obtain sensitive information, including the administrator password, via settings.php or (2) upload and execute arbitrary PHP code via an update_doc action in edit.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4006",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4006"
},
{
"name" : "36737",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36737"
},
{
"name" : "25460",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25460"
},
{
"name" : "pheap-edit-code-execution(34592)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34592"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pheap 2.0 allows remote attackers to bypass authentication by setting a pheap_login cookie value to the administrator's username, which can be used to (1) obtain sensitive information, including the administrator password, via settings.php or (2) upload and execute arbitrary PHP code via an update_doc action in edit.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36737",
"refsource": "OSVDB",
"url": "http://osvdb.org/36737"
},
{
"name": "4006",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4006"
},
{
"name": "25460",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25460"
},
{
"name": "pheap-edit-code-execution(34592)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34592"
}
]
}
}

180
2007/6xxx/CVE-2007-6101.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6101",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ability Mail Server before 2.61 allows remote authenticated users to cause a denial of service (daemon crash) via (1) malformed number list ranges in unspecified IMAP commands, and possibly (2) a blank string in unspecified messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.code-crafters.com/abilitymailserver/updatelog.html",
"refsource" : "CONFIRM",
"url" : "http://www.code-crafters.com/abilitymailserver/updatelog.html"
},
{
"name" : "26514",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26514"
},
{
"name" : "42399",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/42399"
},
{
"name" : "42400",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/42400"
},
{
"name" : "27736",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27736"
},
{
"name" : "ability-blank-string-dos(38586)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38586"
},
{
"name" : "ability-imap4-dos(38587)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38587"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ability Mail Server before 2.61 allows remote authenticated users to cause a denial of service (daemon crash) via (1) malformed number list ranges in unspecified IMAP commands, and possibly (2) a blank string in unspecified messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42400",
"refsource": "OSVDB",
"url": "http://osvdb.org/42400"
},
{
"name": "26514",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26514"
},
{
"name": "27736",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27736"
},
{
"name": "42399",
"refsource": "OSVDB",
"url": "http://osvdb.org/42399"
},
{
"name": "http://www.code-crafters.com/abilitymailserver/updatelog.html",
"refsource": "CONFIRM",
"url": "http://www.code-crafters.com/abilitymailserver/updatelog.html"
},
{
"name": "ability-blank-string-dos(38586)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38586"
},
{
"name": "ability-imap4-dos(38587)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38587"
}
]
}
}

170
2007/6xxx/CVE-2007-6305.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6305",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 7 R3.2.0 allow attackers to gain privileges via \"some HMC commands.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4038",
"refsource" : "CONFIRM",
"url" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4038"
},
{
"name" : "https://www14.software.ibm.com/webapp/set2/sas/f/hmc/power6/install/v7.Readme.html#MH01065",
"refsource" : "CONFIRM",
"url" : "https://www14.software.ibm.com/webapp/set2/sas/f/hmc/power6/install/v7.Readme.html#MH01065"
},
{
"name" : "MB02226",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1MB02226"
},
{
"name" : "ADV-2007-4144",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4144"
},
{
"name" : "1019062",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019062"
},
{
"name" : "27961",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27961"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 7 R3.2.0 allow attackers to gain privileges via \"some HMC commands.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www14.software.ibm.com/webapp/set2/sas/f/hmc/power6/install/v7.Readme.html#MH01065",
"refsource": "CONFIRM",
"url": "https://www14.software.ibm.com/webapp/set2/sas/f/hmc/power6/install/v7.Readme.html#MH01065"
},
{
"name": "1019062",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019062"
},
{
"name": "27961",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27961"
},
{
"name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4038",
"refsource": "CONFIRM",
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4038"
},
{
"name": "MB02226",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1MB02226"
},
{
"name": "ADV-2007-4144",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4144"
}
]
}
}

200
2010/0xxx/CVE-2010-0018.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0018",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code via compressed data that represents a crafted EOT font, aka \"Microtype Express Compressed Fonts Integer Flaw in the LZCOMP Decompressor Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-0018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blogs.technet.com/srd/archive/2010/01/12/ms10-001-font-file-decompression-vulnerability.aspx",
"refsource" : "MISC",
"url" : "http://blogs.technet.com/srd/archive/2010/01/12/ms10-001-font-file-decompression-vulnerability.aspx"
},
{
"name" : "MS10-001",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-001"
},
{
"name" : "TA10-012B",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-012B.html"
},
{
"name" : "37671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37671"
},
{
"name" : "61651",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/61651"
},
{
"name" : "oval:org.mitre.oval:def:8324",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8324"
},
{
"name" : "1023432",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023432"
},
{
"name" : "35457",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35457"
},
{
"name" : "ADV-2010-0095",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0095"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code via compressed data that represents a crafted EOT font, aka \"Microtype Express Compressed Fonts Integer Flaw in the LZCOMP Decompressor Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS10-001",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-001"
},
{
"name": "http://blogs.technet.com/srd/archive/2010/01/12/ms10-001-font-file-decompression-vulnerability.aspx",
"refsource": "MISC",
"url": "http://blogs.technet.com/srd/archive/2010/01/12/ms10-001-font-file-decompression-vulnerability.aspx"
},
{
"name": "1023432",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023432"
},
{
"name": "35457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35457"
},
{
"name": "oval:org.mitre.oval:def:8324",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8324"
},
{
"name": "TA10-012B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-012B.html"
},
{
"name": "ADV-2010-0095",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0095"
},
{
"name": "37671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37671"
},
{
"name": "61651",
"refsource": "OSVDB",
"url": "http://osvdb.org/61651"
}
]
}
}

460
2010/0xxx/CVE-2010-0842.json
View File

@ -1,232 +1,232 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0842",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer object, related to the GM_Song structure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-0842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100405 ZDI-10-060: Sun Java Runtime Environment MixerSequencer Invalid Array Index Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/510532/100/0/threaded"
},
{
"name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-060",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-060"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html"
},
{
"name" : "http://support.apple.com/kb/HT4170",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4170"
},
{
"name" : "http://support.apple.com/kb/HT4171",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4171"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name" : "APPLE-SA-2010-05-18-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
},
{
"name" : "APPLE-SA-2010-05-18-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
},
{
"name" : "HPSBMA02547",
"refsource" : "HP",
"url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name" : "SSRT100179",
"refsource" : "HP",
"url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name" : "HPSBMU02799",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name" : "HPSBUX02524",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=127557596201693&w=2"
},
{
"name" : "SSRT100089",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=127557596201693&w=2"
},
{
"name" : "RHSA-2010:0337",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0337.html"
},
{
"name" : "RHSA-2010:0338",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0338.html"
},
{
"name" : "RHSA-2010:0383",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0383.html"
},
{
"name" : "RHSA-2010:0471",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0471.html"
},
{
"name" : "RHSA-2010:0489",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0489.html"
},
{
"name" : "SUSE-SR:2010:008",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
},
{
"name" : "SUSE-SR:2010:017",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name" : "39077",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39077"
},
{
"name" : "oval:org.mitre.oval:def:14101",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14101"
},
{
"name" : "39317",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39317"
},
{
"name" : "39659",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39659"
},
{
"name" : "39819",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39819"
},
{
"name" : "40211",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40211"
},
{
"name" : "40545",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40545"
},
{
"name" : "43308",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43308"
},
{
"name" : "ADV-2010-1191",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1191"
},
{
"name" : "ADV-2010-1454",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1454"
},
{
"name" : "ADV-2010-1523",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1523"
},
{
"name" : "ADV-2010-1793",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1793"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer object, related to the GM_Song structure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-05-18-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
},
{
"name": "oval:org.mitre.oval:def:14101",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14101"
},
{
"name": "HPSBMU02799",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name": "39317",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39317"
},
{
"name": "RHSA-2010:0383",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0383.html"
},
{
"name": "40545",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40545"
},
{
"name": "20100405 ZDI-10-060: Sun Java Runtime Environment MixerSequencer Invalid Array Index Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510532/100/0/threaded"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-060",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-060"
},
{
"name": "ADV-2010-1454",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1454"
},
{
"name": "39819",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39819"
},
{
"name": "RHSA-2010:0338",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html"
},
{
"name": "ADV-2010-1793",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1793"
},
{
"name": "APPLE-SA-2010-05-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
},
{
"name": "43308",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43308"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name": "SSRT100179",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name": "SSRT100089",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=127557596201693&w=2"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html"
},
{
"name": "HPSBUX02524",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=127557596201693&w=2"
},
{
"name": "39077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39077"
},
{
"name": "http://support.apple.com/kb/HT4170",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4170"
},
{
"name": "ADV-2010-1523",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1523"
},
{
"name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "SUSE-SR:2010:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
},
{
"name": "39659",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39659"
},
{
"name": "RHSA-2010:0471",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0471.html"
},
{
"name": "SUSE-SR:2010:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "RHSA-2010:0337",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html"
},
{
"name": "RHSA-2010:0489",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0489.html"
},
{
"name": "HPSBMA02547",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name": "40211",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40211"
},
{
"name": "http://support.apple.com/kb/HT4171",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4171"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "ADV-2010-1191",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1191"
}
]
}
}

160
2010/1xxx/CVE-2010-1558.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1558",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP Multifunction Peripheral (MFP) Digital Sending Software before 4.18.3 allows local users to bypass intended restrictions on the MFP \"Send to e-mail\" feature, and obtain sensitive information, via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2010-1558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBPI02532",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=127376308013422&w=2"
},
{
"name" : "SSRT100111",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=127376308013422&w=2"
},
{
"name" : "40147",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40147"
},
{
"name" : "64661",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/64661"
},
{
"name" : "hp-mfp-sendtoemail-unauth-access(58618)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58618"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP Multifunction Peripheral (MFP) Digital Sending Software before 4.18.3 allows local users to bypass intended restrictions on the MFP \"Send to e-mail\" feature, and obtain sensitive information, via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "hp-mfp-sendtoemail-unauth-access(58618)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58618"
},
{
"name": "SSRT100111",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=127376308013422&w=2"
},
{
"name": "64661",
"refsource": "OSVDB",
"url": "http://osvdb.org/64661"
},
{
"name": "40147",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40147"
},
{
"name": "HPSBPI02532",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=127376308013422&w=2"
}
]
}
}

240
2010/1xxx/CVE-2010-1679.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1679",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-2142",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2142"
},
{
"name" : "FEDORA-2011-0345",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html"
},
{
"name" : "FEDORA-2011-0362",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html"
},
{
"name" : "USN-1038-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1038-1"
},
{
"name" : "45703",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45703"
},
{
"name" : "70368",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70368"
},
{
"name" : "42826",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42826"
},
{
"name" : "42831",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42831"
},
{
"name" : "43054",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43054"
},
{
"name" : "ADV-2011-0040",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0040"
},
{
"name" : "ADV-2011-0044",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0044"
},
{
"name" : "ADV-2011-0196",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0196"
},
{
"name" : "dpkg-dpkgsource-directory-traversal(64615)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64615"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42831",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42831"
},
{
"name": "FEDORA-2011-0345",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html"
},
{
"name": "42826",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42826"
},
{
"name": "FEDORA-2011-0362",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html"
},
{
"name": "dpkg-dpkgsource-directory-traversal(64615)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64615"
},
{
"name": "USN-1038-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1038-1"
},
{
"name": "ADV-2011-0040",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0040"
},
{
"name": "45703",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45703"
},
{
"name": "DSA-2142",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2142"
},
{
"name": "70368",
"refsource": "OSVDB",
"url": "http://osvdb.org/70368"
},
{
"name": "43054",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43054"
},
{
"name": "ADV-2011-0044",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0044"
},
{
"name": "ADV-2011-0196",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0196"
}
]
}
}

200
2010/1xxx/CVE-2010-1916.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1916",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 and earlier, as used in Serendipity 1.5.2 and earlier, allows remote attackers to bypass intended access restrictions and modify the configuration of arbitrary plugins via (1) crafted backend_config_secret_key_location and backend_config_hash parameters that are used in a SHA1 hash of a shared secret that can be known or externally influenced, which are not properly handled by the \"Deprecated config passing\" feature; or (2) crafted backend_data and backend_data[key_location] variables, which are not properly handled by the xinha_read_passed_data function. NOTE: this can be leveraged to upload and possibly execute arbitrary files via config.inc.php in the ImageManager plugin."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.php-security.org/2010/05/10/mops-2010-019-serendipity-wysiwyg-editor-plugin-configuration-injection-vulnerability/index.html",
"refsource" : "MISC",
"url" : "http://www.php-security.org/2010/05/10/mops-2010-019-serendipity-wysiwyg-editor-plugin-configuration-injection-vulnerability/index.html"
},
{
"name" : "http://www.php-security.org/2010/05/10/mops-2010-020-xinha-wysiwyg-plugin-configuration-injection-vulnerability/index.html",
"refsource" : "MISC",
"url" : "http://www.php-security.org/2010/05/10/mops-2010-020-xinha-wysiwyg-plugin-configuration-injection-vulnerability/index.html"
},
{
"name" : "http://trac.xinha.org/ticket/1518",
"refsource" : "CONFIRM",
"url" : "http://trac.xinha.org/ticket/1518"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=591701",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=591701"
},
{
"name" : "FEDORA-2010-9320",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042577.html"
},
{
"name" : "40033",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40033"
},
{
"name" : "39782",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39782"
},
{
"name" : "40124",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40124"
},
{
"name" : "ADV-2010-1401",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1401"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 and earlier, as used in Serendipity 1.5.2 and earlier, allows remote attackers to bypass intended access restrictions and modify the configuration of arbitrary plugins via (1) crafted backend_config_secret_key_location and backend_config_hash parameters that are used in a SHA1 hash of a shared secret that can be known or externally influenced, which are not properly handled by the \"Deprecated config passing\" feature; or (2) crafted backend_data and backend_data[key_location] variables, which are not properly handled by the xinha_read_passed_data function. NOTE: this can be leveraged to upload and possibly execute arbitrary files via config.inc.php in the ImageManager plugin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=591701",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=591701"
},
{
"name": "ADV-2010-1401",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1401"
},
{
"name": "http://www.php-security.org/2010/05/10/mops-2010-020-xinha-wysiwyg-plugin-configuration-injection-vulnerability/index.html",
"refsource": "MISC",
"url": "http://www.php-security.org/2010/05/10/mops-2010-020-xinha-wysiwyg-plugin-configuration-injection-vulnerability/index.html"
},
{
"name": "40124",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40124"
},
{
"name": "39782",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39782"
},
{
"name": "40033",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40033"
},
{
"name": "http://trac.xinha.org/ticket/1518",
"refsource": "CONFIRM",
"url": "http://trac.xinha.org/ticket/1518"
},
{
"name": "FEDORA-2010-9320",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042577.html"
},
{
"name": "http://www.php-security.org/2010/05/10/mops-2010-019-serendipity-wysiwyg-editor-plugin-configuration-injection-vulnerability/index.html",
"refsource": "MISC",
"url": "http://www.php-security.org/2010/05/10/mops-2010-019-serendipity-wysiwyg-editor-plugin-configuration-injection-vulnerability/index.html"
}
]
}
}

160
2010/1xxx/CVE-2010-1952.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1952",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the BeeHeard (com_beeheard) and BeeHeard Lite (com_beeheardlite) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1952",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "12239",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/12239"
},
{
"name" : "http://packetstormsecurity.org/1004-exploits/joomlabeeheardlite-lfi.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1004-exploits/joomlabeeheardlite-lfi.txt"
},
{
"name" : "39506",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39506"
},
{
"name" : "39475",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39475"
},
{
"name" : "combeeheard-index-file-inlclude(57845)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57845"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the BeeHeard (com_beeheard) and BeeHeard Lite (com_beeheardlite) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/1004-exploits/joomlabeeheardlite-lfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1004-exploits/joomlabeeheardlite-lfi.txt"
},
{
"name": "39506",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39506"
},
{
"name": "12239",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12239"
},
{
"name": "combeeheard-index-file-inlclude(57845)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57845"
},
{
"name": "39475",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39475"
}
]
}
}

250
2010/4xxx/CVE-2010-4197.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4197",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://trac.webkit.org/changeset/70594",
"refsource" : "MISC",
"url" : "http://trac.webkit.org/changeset/70594"
},
{
"name" : "https://bugs.webkit.org/show_bug.cgi?id=48349",
"refsource" : "MISC",
"url" : "https://bugs.webkit.org/show_bug.cgi?id=48349"
},
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=51602",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=51602"
},
{
"name" : "http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=656115",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=656115"
},
{
"name" : "FEDORA-2011-0121",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html"
},
{
"name" : "MDVSA-2011:039",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name" : "RHSA-2011:0177",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0177.html"
},
{
"name" : "45720",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45720"
},
{
"name" : "oval:org.mitre.oval:def:12266",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12266"
},
{
"name" : "42109",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42109"
},
{
"name" : "43086",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43086"
},
{
"name" : "ADV-2011-0216",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0216"
},
{
"name" : "ADV-2011-0552",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0552"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:039",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name": "FEDORA-2011-0121",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html"
},
{
"name": "http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html"
},
{
"name": "http://trac.webkit.org/changeset/70594",
"refsource": "MISC",
"url": "http://trac.webkit.org/changeset/70594"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=51602",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=51602"
},
{
"name": "ADV-2011-0216",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0216"
},
{
"name": "42109",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42109"
},
{
"name": "43086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43086"
},
{
"name": "45720",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45720"
},
{
"name": "RHSA-2011:0177",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0177.html"
},
{
"name": "https://bugs.webkit.org/show_bug.cgi?id=48349",
"refsource": "MISC",
"url": "https://bugs.webkit.org/show_bug.cgi?id=48349"
},
{
"name": "ADV-2011-0552",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"name": "oval:org.mitre.oval:def:12266",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12266"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=656115",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=656115"
}
]
}
}

34
2010/4xxx/CVE-2010-4315.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4315",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4315",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

240
2010/4xxx/CVE-2010-4326.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4326",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via variables in a VCALENDAR message, as demonstrated by a long (1) REQUEST-STATUS, (2) TZNAME, (3) COMMENT, or (4) RRULE variable in this message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-025/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-025/"
},
{
"name" : "http://zerodayinitiative.com/advisories/ZDI-10-239/",
"refsource" : "MISC",
"url" : "http://zerodayinitiative.com/advisories/ZDI-10-239/"
},
{
"name" : "http://zerodayinitiative.com/advisories/ZDI-10-240/",
"refsource" : "MISC",
"url" : "http://zerodayinitiative.com/advisories/ZDI-10-240/"
},
{
"name" : "http://zerodayinitiative.com/advisories/ZDI-10-243/",
"refsource" : "MISC",
"url" : "http://zerodayinitiative.com/advisories/ZDI-10-243/"
},
{
"name" : "http://www.facebook.com/note.php?note_id=477865030928",
"refsource" : "CONFIRM",
"url" : "http://www.facebook.com/note.php?note_id=477865030928"
},
{
"name" : "http://www.novell.com/support/viewContent.do?externalId=7007155&sliceId=1",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/viewContent.do?externalId=7007155&sliceId=1"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=642339",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=642339"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=642340",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=642340"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=642345",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=642345"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=642349",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=642349"
},
{
"name" : "45994",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45994"
},
{
"name" : "ADV-2011-0219",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0219"
},
{
"name" : "groupwise-requeststatus-bo(64929)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64929"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via variables in a VCALENDAR message, as demonstrated by a long (1) REQUEST-STATUS, (2) TZNAME, (3) COMMENT, or (4) RRULE variable in this message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=642340",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642340"
},
{
"name": "45994",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45994"
},
{
"name": "groupwise-requeststatus-bo(64929)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64929"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=642339",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642339"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=642349",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642349"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=642345",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=642345"
},
{
"name": "http://www.facebook.com/note.php?note_id=477865030928",
"refsource": "CONFIRM",
"url": "http://www.facebook.com/note.php?note_id=477865030928"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-10-239/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-239/"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7007155&sliceId=1",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7007155&sliceId=1"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-025/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-025/"
},
{
"name": "ADV-2011-0219",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0219"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-10-240/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-240/"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-10-243/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-243/"
}
]
}
}

300
2010/4xxx/CVE-2010-4450.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4450",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-4450",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html"
},
{
"name" : "http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/",
"refsource" : "CONFIRM",
"url" : "http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html",
"refsource" : "CONFIRM",
"url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html"
},
{
"name" : "DSA-2224",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2224"
},
{
"name" : "FEDORA-2011-1631",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html"
},
{
"name" : "FEDORA-2011-1645",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html"
},
{
"name" : "GLSA-201406-32",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name" : "HPSBMU02797",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name" : "SSRT100867",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name" : "HPSBMU02799",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name" : "MDVSA-2011:054",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054"
},
{
"name" : "RHSA-2011:0281",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0281.html"
},
{
"name" : "RHSA-2011:0282",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0282.html"
},
{
"name" : "46397",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46397"
},
{
"name" : "oval:org.mitre.oval:def:12420",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12420"
},
{
"name" : "oval:org.mitre.oval:def:14135",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14135"
},
{
"name" : "43350",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43350"
},
{
"name" : "oracle-java-launcher-code-exec(65406)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65406"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html",
"refsource": "CONFIRM",
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html"
},
{
"name": "FEDORA-2011-1631",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "HPSBMU02799",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name": "FEDORA-2011-1645",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html"
},
{
"name": "http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/",
"refsource": "CONFIRM",
"url": "http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released/"
},
{
"name": "oval:org.mitre.oval:def:14135",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14135"
},
{
"name": "46397",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46397"
},
{
"name": "43350",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43350"
},
{
"name": "RHSA-2011:0282",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0282.html"
},
{
"name": "DSA-2224",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2224"
},
{
"name": "SSRT100867",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name": "RHSA-2011:0281",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0281.html"
},
{
"name": "oracle-java-launcher-code-exec(65406)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65406"
},
{
"name": "oval:org.mitre.oval:def:12420",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12420"
},
{
"name": "MDVSA-2011:054",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054"
},
{
"name": "HPSBMU02797",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
}
]
}
}

150
2010/5xxx/CVE-2010-5053.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5053",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the XOBBIX (com_xobbix) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a prod_desc action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1004-exploits/joomlaxobbix-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1004-exploits/joomlaxobbix-sql.txt"
},
{
"name" : "http://www.exploit-db.com/exploits/12097",
"refsource" : "MISC",
"url" : "http://www.exploit-db.com/exploits/12097"
},
{
"name" : "39259",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39259"
},
{
"name" : "39312",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39312"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the XOBBIX (com_xobbix) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a prod_desc action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39312",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39312"
},
{
"name": "http://www.exploit-db.com/exploits/12097",
"refsource": "MISC",
"url": "http://www.exploit-db.com/exploits/12097"
},
{
"name": "http://packetstormsecurity.org/1004-exploits/joomlaxobbix-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1004-exploits/joomlaxobbix-sql.txt"
},
{
"name": "39259",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39259"
}
]
}
}

170
2014/0xxx/CVE-2014-0425.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0425",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft Enterprise SCM Services Procurement component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-0425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name" : "64758",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64758"
},
{
"name" : "64889",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64889"
},
{
"name" : "102044",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102044"
},
{
"name" : "1029623",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029623"
},
{
"name" : "56479",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56479"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the PeopleSoft Enterprise SCM Services Procurement component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64889",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64889"
},
{
"name": "102044",
"refsource": "OSVDB",
"url": "http://osvdb.org/102044"
},
{
"name": "56479",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56479"
},
{
"name": "1029623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029623"
},
{
"name": "64758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64758"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
}
]
}
}

750
2014/0xxx/CVE-2014-0453.json
View File

@ -1,377 +1,377 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0453",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-0453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21675343",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21675343"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21675588",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21675588"
},
{
"name" : "https://www.ibm.com/support/docview.wss?uid=swg21674530",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=swg21674530"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21672080",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21672080"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21673836",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21673836"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676703",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676703"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21674539",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21674539"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675945",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675945"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21678113",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21678113"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21679713",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21679713"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681018",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681018"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681047",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681047"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681256",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681256"
},
{
"name" : "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096132",
"refsource" : "CONFIRM",
"url" : "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096132"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21677387",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21677387"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680387",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680387"
},
{
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698",
"refsource" : "CONFIRM",
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683484",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683484"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21679610",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21679610"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680750",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680750"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676373",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676373"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676672",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676672"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676190",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676190"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677294",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677294"
},
{
"name" : "DSA-2912",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2912"
},
{
"name" : "GLSA-201406-32",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name" : "GLSA-201502-12",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml"
},
{
"name" : "HPSBUX03091",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
},
{
"name" : "HPSBUX03092",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140852974709252&w=2"
},
{
"name" : "SSRT101667",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
},
{
"name" : "SSRT101668",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140852974709252&w=2"
},
{
"name" : "RHSA-2014:0675",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0675.html"
},
{
"name" : "RHSA-2014:0685",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0685.html"
},
{
"name" : "RHSA-2014:0413",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2014:0413"
},
{
"name" : "RHSA-2014:0414",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2014:0414"
},
{
"name" : "USN-2191-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2191-1"
},
{
"name" : "USN-2187-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2187-1"
},
{
"name" : "66914",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66914"
},
{
"name" : "58415",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58415"
},
{
"name" : "59071",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59071"
},
{
"name" : "59082",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59082"
},
{
"name" : "59104",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59104"
},
{
"name" : "59250",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59250"
},
{
"name" : "59255",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59255"
},
{
"name" : "59022",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59022"
},
{
"name" : "59438",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59438"
},
{
"name" : "59023",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59023"
},
{
"name" : "59722",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59722"
},
{
"name" : "59733",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59733"
},
{
"name" : "59675",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59675"
},
{
"name" : "59653",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59653"
},
{
"name" : "60003",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60003"
},
{
"name" : "60111",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60111"
},
{
"name" : "60117",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60117"
},
{
"name" : "60498",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60498"
},
{
"name" : "61050",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61050"
},
{
"name" : "61264",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61264"
},
{
"name" : "60574",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60574"
},
{
"name" : "60580",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60580"
},
{
"name" : "59194",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59194"
},
{
"name" : "59436",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59436"
},
{
"name" : "59307",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59307"
},
{
"name" : "59324",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59324"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676373",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676373"
},
{
"name": "59022",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59022"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680750",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680750"
},
{
"name": "USN-2187-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2187-1"
},
{
"name": "RHSA-2014:0675",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0675.html"
},
{
"name": "RHSA-2014:0414",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2014:0414"
},
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "59324",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59324"
},
{
"name": "USN-2191-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2191-1"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21679610",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679610"
},
{
"name": "59733",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59733"
},
{
"name": "61050",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61050"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676672",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676672"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698"
},
{
"name": "HPSBUX03091",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681047",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681047"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675945",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675945"
},
{
"name": "RHSA-2014:0413",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2014:0413"
},
{
"name": "SSRT101667",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
},
{
"name": "HPSBUX03092",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140852974709252&w=2"
},
{
"name": "61264",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61264"
},
{
"name": "59194",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59194"
},
{
"name": "60498",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60498"
},
{
"name": "RHSA-2014:0685",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0685.html"
},
{
"name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096132",
"refsource": "CONFIRM",
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096132"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678113",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678113"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677294",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677294"
},
{
"name": "59436",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59436"
},
{
"name": "59653",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59653"
},
{
"name": "59071",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59071"
},
{
"name": "DSA-2912",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2912"
},
{
"name": "66914",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66914"
},
{
"name": "60117",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60117"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681256",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681256"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680387",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680387"
},
{
"name": "60574",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60574"
},
{
"name": "59722",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59722"
},
{
"name": "58415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58415"
},
{
"name": "59104",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59104"
},
{
"name": "59675",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59675"
},
{
"name": "SSRT101668",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140852974709252&w=2"
},
{
"name": "59438",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59438"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21674539",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674539"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683484",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683484"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21673836",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673836"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=swg21674530",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=swg21674530"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21677387",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21677387"
},
{
"name": "59023",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59023"
},
{
"name": "59307",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59307"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21679713",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679713"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21675343",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21675343"
},
{
"name": "59082",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59082"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676703",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676703"
},
{
"name": "59250",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59250"
},
{
"name": "60580",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60580"
},
{
"name": "GLSA-201502-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201502-12.xml"
},
{
"name": "59255",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59255"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681018",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681018"
},
{
"name": "60111",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60111"
},
{
"name": "60003",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60003"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676190",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676190"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21675588",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21675588"
}
]
}
}

180
2014/0xxx/CVE-2014-0674.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0674",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Video Surveillance Operations Manager (VSOM) does not require authentication for MySQL database connections, which allows remote attackers to obtain sensitive information, modify data, or cause a denial of service by leveraging network connectivity from a client system with a crafted host name, aka Bug ID CSCud10992."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-0674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140123 Cisco Video Surveillance Operations Manager MySQL Database Insufficient Authentication Controls",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0674"
},
{
"name" : "USN-2739-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2739-1"
},
{
"name" : "65111",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65111"
},
{
"name" : "102409",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102409"
},
{
"name" : "1029692",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029692"
},
{
"name" : "56619",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56619"
},
{
"name" : "cisco-vsom-cve20140674-unauth-access(90651)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90651"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Video Surveillance Operations Manager (VSOM) does not require authentication for MySQL database connections, which allows remote attackers to obtain sensitive information, modify data, or cause a denial of service by leveraging network connectivity from a client system with a crafted host name, aka Bug ID CSCud10992."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-vsom-cve20140674-unauth-access(90651)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90651"
},
{
"name": "20140123 Cisco Video Surveillance Operations Manager MySQL Database Insufficient Authentication Controls",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0674"
},
{
"name": "102409",
"refsource": "OSVDB",
"url": "http://osvdb.org/102409"
},
{
"name": "65111",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65111"
},
{
"name": "USN-2739-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2739-1"
},
{
"name": "1029692",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029692"
},
{
"name": "56619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56619"
}
]
}
}

130
2014/0xxx/CVE-2014-0684.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0684",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause a denial of service via crafted sed input, aka Bug ID CSCui56136."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-0684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34131",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34131"
},
{
"name" : "20140505 Cisco Nexus 7000 Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0684"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause a denial of service via crafted sed input, aka Bug ID CSCui56136."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34131",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34131"
},
{
"name": "20140505 Cisco Nexus 7000 Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0684"
}
]
}
}

132
2014/10xxx/CVE-2014-10048.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00",
"ID" : "CVE-2014-10048",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
{
"version_value" : "MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SDX20"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, while setting the offsets, time-services allows the user to set bases greater than valid base value which will lead to array index out-of-bound."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper validation of Array Index in Services."
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-04-02T00:00:00",
"ID": "CVE-2014-10048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SDX20"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name" : "103671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103671"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, while setting the offsets, time-services allows the user to set bases greater than valid base value which will lead to array index out-of-bound."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper validation of Array Index in Services."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
}

150
2014/1xxx/CVE-2014-1232.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1232",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Foliopress WYSIWYG plugin before 2.6.8.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://wordpress.org/plugins/foliopress-wysiwyg/changelog",
"refsource" : "CONFIRM",
"url" : "http://wordpress.org/plugins/foliopress-wysiwyg/changelog"
},
{
"name" : "64666",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64666"
},
{
"name" : "56261",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56261"
},
{
"name" : "foliopress-unspecified-xss(90102)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90102"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Foliopress WYSIWYG plugin before 2.6.8.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64666",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64666"
},
{
"name": "foliopress-unspecified-xss(90102)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90102"
},
{
"name": "56261",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56261"
},
{
"name": "http://wordpress.org/plugins/foliopress-wysiwyg/changelog",
"refsource": "CONFIRM",
"url": "http://wordpress.org/plugins/foliopress-wysiwyg/changelog"
}
]
}
}

150
2014/1xxx/CVE-2014-1371.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1371",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by leveraging access to a sandboxed application for sending a message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-1371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT6296",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT6296"
},
{
"name" : "APPLE-SA-2014-06-30-2",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html"
},
{
"name" : "1030505",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030505"
},
{
"name" : "59475",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59475"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Array index error in Dock in Apple OS X before 10.9.4 allows attackers to execute arbitrary code or cause a denial of service (incorrect function-pointer dereference and application crash) by leveraging access to a sandboxed application for sending a message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT6296",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6296"
},
{
"name": "1030505",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030505"
},
{
"name": "APPLE-SA-2014-06-30-2",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html"
},
{
"name": "59475",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59475"
}
]
}
}

130
2014/4xxx/CVE-2014-4835.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4835",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM ServerGuide before 9.63, UpdateXpress System Packs Installer (UXSPI) before 9.63, and ToolsCenter Suite before 9.63 place credentials in logs, which allows local users to obtain sensitive information by reading a file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096777",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096777"
},
{
"name" : "ibm-serverguide-cve20144835-sec-bypass(95629)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95629"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM ServerGuide before 9.63, UpdateXpress System Packs Installer (UXSPI) before 9.63, and ToolsCenter Suite before 9.63 place credentials in logs, which allows local users to obtain sensitive information by reading a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096777",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096777"
},
{
"name": "ibm-serverguide-cve20144835-sec-bypass(95629)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95629"
}
]
}
}

130
2014/4xxx/CVE-2014-4932.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4932",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Wordfence Security plugin before 5.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the val parameter to whois.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://techdefencelabs.com/security-advisories.html",
"refsource" : "MISC",
"url" : "http://techdefencelabs.com/security-advisories.html"
},
{
"name" : "https://www.wordfence.com/help/advanced/changelog/",
"refsource" : "CONFIRM",
"url" : "https://www.wordfence.com/help/advanced/changelog/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Wordfence Security plugin before 5.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the val parameter to whois.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wordfence.com/help/advanced/changelog/",
"refsource": "CONFIRM",
"url": "https://www.wordfence.com/help/advanced/changelog/"
},
{
"name": "http://techdefencelabs.com/security-advisories.html",
"refsource": "MISC",
"url": "http://techdefencelabs.com/security-advisories.html"
}
]
}
}

160
2014/9xxx/CVE-2014-9749.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9749",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka \"Nonce replay vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20151001 CVE Request: squid: Nonce replay vulnerability in Digest authentication",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/10/01/1"
},
{
"name" : "[oss-security] 20151011 Re: CVE Request: squid: Nonce replay vulnerability in Digest authentication",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/10/11/4"
},
{
"name" : "[oss-security] 20151012 Re: Re: CVE Request: squid: Nonce replay vulnerability in Digest authentication",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/10/12/2"
},
{
"name" : "http://bugs.squid-cache.org/show_bug.cgi?id=4066",
"refsource" : "CONFIRM",
"url" : "http://bugs.squid-cache.org/show_bug.cgi?id=4066"
},
{
"name" : "openSUSE-SU-2015:1835",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-10/msg00052.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka \"Nonce replay vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20151001 CVE Request: squid: Nonce replay vulnerability in Digest authentication",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/01/1"
},
{
"name": "http://bugs.squid-cache.org/show_bug.cgi?id=4066",
"refsource": "CONFIRM",
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=4066"
},
{
"name": "[oss-security] 20151011 Re: CVE Request: squid: Nonce replay vulnerability in Digest authentication",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/11/4"
},
{
"name": "openSUSE-SU-2015:1835",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00052.html"
},
{
"name": "[oss-security] 20151012 Re: Re: CVE Request: squid: Nonce replay vulnerability in Digest authentication",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/12/2"
}
]
}
}

150
2014/9xxx/CVE-2014-9823.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9823",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9819."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141224 Imagemagick fuzzing bug",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/12/24/1"
},
{
"name" : "[oss-security] 20160602 Re: ImageMagick CVEs",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=09561d37839dbfa04e017eea14811312985095d8",
"refsource" : "CONFIRM",
"url" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=09561d37839dbfa04e017eea14811312985095d8"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343479",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343479"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9819."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343479",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343479"
},
{
"name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=09561d37839dbfa04e017eea14811312985095d8",
"refsource": "CONFIRM",
"url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=09561d37839dbfa04e017eea14811312985095d8"
},
{
"name": "[oss-security] 20160602 Re: ImageMagick CVEs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name": "[oss-security] 20141224 Imagemagick fuzzing bug",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/12/24/1"
}
]
}
}

190
2014/9xxx/CVE-2014-9904.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9904",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2014-9904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6217e5ede23285ddfee10d2e4ba0cc2d4c046205",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6217e5ede23285ddfee10d2e4ba0cc2d4c046205"
},
{
"name" : "https://github.com/torvalds/linux/commit/6217e5ede23285ddfee10d2e4ba0cc2d4c046205",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/6217e5ede23285ddfee10d2e4ba0cc2d4c046205"
},
{
"name" : "DSA-3616",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3616"
},
{
"name" : "SUSE-SU-2016:1937",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
},
{
"name" : "SUSE-SU-2016:2105",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name" : "openSUSE-SU-2016:2184",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name" : "91510",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91510"
},
{
"name" : "1036189",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036189"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:2184",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
},
{
"name": "1036189",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036189"
},
{
"name": "91510",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91510"
},
{
"name": "DSA-3616",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3616"
},
{
"name": "https://github.com/torvalds/linux/commit/6217e5ede23285ddfee10d2e4ba0cc2d4c046205",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/6217e5ede23285ddfee10d2e4ba0cc2d4c046205"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6217e5ede23285ddfee10d2e4ba0cc2d4c046205",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6217e5ede23285ddfee10d2e4ba0cc2d4c046205"
},
{
"name": "SUSE-SU-2016:2105",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
},
{
"name": "SUSE-SU-2016:1937",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
}
]
}
}

130
2014/9xxx/CVE-2014-9910.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2014-9910",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31746399. References: B-RB#26710."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2014-9910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2016-12-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2016-12-01.html"
},
{
"name" : "94685",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94685"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31746399. References: B-RB#26710."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2016-12-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-12-01.html"
},
{
"name": "94685",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94685"
}
]
}
}

130
2016/3xxx/CVE-2016-3236.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3236",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles proxy discovery, which allows remote attackers to redirect network traffic via unspecified vectors, aka \"Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-077",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-077"
},
{
"name" : "1036104",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036104"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles proxy discovery, which allows remote attackers to redirect network traffic via unspecified vectors, aka \"Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-077",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-077"
},
{
"name": "1036104",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036104"
}
]
}
}

140
2016/3xxx/CVE-2016-3362.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3362",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3365."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-107",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
},
{
"name" : "92799",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92799"
},
{
"name" : "1036785",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036785"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3365."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92799",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92799"
},
{
"name": "1036785",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036785"
},
{
"name": "MS16-107",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107"
}
]
}
}

140
2016/3xxx/CVE-2016-3869.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3869",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Broadcom Wi-Fi driver in Android before 2016-09-05 on Nexus 5, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29009982 and Broadcom internal bug RB#96070."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-09-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-09-01.html"
},
{
"name" : "92885",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92885"
},
{
"name" : "1036763",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036763"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Broadcom Wi-Fi driver in Android before 2016-09-05 on Nexus 5, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29009982 and Broadcom internal bug RB#96070."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-09-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-09-01.html"
},
{
"name": "1036763",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036763"
},
{
"name": "92885",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92885"
}
]
}
}

34
2016/6xxx/CVE-2016-6387.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6387",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-6387",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/6xxx/CVE-2016-6575.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6575",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6575",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2016/7xxx/CVE-2016-7024.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7024",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7024",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

180
2016/7xxx/CVE-2016-7241.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2016-7241",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "40875",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40875/"
},
{
"name" : "http://packetstormsecurity.com/files/139991/Microsoft-Edge-JSON.parse-Information-Leak.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/139991/Microsoft-Edge-JSON.parse-Information-Leak.html"
},
{
"name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=952",
"refsource" : "MISC",
"url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=952"
},
{
"name" : "MS16-129",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129"
},
{
"name" : "MS16-142",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-142"
},
{
"name" : "94055",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94055"
},
{
"name" : "1037245",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037245"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-129",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129"
},
{
"name": "40875",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40875/"
},
{
"name": "http://packetstormsecurity.com/files/139991/Microsoft-Edge-JSON.parse-Information-Leak.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/139991/Microsoft-Edge-JSON.parse-Information-Leak.html"
},
{
"name": "MS16-142",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-142"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=952",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=952"
},
{
"name": "1037245",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037245"
},
{
"name": "94055",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94055"
}
]
}
}

34
2016/7xxx/CVE-2016-7338.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7338",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7338",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/7xxx/CVE-2016-7574.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7574",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7574",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2016/7xxx/CVE-2016-7736.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7736",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7736",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/8xxx/CVE-2016-8095.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8095",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-8095",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

130
2016/8xxx/CVE-2016-8876.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8876",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF image embedded in the XFA stream in a PDF document, aka \"Read Access Violation starting at FoxitReader.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name" : "93608",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93608"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF image embedded in the XFA stream in a PDF document, aka \"Read Access Violation starting at FoxitReader.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93608",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93608"
},
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}