admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:13:17 +00:00
parent 0241a824c1
commit d942896aad
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
59 changed files with 4393 additions and 4393 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

168
2006/5xxx/CVE-2006-5071.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5071", "ID": "CVE-2006-5071",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in eyeOS before 0.9.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) eyeNav and (2) system/baixar.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://eyeos.blogspot.com/2006/09/eyeos-091-released.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://eyeos.blogspot.com/2006/09/eyeos-091-released.html" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in eyeOS before 0.9.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) eyeNav and (2) system/baixar.php."
{ }
"name" : "http://sourceforge.net/project/shownotes.php?group_id=145027&release_id=450490", ]
"refsource" : "CONFIRM", },
"url" : "http://sourceforge.net/project/shownotes.php?group_id=145027&release_id=450490" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20213", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/20213" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-3780", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/3780" ]
}, },
{ "references": {
"name" : "22117", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22117" "name": "22117",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22117"
"name" : "eyeos-unspecified-xss(29190)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29190" "name": "20213",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/20213"
} },
{
"name": "http://eyeos.blogspot.com/2006/09/eyeos-091-released.html",
"refsource": "CONFIRM",
"url": "http://eyeos.blogspot.com/2006/09/eyeos-091-released.html"
},
{
"name": "eyeos-unspecified-xss(29190)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29190"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=145027&release_id=450490",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=145027&release_id=450490"
},
{
"name": "ADV-2006-3780",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3780"
}
]
}
} }

188
2006/5xxx/CVE-2006-5873.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5873", "ID": "CVE-2006-5873",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the cluster_process_heartbeat function in cluster.c in layer 2 tunneling protocol network server (l2tpns) before 2.1.21 allows remote attackers to cause a denial of service via a large heartbeat packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://l2tpns.cvs.sourceforge.net/l2tpns/l2tpns/cluster.c?r1=1.53&r2=1.54", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://l2tpns.cvs.sourceforge.net/l2tpns/l2tpns/cluster.c?r1=1.53&r2=1.54" "lang": "eng",
}, "value": "Buffer overflow in the cluster_process_heartbeat function in cluster.c in layer 2 tunneling protocol network server (l2tpns) before 2.1.21 allows remote attackers to cause a denial of service via a large heartbeat packet."
{ }
"name" : "http://sourceforge.net/project/shownotes.php?group_id=97282&release_id=468202", ]
"refsource" : "CONFIRM", },
"url" : "http://sourceforge.net/project/shownotes.php?group_id=97282&release_id=468202" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-1230", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1230" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "21443", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/21443" ]
}, },
{ "references": {
"name" : "ADV-2006-4860", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4860" "name": "23333",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/23333"
"name" : "23230", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23230" "name": "http://sourceforge.net/project/shownotes.php?group_id=97282&release_id=468202",
}, "refsource": "CONFIRM",
{ "url": "http://sourceforge.net/project/shownotes.php?group_id=97282&release_id=468202"
"name" : "23333", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23333" "name": "23230",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/23230"
"name" : "l2tpns-heartbeat-dos(30732)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30732" "name": "http://l2tpns.cvs.sourceforge.net/l2tpns/l2tpns/cluster.c?r1=1.53&r2=1.54",
} "refsource": "CONFIRM",
] "url": "http://l2tpns.cvs.sourceforge.net/l2tpns/l2tpns/cluster.c?r1=1.53&r2=1.54"
} },
{
"name": "l2tpns-heartbeat-dos(30732)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30732"
},
{
"name": "DSA-1230",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1230"
},
{
"name": "ADV-2006-4860",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4860"
},
{
"name": "21443",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21443"
}
]
}
} }

198
2007/2xxx/CVE-2007-2128.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2128", "ID": "CVE-2007-2128",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Sales Online component for Oracle E-Business Suite 11.5.10 has unknown impact and remote authenticated attack vectors, aka APPS08."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf" "lang": "eng",
}, "value": "Unspecified vulnerability in the Sales Online component for Oracle E-Business Suite 11.5.10 has unknown impact and remote authenticated attack vectors, aka APPS08."
{ }
"name" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html", ]
"refsource" : "MISC", },
"url" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "HPSBMA02133", ]
"refsource" : "HP", }
"url" : "http://www.securityfocus.com/archive/1/466329/100/200/threaded" ]
}, },
{ "references": {
"name" : "SSRT061201", "reference_data": [
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/466329/100/200/threaded" "name": "TA07-108A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA07-108A.html"
"name" : "TA07-108A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-108A.html" "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html"
"name" : "23532", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/23532" "name": "23532",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/23532"
"name" : "ADV-2007-1426", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/1426" "name": "1017927",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1017927"
"name" : "1017927", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1017927" "name": "SSRT061201",
} "refsource": "HP",
] "url": "http://www.securityfocus.com/archive/1/466329/100/200/threaded"
} },
{
"name": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html"
},
{
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/466329/100/200/threaded"
},
{
"name": "ADV-2007-1426",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1426"
},
{
"name": "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf",
"refsource": "MISC",
"url": "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf"
}
]
}
} }

178
2007/2xxx/CVE-2007-2281.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2281", "ID": "CVE-2007-2281",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the _ncp32._NtrpTCPReceiveMsg function in rds.exe in the Cell Manager Database Service in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via a large value in the size parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://dvlabs.tippingpoint.com/advisory/TPTI-09-15", "description_data": [
"refsource" : "MISC", {
"url" : "http://dvlabs.tippingpoint.com/advisory/TPTI-09-15" "lang": "eng",
}, "value": "Integer overflow in the _ncp32._NtrpTCPReceiveMsg function in rds.exe in the Cell Manager Database Service in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via a large value in the size parameter."
{ }
"name" : "HPSBMA02252", ]
"refsource" : "HP", },
"url" : "http://marc.info/?l=bugtraq&m=126106261622540&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SSRT061258", "description": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=126106261622540&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SSRT061259", ]
"refsource" : "HP", }
"url" : "http://marc.info/?l=bugtraq&m=126106261622540&w=2" ]
}, },
{ "references": {
"name" : "37386", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/37386" "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-09-15",
}, "refsource": "MISC",
{ "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-09-15"
"name" : "1023361", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1023361" "name": "HPSBMA02252",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=126106261622540&w=2"
"name" : "ADV-2009-3594", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3594" "name": "SSRT061258",
} "refsource": "HP",
] "url": "http://marc.info/?l=bugtraq&m=126106261622540&w=2"
} },
{
"name": "1023361",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023361"
},
{
"name": "ADV-2009-3594",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3594"
},
{
"name": "37386",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37386"
},
{
"name": "SSRT061259",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=126106261622540&w=2"
}
]
}
} }

148
2007/2xxx/CVE-2007-2332.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2332", "ID": "CVE-2007-2332",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_05.140 uses a fixed DES key to encrypt passwords, which allows remote authenticated users to obtain a password via a brute force attack on a hash from the LDAP store."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null" "lang": "eng",
}, "value": "Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_05.140 uses a fixed DES key to encrypt passwords, which allows remote authenticated users to obtain a password via a brute force attack on a hash from the LDAP store."
{ }
"name" : "23562", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/23562" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2007-1464", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/1464" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "24962", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/24962" ]
} },
] "references": {
} "reference_data": [
{
"name": "23562",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23562"
},
{
"name": "24962",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24962"
},
{
"name": "ADV-2007-1464",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1464"
},
{
"name": "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null",
"refsource": "CONFIRM",
"url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=567877&RenditionID=&poid=null"
}
]
}
} }

328
2007/3xxx/CVE-2007-3103.json
View File

@ -1,167 +1,167 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2007-3103", "ID": "CVE-2007-3103",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070712 Red Hat Enterprise Linux init.d XFS Script chown Race Condition Vulnerability", "description_data": [
"refsource" : "IDEFENSE", {
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=557" "lang": "eng",
}, "value": "The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file."
{ }
"name" : "20070717 rPSA-2007-0141-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/473869/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "5167", "description": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5167" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://bugzilla.redhat.com/242903", ]
"refsource" : "CONFIRM", }
"url" : "http://bugzilla.redhat.com/242903" ]
}, },
{ "references": {
"name" : "https://issues.rpath.com/browse/RPL-1485", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://issues.rpath.com/browse/RPL-1485" "name": "oval:org.mitre.oval:def:10802",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10802"
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=185660", },
"refsource" : "CONFIRM", {
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=185660" "name": "35674",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35674"
"name" : "DSA-1342", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2007/dsa-1342" "name": "24888",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/24888"
"name" : "FEDORA-2009-3651", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00096.html" "name": "RHSA-2007:0520",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2007-0520.html"
"name" : "FEDORA-2009-3666", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00095.html" "name": "26081",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/26081"
"name" : "GLSA-200710-11", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200710-11.xml" "name": "DSA-1342",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2007/dsa-1342"
"name" : "RHSA-2007:0519", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0519.html" "name": "https://issues.rpath.com/browse/RPL-1485",
}, "refsource": "CONFIRM",
{ "url": "https://issues.rpath.com/browse/RPL-1485"
"name" : "RHSA-2007:0520", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0520.html" "name": "27240",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/27240"
"name" : "24888", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/24888" "name": "26056",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/26056"
"name" : "40945", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/40945" "name": "20070717 rPSA-2007-0141-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/473869/100/0/threaded"
"name" : "oval:org.mitre.oval:def:10802", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10802" "name": "5167",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/5167"
"name" : "1018375", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1018375" "name": "1018375",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1018375"
"name" : "26081", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26081" "name": "GLSA-200710-11",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200710-11.xml"
"name" : "26282", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26282" "name": "FEDORA-2009-3666",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00095.html"
"name" : "26056", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26056" "name": "http://bugzilla.redhat.com/242903",
}, "refsource": "CONFIRM",
{ "url": "http://bugzilla.redhat.com/242903"
"name" : "27240", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27240" "name": "redhat-xfs-privilege-escalation(35375)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35375"
"name" : "35674", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35674" "name": "20070712 Red Hat Enterprise Linux init.d XFS Script chown Race Condition Vulnerability",
}, "refsource": "IDEFENSE",
{ "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=557"
"name" : "redhat-xfs-privilege-escalation(35375)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35375" "name": "26282",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/26282"
} },
{
"name": "RHSA-2007:0519",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0519.html"
},
{
"name": "40945",
"refsource": "OSVDB",
"url": "http://osvdb.org/40945"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=185660",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185660"
},
{
"name": "FEDORA-2009-3651",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00096.html"
}
]
}
} }

138
2007/3xxx/CVE-2007-3421.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3421", "ID": "CVE-2007-3421",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) login, (2) admin profile edit, (3) reminder, (4) edit profile, (5) profile view, (6) gallery view, (7) gallery comment, and (8) gallery feedback capabilities in web-app.org WebAPP before 0.9.9.7 do not verify presence of users in memberlist.dat, which has unknown impact and remote attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458" "lang": "eng",
}, "value": "The (1) login, (2) admin profile edit, (3) reminder, (4) edit profile, (5) profile view, (6) gallery view, (7) gallery comment, and (8) gallery feedback capabilities in web-app.org WebAPP before 0.9.9.7 do not verify presence of users in memberlist.dat, which has unknown impact and remote attack vectors."
{ }
"name" : "http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip", ]
"refsource" : "CONFIRM", },
"url" : "http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "45402", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/45402" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "45402",
"refsource": "OSVDB",
"url": "http://osvdb.org/45402"
},
{
"name": "http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip",
"refsource": "CONFIRM",
"url": "http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip"
},
{
"name": "http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458",
"refsource": "CONFIRM",
"url": "http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458"
}
]
}
} }

158
2007/3xxx/CVE-2007-3592.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3592", "ID": "CVE-2007-3592",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PM.php in Elite Bulletin Board before 1.0.10 allows remote authenticated users to delete arbitrary PM messages and conduct other attacks via modified id fields."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sourceforge.net/project/shownotes.php?release_id=520558&group_id=175118", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=520558&group_id=175118" "lang": "eng",
}, "value": "PM.php in Elite Bulletin Board before 1.0.10 allows remote authenticated users to delete arbitrary PM messages and conduct other attacks via modified id fields."
{ }
"name" : "24763", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/24763" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "37820", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/37820" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "25926", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/25926" ]
}, },
{ "references": {
"name" : "elite-pm-data-manipulation(35262)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35262" "name": "37820",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/37820"
} },
{
"name": "25926",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25926"
},
{
"name": "elite-pm-data-manipulation(35262)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35262"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=520558&group_id=175118",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=520558&group_id=175118"
},
{
"name": "24763",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24763"
}
]
}
} }

158
2007/3xxx/CVE-2007-3956.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3956", "ID": "CVE-2007-3956",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TeamSpeak WebServer 2.0 for Windows does not validate parameter value lengths and does not expire TCP sessions, which allows remote attackers to cause a denial of service (CPU and memory consumption) via long username and password parameters in a request to login.tscmd on TCP port 14534."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "4205", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/4205" "lang": "eng",
}, "value": "TeamSpeak WebServer 2.0 for Windows does not validate parameter value lengths and does not expire TCP sessions, which allows remote attackers to cause a denial of service (CPU and memory consumption) via long username and password parameters in a request to login.tscmd on TCP port 14534."
{ }
"name" : "24977", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/24977" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "38595", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/38595" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "26141", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/26141" ]
}, },
{ "references": {
"name" : "teamspeak-login-dos(35518)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35518" "name": "38595",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/38595"
} },
{
"name": "4205",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4205"
},
{
"name": "24977",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24977"
},
{
"name": "26141",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26141"
},
{
"name": "teamspeak-login-dos(35518)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35518"
}
]
}
} }

168
2007/6xxx/CVE-2007-6260.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6260", "ID": "CVE-2007-6260",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most accounts are disabled or their passwords are changed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20071113 Oracle 11g/10g Installation Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/483652/100/200/threaded" "lang": "eng",
}, "value": "The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most accounts are disabled or their passwords are changed."
{ }
"name" : "http://www.davidlitchfield.com/blog/archives/00000030.htm", ]
"refsource" : "MISC", },
"url" : "http://www.davidlitchfield.com/blog/archives/00000030.htm" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.oracle.com/technology/deploy/security/pdf/twp_security_checklist_db_database_20071108.pdf", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technology/deploy/security/pdf/twp_security_checklist_db_database_20071108.pdf" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "26425", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/26425" ]
}, },
{ "references": {
"name" : "43673", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/43673" "name": "http://www.davidlitchfield.com/blog/archives/00000030.htm",
}, "refsource": "MISC",
{ "url": "http://www.davidlitchfield.com/blog/archives/00000030.htm"
"name" : "3419", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3419" "name": "43673",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/43673"
} },
{
"name": "3419",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3419"
},
{
"name": "26425",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26425"
},
{
"name": "20071113 Oracle 11g/10g Installation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483652/100/200/threaded"
},
{
"name": "http://www.oracle.com/technology/deploy/security/pdf/twp_security_checklist_db_database_20071108.pdf",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technology/deploy/security/pdf/twp_security_checklist_db_database_20071108.pdf"
}
]
}
} }

168
2007/6xxx/CVE-2007-6307.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6307", "ID": "CVE-2007-6307",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in clickstats.php in wwwstats 3.21 allow remote attackers to inject arbitrary web script or HTML via (1) the link parameter or (2) the User-Agent HTTP header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20071207 [ISecAuditors Security Advisories] wwwstats is vulnerable to Persistent XSS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/484727/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in clickstats.php in wwwstats 3.21 allow remote attackers to inject arbitrary web script or HTML via (1) the link parameter or (2) the User-Agent HTTP header."
{ }
"name" : "http://www.timeprog.com/wwwstats/", ]
"refsource" : "CONFIRM", },
"url" : "http://www.timeprog.com/wwwstats/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "26759", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/26759" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "28002", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/28002" ]
}, },
{ "references": {
"name" : "3431", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3431" "name": "20071207 [ISecAuditors Security Advisories] wwwstats is vulnerable to Persistent XSS",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/484727/100/0/threaded"
"name" : "wwwstats-clickstats-xss(38925)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38925" "name": "26759",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/26759"
} },
{
"name": "wwwstats-clickstats-xss(38925)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38925"
},
{
"name": "28002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28002"
},
{
"name": "3431",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3431"
},
{
"name": "http://www.timeprog.com/wwwstats/",
"refsource": "CONFIRM",
"url": "http://www.timeprog.com/wwwstats/"
}
]
}
} }

148
2007/6xxx/CVE-2007-6620.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6620", "ID": "CVE-2007-6620",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in include/images.inc.php in Joovili 2.x allows remote attackers to read arbitrary files via a .. (dot dot) in the picture parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "4799", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/4799" "lang": "eng",
}, "value": "Directory traversal vulnerability in include/images.inc.php in Joovili 2.x allows remote attackers to read arbitrary files via a .. (dot dot) in the picture parameter."
{ }
"name" : "27056", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/27056" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "40153", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/40153" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "28231", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/28231" ]
} },
] "references": {
} "reference_data": [
{
"name": "28231",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28231"
},
{
"name": "27056",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27056"
},
{
"name": "40153",
"refsource": "OSVDB",
"url": "http://osvdb.org/40153"
},
{
"name": "4799",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4799"
}
]
}
} }

348
2010/0xxx/CVE-2010-0013.json
View File

@ -1,177 +1,177 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-0013", "ID": "CVE-2010-0013",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20100102 CVE request - pidgin MSN arbitrary file upload", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2010/01/02/1" "lang": "eng",
}, "value": "Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon."
{ }
"name" : "[oss-security] 20100107 Re: CVE request - pidgin MSN arbitrary file upload", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2010/01/07/1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20100107 Re: CVE request - pidgin MSN arbitrary file upload", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2010/01/07/2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://d.pidgin.im/viewmtn/revision/info/3d02401cf232459fc80c0837d31e05fae7ae5467", ]
"refsource" : "MISC", }
"url" : "http://d.pidgin.im/viewmtn/revision/info/3d02401cf232459fc80c0837d31e05fae7ae5467" ]
}, },
{ "references": {
"name" : "http://d.pidgin.im/viewmtn/revision/info/4be2df4f72bd8a55cdae7f2554b73342a497c92f", "reference_data": [
"refsource" : "MISC", {
"url" : "http://d.pidgin.im/viewmtn/revision/info/4be2df4f72bd8a55cdae7f2554b73342a497c92f" "name": "[oss-security] 20100102 CVE request - pidgin MSN arbitrary file upload",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2010/01/02/1"
"name" : "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html", },
"refsource" : "MISC", {
"url" : "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html" "name": "37953",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37953"
"name" : "http://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810", },
"refsource" : "CONFIRM", {
"url" : "http://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810" "name": "http://d.pidgin.im/viewmtn/revision/info/3d02401cf232459fc80c0837d31e05fae7ae5467",
}, "refsource": "MISC",
{ "url": "http://d.pidgin.im/viewmtn/revision/info/3d02401cf232459fc80c0837d31e05fae7ae5467"
"name" : "http://developer.pidgin.im/viewmtn/revision/diff/3d02401cf232459fc80c0837d31e05fae7ae5467/with/c64a1adc8bda2b4aeaae1f273541afbc4f71b810/libpurple/protocols/msn/slp.c", },
"refsource" : "CONFIRM", {
"url" : "http://developer.pidgin.im/viewmtn/revision/diff/3d02401cf232459fc80c0837d31e05fae7ae5467/with/c64a1adc8bda2b4aeaae1f273541afbc4f71b810/libpurple/protocols/msn/slp.c" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=552483",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=552483"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=552483", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=552483" "name": "277450",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-277450-1"
"name" : "FEDORA-2010-0368", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033771.html" "name": "37954",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37954"
"name" : "FEDORA-2010-0429", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033848.html" "name": "MDVSA-2010:085",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:085"
"name" : "MDVSA-2010:085", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:085" "name": "[oss-security] 20100107 Re: CVE request - pidgin MSN arbitrary file upload",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2010/01/07/1"
"name" : "277450", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-277450-1" "name": "oval:org.mitre.oval:def:17620",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17620"
"name" : "1022203", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022203.1-1" "name": "1022203",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022203.1-1"
"name" : "SUSE-SR:2010:006", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html" "name": "ADV-2009-3663",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/3663"
"name" : "oval:org.mitre.oval:def:10333", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10333" "name": "http://developer.pidgin.im/viewmtn/revision/diff/3d02401cf232459fc80c0837d31e05fae7ae5467/with/c64a1adc8bda2b4aeaae1f273541afbc4f71b810/libpurple/protocols/msn/slp.c",
}, "refsource": "CONFIRM",
{ "url": "http://developer.pidgin.im/viewmtn/revision/diff/3d02401cf232459fc80c0837d31e05fae7ae5467/with/c64a1adc8bda2b4aeaae1f273541afbc4f71b810/libpurple/protocols/msn/slp.c"
"name" : "oval:org.mitre.oval:def:17620", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17620" "name": "FEDORA-2010-0368",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033771.html"
"name" : "37953", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37953" "name": "FEDORA-2010-0429",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033848.html"
"name" : "37954", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37954" "name": "ADV-2010-1020",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1020"
"name" : "38915", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38915" "name": "SUSE-SR:2010:006",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
"name" : "37961", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37961" "name": "oval:org.mitre.oval:def:10333",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10333"
"name" : "ADV-2009-3662", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3662" "name": "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html",
}, "refsource": "MISC",
{ "url": "http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html"
"name" : "ADV-2009-3663", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3663" "name": "http://d.pidgin.im/viewmtn/revision/info/4be2df4f72bd8a55cdae7f2554b73342a497c92f",
}, "refsource": "MISC",
{ "url": "http://d.pidgin.im/viewmtn/revision/info/4be2df4f72bd8a55cdae7f2554b73342a497c92f"
"name" : "ADV-2010-1020", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1020" "name": "ADV-2009-3662",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2009/3662"
} },
{
"name": "http://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810",
"refsource": "CONFIRM",
"url": "http://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810"
},
{
"name": "[oss-security] 20100107 Re: CVE request - pidgin MSN arbitrary file upload",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/01/07/2"
},
{
"name": "37961",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37961"
},
{
"name": "38915",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38915"
}
]
}
} }

158
2010/0xxx/CVE-2010-0275.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-0275", "ID": "CVE-2010-0275",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle script commands in the status-alerts URL, which has unspecified impact and attack vectors, aka SPR LSHR7TBM58."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27017776", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27017776" "lang": "eng",
}, "value": "Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle script commands in the status-alerts URL, which has unspecified impact and attack vectors, aka SPR LSHR7TBM58."
{ }
"name" : "37675", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/37675" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "38026", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38026" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2010-0077", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2010/0077" ]
}, },
{ "references": {
"name" : "domino-script-command-unspecified(55471)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55471" "name": "38026",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/38026"
} },
{
"name": "ADV-2010-0077",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0077"
},
{
"name": "domino-script-command-unspecified(55471)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55471"
},
{
"name": "37675",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37675"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776"
}
]
}
} }

398
2010/0xxx/CVE-2010-0307.json
View File

@ -1,202 +1,202 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-0307", "ID": "CVE-2010-0307",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" "lang": "eng",
}, "value": "The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function."
{ }
"name" : "[linux-mm] 20100128 DoS on x86_64", ]
"refsource" : "MLIST", },
"url" : "http://marc.info/?l=linux-mm&m=126466407724382&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20100201 CVE request - kernel: DoS on x86_64", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2010/02/01/1" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20100201 Re: CVE request - kernel: DoS on x86_64", ]
"refsource" : "MLIST", }
"url" : "http://www.openwall.com/lists/oss-security/2010/02/01/5" ]
}, },
{ "references": {
"name" : "[oss-security] 20100203 Re: CVE request - kernel: DoS on x86_64", "reference_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2010/02/04/1" "name": "oval:org.mitre.oval:def:10870",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10870"
"name" : "[oss-security] 20100204 Re: CVE request - kernel: DoS on x86_64", },
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2010/02/04/9" "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=221af7f87b97431e3ee21ce4b0e77d5411cf1549",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=221af7f87b97431e3ee21ce4b0e77d5411cf1549"
"name" : "http://www.globalsecuritymag.com/Vigil-nce-Linux-kernel-denial-of,20100202,15754.html", },
"refsource" : "MISC", {
"url" : "http://www.globalsecuritymag.com/Vigil-nce-Linux-kernel-denial-of,20100202,15754.html" "name": "[oss-security] 20100201 Re: CVE request - kernel: DoS on x86_64",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2010/02/01/5"
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=221af7f87b97431e3ee21ce4b0e77d5411cf1549", },
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=221af7f87b97431e3ee21ce4b0e77d5411cf1549" "name": "USN-914-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-914-1"
"name" : "http://marc.info/?t=126466700200002&r=1&w=2", },
"refsource" : "CONFIRM", {
"url" : "http://marc.info/?t=126466700200002&r=1&w=2" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=560547",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=560547"
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.8", },
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.8" "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.8",
}, "refsource": "CONFIRM",
{ "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.8"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=560547", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=560547" "name": "ADV-2010-0638",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/0638"
"name" : "http://support.avaya.com/css/P8/documents/100088287", },
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/css/P8/documents/100088287" "name": "[oss-security] 20100203 Re: CVE request - kernel: DoS on x86_64",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2010/02/04/1"
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" "name": "RHSA-2010:0771",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0771.html"
"name" : "DSA-1996", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2010/dsa-1996" "name": "RHSA-2010:0146",
}, "refsource": "REDHAT",
{ "url": "https://rhn.redhat.com/errata/RHSA-2010-0146.html"
"name" : "FEDORA-2010-1787", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html" "name": "38779",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38779"
"name" : "MDVSA-2010:066", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:066" "name": "39649",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/39649"
"name" : "RHSA-2010:0146", },
"refsource" : "REDHAT", {
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0146.html" "name": "SUSE-SA:2010:014",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html"
"name" : "RHSA-2010:0398", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0398.html" "name": "38922",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38922"
"name" : "RHSA-2010:0771", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0771.html" "name": "http://marc.info/?t=126466700200002&r=1&w=2",
}, "refsource": "CONFIRM",
{ "url": "http://marc.info/?t=126466700200002&r=1&w=2"
"name" : "SUSE-SA:2010:014", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html" "name": "DSA-1996",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2010/dsa-1996"
"name" : "USN-914-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-914-1" "name": "http://www.globalsecuritymag.com/Vigil-nce-Linux-kernel-denial-of,20100202,15754.html",
}, "refsource": "MISC",
{ "url": "http://www.globalsecuritymag.com/Vigil-nce-Linux-kernel-denial-of,20100202,15754.html"
"name" : "38027", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/38027" "name": "FEDORA-2010-1787",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html"
"name" : "oval:org.mitre.oval:def:10870", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10870" "name": "43315",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43315"
"name" : "38492", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38492" "name": "[linux-mm] 20100128 DoS on x86_64",
}, "refsource": "MLIST",
{ "url": "http://marc.info/?l=linux-mm&m=126466407724382&w=2"
"name" : "38922", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38922" "name": "MDVSA-2010:066",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:066"
"name" : "39649", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39649" "name": "RHSA-2010:0398",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0398.html"
"name" : "38779", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38779" "name": "[oss-security] 20100204 Re: CVE request - kernel: DoS on x86_64",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2010/02/04/9"
"name" : "43315", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43315" "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
"name" : "ADV-2010-0638", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0638" "name": "[oss-security] 20100201 CVE request - kernel: DoS on x86_64",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2010/02/01/1"
} },
{
"name": "http://support.avaya.com/css/P8/documents/100088287",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100088287"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "38027",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38027"
},
{
"name": "38492",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38492"
}
]
}
} }

148
2010/0xxx/CVE-2010-0329.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-0329", "ID": "CVE-2010-0329",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the powermail extension 1.5.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the \"SQL selection field\" and \"typoscript.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://typo3.org/extensions/repository/view/powermail/1.5.2/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://typo3.org/extensions/repository/view/powermail/1.5.2/" "lang": "eng",
}, "value": "SQL injection vulnerability in the powermail extension 1.5.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the \"SQL selection field\" and \"typoscript.\""
{ }
"name" : "http://typo3.org/extensions/repository/view/powermail/1.5.2/info/changelog.txt/", ]
"refsource" : "CONFIRM", },
"url" : "http://typo3.org/extensions/repository/view/powermail/1.5.2/info/changelog.txt/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "38167", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/38167" ]
} },
] "references": {
} "reference_data": [
{
"name": "38167",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38167"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"name": "http://typo3.org/extensions/repository/view/powermail/1.5.2/info/changelog.txt/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/powermail/1.5.2/info/changelog.txt/"
},
{
"name": "http://typo3.org/extensions/repository/view/powermail/1.5.2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/powermail/1.5.2/"
}
]
}
} }

158
2010/1xxx/CVE-2010-1306.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-1306", "ID": "CVE-2010-1306",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/1004-exploits/joomlapicasa-lfi.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/1004-exploits/joomlapicasa-lfi.txt" "lang": "eng",
}, "value": "Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information."
{ }
"name" : "12058", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/12058" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "39200", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/39200" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "39338", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/39338" ]
}, },
{ "references": {
"name" : "picasa-controller-file-include(57508)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57508" "name": "picasa-controller-file-include(57508)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57508"
} },
{
"name": "39200",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39200"
},
{
"name": "http://packetstormsecurity.org/1004-exploits/joomlapicasa-lfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1004-exploits/joomlapicasa-lfi.txt"
},
{
"name": "12058",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12058"
},
{
"name": "39338",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39338"
}
]
}
} }

268
2010/1xxx/CVE-2010-1781.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2010-1781", "ID": "CVE-2010-1781",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an inline element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT4334", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4334" "lang": "eng",
}, "value": "Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an inline element."
{ }
"name" : "http://support.apple.com/kb/HT4456", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT4456" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2010-09-08-1", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2010-11-22-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" ]
}, },
{ "references": {
"name" : "MDVSA-2011:039", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" "name": "MDVSA-2011:039",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
"name" : "SUSE-SR:2010:018", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html" "name": "ADV-2010-2722",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/2722"
"name" : "SUSE-SR:2011:002", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" "name": "appleios-inline-elements-code-exec(61698)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61698"
"name" : "USN-1006-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1006-1" "name": "43068",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43068"
"name" : "43077", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/43077" "name": "APPLE-SA-2010-09-08-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
"name" : "41856", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41856" "name": "43077",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/43077"
"name" : "42314", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42314" "name": "http://support.apple.com/kb/HT4334",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4334"
"name" : "43068", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43068" "name": "USN-1006-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1006-1"
"name" : "ADV-2010-2722", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2722" "name": "41856",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/41856"
"name" : "ADV-2011-0212", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0212" "name": "ADV-2011-0212",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0212"
"name" : "ADV-2011-0552", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0552" "name": "SUSE-SR:2011:002",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
"name" : "appleios-inline-elements-code-exec(61698)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61698" "name": "42314",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/42314"
} },
{
"name": "ADV-2011-0552",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"name": "http://support.apple.com/kb/HT4456",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "SUSE-SR:2010:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
},
{
"name": "APPLE-SA-2010-11-22-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
]
}
} }

138
2010/1xxx/CVE-2010-1895.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2010-1895", "ID": "CVE-2010-1895",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka \"Win32k Pool Overflow Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS10-048", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-048" "lang": "eng",
}, "value": "The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka \"Win32k Pool Overflow Vulnerability.\""
{ }
"name" : "TA10-222A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:11844", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11844" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "TA10-222A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"name": "oval:org.mitre.oval:def:11844",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11844"
},
{
"name": "MS10-048",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-048"
}
]
}
} }

128
2010/1xxx/CVE-2010-1949.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-1949", "ID": "CVE-2010-1949",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "12305", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/12305" "lang": "eng",
}, "value": "SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. NOTE: some of these details are obtained from third party information."
{ }
"name" : "39536", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/39536" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39536",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39536"
},
{
"name": "12305",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12305"
}
]
}
} }

128
2014/0xxx/CVE-2014-0078.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-0078", "ID": "CVE-2014-0078",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1064556", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1064556" "lang": "eng",
}, "value": "The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID."
{ }
"name" : "RHSA-2014:0469", ]
"refsource" : "REDHAT", },
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0469.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:0469",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0469.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1064556",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064556"
}
]
}
} }

278
2014/0xxx/CVE-2014-0139.json
View File

@ -1,142 +1,142 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-0139", "ID": "CVE-2014-0139",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://curl.haxx.se/docs/adv_20140326B.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://curl.haxx.se/docs/adv_20140326B.html" "lang": "eng",
}, "value": "cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority."
{ }
"name" : "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/", ]
"refsource" : "CONFIRM", },
"url" : "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/", ]
"refsource" : "CONFIRM", }
"url" : "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/" ]
}, },
{ "references": {
"name" : "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095862", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095862" "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095862",
}, "refsource": "CONFIRM",
{ "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095862"
"name" : "http://advisories.mageia.org/MGASA-2015-0165.html", },
"refsource" : "CONFIRM", {
"url" : "http://advisories.mageia.org/MGASA-2015-0165.html" "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" "name": "MDVSA-2015:213",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:213"
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675820", },
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675820" "name": "57836",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/57836"
"name" : "DSA-2902", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2014/dsa-2902" "name": "http://curl.haxx.se/docs/adv_20140326B.html",
}, "refsource": "CONFIRM",
{ "url": "http://curl.haxx.se/docs/adv_20140326B.html"
"name" : "MDVSA-2015:213", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:213" "name": "DSA-2902",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2014/dsa-2902"
"name" : "openSUSE-SU-2014:0530", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2014-04/msg00042.html" "name": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/",
}, "refsource": "CONFIRM",
{ "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
"name" : "USN-2167-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2167-1" "name": "59458",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/59458"
"name" : "57836", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/57836" "name": "openSUSE-SU-2014:0530",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00042.html"
"name" : "57966", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/57966" "name": "http://advisories.mageia.org/MGASA-2015-0165.html",
}, "refsource": "CONFIRM",
{ "url": "http://advisories.mageia.org/MGASA-2015-0165.html"
"name" : "57968", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/57968" "name": "58615",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/58615"
"name" : "59458", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/59458" "name": "57968",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/57968"
"name" : "58615", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/58615" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675820",
} "refsource": "CONFIRM",
] "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675820"
} },
{
"name": "USN-2167-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2167-1"
},
{
"name": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/",
"refsource": "CONFIRM",
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
},
{
"name": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/",
"refsource": "CONFIRM",
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
},
{
"name": "57966",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57966"
}
]
}
} }

128
2014/0xxx/CVE-2014-0344.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-0344", "ID": "CVE-2014-0344",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#140886", "description_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/140886" "lang": "eng",
}, "value": "Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter."
{ }
"name" : "66499", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/66499" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "66499",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66499"
},
{
"name": "VU#140886",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/140886"
}
]
}
} }

178
2014/0xxx/CVE-2014-0670.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2014-0670", "ID": "CVE-2014-0670",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Search and Play interface in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum16686."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32514", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32514" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Search and Play interface in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum16686."
{ }
"name" : "20140121 Cisco MediaSense Search and Play Cross-Site Scripting Vulnerability", ]
"refsource" : "CISCO", },
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0670" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "65053", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/65053" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "102319", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/102319" ]
}, },
{ "references": {
"name" : "1029667", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1029667" "name": "1029667",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1029667"
"name" : "56563", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56563" "name": "56563",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/56563"
"name" : "cisco-mediasense-cve20140670-xss(90615)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90615" "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32514",
} "refsource": "CONFIRM",
] "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32514"
} },
{
"name": "20140121 Cisco MediaSense Search and Play Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0670"
},
{
"name": "102319",
"refsource": "OSVDB",
"url": "http://osvdb.org/102319"
},
{
"name": "65053",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65053"
},
{
"name": "cisco-mediasense-cve20140670-xss(90615)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90615"
}
]
}
} }

128
2014/0xxx/CVE-2014-0948.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2014-0948", "ID": "CVE-2014-0948",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21678323", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21678323" "lang": "eng",
}, "value": "Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive."
{ }
"name" : "ibm-rsadm-cve20140948-zip(92621)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92621" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678323",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678323"
},
{
"name": "ibm-rsadm-cve20140948-zip(92621)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92621"
}
]
}
} }

148
2014/1xxx/CVE-2014-1269.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2014-1269", "ID": "CVE-2014-1269",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1270."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT6145", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT6145" "lang": "eng",
}, "value": "WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1270."
{ }
"name" : "http://support.apple.com/kb/HT6162", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT6162" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT6163", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT6163" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://support.apple.com/kb/HT6537", ]
"refsource" : "CONFIRM", }
"url" : "https://support.apple.com/kb/HT6537" ]
} },
] "references": {
} "reference_data": [
{
"name": "http://support.apple.com/kb/HT6145",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6145"
},
{
"name": "http://support.apple.com/kb/HT6163",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6163"
},
{
"name": "https://support.apple.com/kb/HT6537",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT6537"
},
{
"name": "http://support.apple.com/kb/HT6162",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6162"
}
]
}
} }

438
2014/1xxx/CVE-2014-1487.json
View File

@ -1,222 +1,222 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2014-1487", "ID": "CVE-2014-1487",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-09.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-09.html" "lang": "eng",
}, "value": "The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=947592", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=947592" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://8pecxstudios.com/?page_id=44080", "description": [
"refsource" : "CONFIRM", {
"url" : "https://8pecxstudios.com/?page_id=44080" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" ]
}, },
{ "references": {
"name" : "http://download.novell.com/Download?buildid=VYQsgaFpQ2k", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://download.novell.com/Download?buildid=VYQsgaFpQ2k" "name": "USN-2119-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2119-1"
"name" : "http://download.novell.com/Download?buildid=Y2fux-JW1Qc", },
"refsource" : "CONFIRM", {
"url" : "http://download.novell.com/Download?buildid=Y2fux-JW1Qc" "name": "http://download.novell.com/Download?buildid=Y2fux-JW1Qc",
}, "refsource": "CONFIRM",
{ "url": "http://download.novell.com/Download?buildid=Y2fux-JW1Qc"
"name" : "DSA-2858", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2014/dsa-2858" "name": "1029721",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1029721"
"name" : "FEDORA-2014-2041", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" "name": "openSUSE-SU-2014:0212",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html"
"name" : "FEDORA-2014-2083", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=947592",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=947592"
"name" : "GLSA-201504-01", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201504-01" "name": "1029717",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1029717"
"name" : "RHSA-2014:0132", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0132.html" "name": "65330",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/65330"
"name" : "RHSA-2014:0133", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0133.html" "name": "mozilla-cve20141487-info-disc(90889)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90889"
"name" : "SUSE-SU-2014:0248", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" "name": "https://8pecxstudios.com/?page_id=44080",
}, "refsource": "CONFIRM",
{ "url": "https://8pecxstudios.com/?page_id=44080"
"name" : "openSUSE-SU-2014:0212", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" "name": "RHSA-2014:0132",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2014-0132.html"
"name" : "openSUSE-SU-2014:0213", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" "name": "56922",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/56922"
"name" : "openSUSE-SU-2014:0419", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" "name": "56787",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/56787"
"name" : "USN-2102-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2102-1" "name": "1029720",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1029720"
"name" : "USN-2102-2", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2102-2" "name": "56858",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/56858"
"name" : "USN-2119-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2119-1" "name": "DSA-2858",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2014/dsa-2858"
"name" : "65330", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/65330" "name": "56763",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/56763"
"name" : "102873", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/102873" "name": "USN-2102-2",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2102-2"
"name" : "1029717", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1029717" "name": "102873",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/102873"
"name" : "1029720", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1029720" "name": "RHSA-2014:0133",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2014-0133.html"
"name" : "1029721", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1029721" "name": "GLSA-201504-01",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201504-01"
"name" : "56706", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56706" "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
"name" : "56761", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56761" "name": "http://download.novell.com/Download?buildid=VYQsgaFpQ2k",
}, "refsource": "CONFIRM",
{ "url": "http://download.novell.com/Download?buildid=VYQsgaFpQ2k"
"name" : "56763", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56763" "name": "56888",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/56888"
"name" : "56767", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56767" "name": "FEDORA-2014-2083",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html"
"name" : "56787", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56787" "name": "openSUSE-SU-2014:0419",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html"
"name" : "56858", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56858" "name": "56761",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/56761"
"name" : "56888", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56888" "name": "FEDORA-2014-2041",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html"
"name" : "56922", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56922" "name": "SUSE-SU-2014:0248",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html"
"name" : "mozilla-cve20141487-info-disc(90889)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90889" "name": "openSUSE-SU-2014:0213",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html"
} },
{
"name": "USN-2102-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2102-1"
},
{
"name": "56767",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56767"
},
{
"name": "56706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56706"
},
{
"name": "http://www.mozilla.org/security/announce/2014/mfsa2014-09.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-09.html"
}
]
}
} }

158
2014/1xxx/CVE-2014-1762.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2014-1762", "ID": "CVE-2014-1762",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism via unknown vectors, as demonstrated by ZDI during a Pwn4Fun competition at CanSecWest 2014."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://twitter.com/thezdi/statuses/443810610958958592", "description_data": [
"refsource" : "MISC", {
"url" : "http://twitter.com/thezdi/statuses/443810610958958592" "lang": "eng",
}, "value": "Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism via unknown vectors, as demonstrated by ZDI during a Pwn4Fun competition at CanSecWest 2014."
{ }
"name" : "http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/", ]
"refsource" : "MISC", },
"url" : "http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MS14-035", "description": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "67511", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/67511" ]
}, },
{ "references": {
"name" : "1030370", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1030370" "name": "67511",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/67511"
} },
{
"name": "1030370",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030370"
},
{
"name": "http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/",
"refsource": "MISC",
"url": "http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/"
},
{
"name": "MS14-035",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035"
},
{
"name": "http://twitter.com/thezdi/statuses/443810610958958592",
"refsource": "MISC",
"url": "http://twitter.com/thezdi/statuses/443810610958958592"
}
]
}
} }

32
2014/1xxx/CVE-2014-1923.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-1923", "ID": "CVE-2014-1923",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

158
2014/4xxx/CVE-2014-4075.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2014-4075", "ID": "CVE-2014-4075",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted web page, aka \"MVC XSS Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted web page, aka \"MVC XSS Vulnerability.\""
{ }
"name" : "MS14-059", ]
"refsource" : "MS", },
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-059" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "70352", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/70352" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1031023", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1031023" ]
}, },
{ "references": {
"name" : "60971", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/60971" "name": "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx",
} "refsource": "CONFIRM",
] "url": "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx"
} },
{
"name": "60971",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60971"
},
{
"name": "1031023",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031023"
},
{
"name": "MS14-059",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-059"
},
{
"name": "70352",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70352"
}
]
}
} }

128
2014/4xxx/CVE-2014-4547.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-4547", "ID": "CVE-2014-4547",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in templates/default/index_ajax.php in the Rezgo Online Booking plugin before 1.8.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) tags or (2) search_for parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://codevigilant.com/disclosure/wp-plugin-rezgo-online-booking-a3-cross-site-scripting-xss", "description_data": [
"refsource" : "MISC", {
"url" : "http://codevigilant.com/disclosure/wp-plugin-rezgo-online-booking-a3-cross-site-scripting-xss" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in templates/default/index_ajax.php in the Rezgo Online Booking plugin before 1.8.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) tags or (2) search_for parameter."
{ }
"name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=848542%40rezgo-online-booking&old=748531%40rezgo-online-booking&sfp_email=&sfph_mail=#file500", ]
"refsource" : "MISC", },
"url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=848542%40rezgo-online-booking&old=748531%40rezgo-online-booking&sfp_email=&sfph_mail=#file500" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=848542%40rezgo-online-booking&old=748531%40rezgo-online-booking&sfp_email=&sfph_mail=#file500",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=848542%40rezgo-online-booking&old=748531%40rezgo-online-booking&sfp_email=&sfph_mail=#file500"
},
{
"name": "http://codevigilant.com/disclosure/wp-plugin-rezgo-online-booking-a3-cross-site-scripting-xss",
"refsource": "MISC",
"url": "http://codevigilant.com/disclosure/wp-plugin-rezgo-online-booking-a3-cross-site-scripting-xss"
}
]
}
} }

32
2014/4xxx/CVE-2014-4550.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-4550", "ID": "CVE-2014-4550",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2014/4xxx/CVE-2014-4582.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-4582", "ID": "CVE-2014-4582",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in admin/admin_show_dialogs.php in the WP Consultant plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the dialog_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://codevigilant.com/disclosure/wp-plugin-wp-consultant-a3-cross-site-scripting-xss", "description_data": [
"refsource" : "MISC", {
"url" : "http://codevigilant.com/disclosure/wp-plugin-wp-consultant-a3-cross-site-scripting-xss" "lang": "eng",
} "value": "Cross-site scripting (XSS) vulnerability in admin/admin_show_dialogs.php in the WP Consultant plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the dialog_id parameter."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://codevigilant.com/disclosure/wp-plugin-wp-consultant-a3-cross-site-scripting-xss",
"refsource": "MISC",
"url": "http://codevigilant.com/disclosure/wp-plugin-wp-consultant-a3-cross-site-scripting-xss"
}
]
}
} }

268
2014/4xxx/CVE-2014-4909.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-4909", "ID": "CVE-2014-4909",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20140710 CVE request: transmission peer communication vulnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2014/07/10/4" "lang": "eng",
}, "value": "Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write."
{ }
"name" : "[oss-security] 20140711 Re: CVE request: transmission peer communication vulnerability", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2014/07/11/5" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://inertiawar.com/submission.go", "description": [
"refsource" : "MISC", {
"url" : "http://inertiawar.com/submission.go" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://twitter.com/benhawkes/statuses/484378151959539712", ]
"refsource" : "MISC", }
"url" : "https://twitter.com/benhawkes/statuses/484378151959539712" ]
}, },
{ "references": {
"name" : "https://bugs.gentoo.org/show_bug.cgi?id=516822", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.gentoo.org/show_bug.cgi?id=516822" "name": "FEDORA-2014-8331",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135539.html"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1118290", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1118290" "name": "https://trac.transmissionbt.com/wiki/Changes#version-2.84",
}, "refsource": "CONFIRM",
{ "url": "https://trac.transmissionbt.com/wiki/Changes#version-2.84"
"name" : "https://trac.transmissionbt.com/wiki/Changes#version-2.84", },
"refsource" : "CONFIRM", {
"url" : "https://trac.transmissionbt.com/wiki/Changes#version-2.84" "name": "[oss-security] 20140710 CVE request: transmission peer communication vulnerability",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2014/07/10/4"
"name" : "DSA-2988", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2014/dsa-2988" "name": "68487",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/68487"
"name" : "FEDORA-2014-8331", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135539.html" "name": "https://bugs.gentoo.org/show_bug.cgi?id=516822",
}, "refsource": "CONFIRM",
{ "url": "https://bugs.gentoo.org/show_bug.cgi?id=516822"
"name" : "openSUSE-SU-2014:0980", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2014-08/msg00011.html" "name": "[oss-security] 20140711 Re: CVE request: transmission peer communication vulnerability",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2014/07/11/5"
"name" : "USN-2279-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2279-1" "name": "60108",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/60108"
"name" : "68487", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/68487" "name": "60527",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/60527"
"name" : "108997", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/108997" "name": "59897",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/59897"
"name" : "59897", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/59897" "name": "DSA-2988",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2014/dsa-2988"
"name" : "60108", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/60108" "name": "http://inertiawar.com/submission.go",
}, "refsource": "MISC",
{ "url": "http://inertiawar.com/submission.go"
"name" : "60527", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/60527" "name": "USN-2279-1",
} "refsource": "UBUNTU",
] "url": "http://www.ubuntu.com/usn/USN-2279-1"
} },
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1118290",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1118290"
},
{
"name": "https://twitter.com/benhawkes/statuses/484378151959539712",
"refsource": "MISC",
"url": "https://twitter.com/benhawkes/statuses/484378151959539712"
},
{
"name": "openSUSE-SU-2014:0980",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00011.html"
},
{
"name": "108997",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/108997"
}
]
}
} }

138
2014/5xxx/CVE-2014-5901.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-5901", "ID": "CVE-2014-5901",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Beauty Bible - App for Girls (aka com.my.beauty.bible) application 5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Beauty Bible - App for Girls (aka com.my.beauty.bible) application 5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#433425", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/433425" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#433425",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/433425"
}
]
}
} }

138
2014/5xxx/CVE-2014-5924.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-5924", "ID": "CVE-2014-5924",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Monster Makeup (aka com.bearhugmedia.android_monster) application 1.0.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Monster Makeup (aka com.bearhugmedia.android_monster) application 1.0.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#582497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/582497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#775569", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/775569" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#775569",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/775569"
}
]
}
} }

188
2016/10xxx/CVE-2016-10092.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-10092", "ID": "CVE-2016-10092",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20170101 Re: Re: libtiff: multiple heap-based buffer overflow", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2017/01/01/12" "lang": "eng",
}, "value": "Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image."
{ }
"name" : "[oss-security] 20170101 Re: libtiff: multiple heap-based buffer overflow", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2017/01/01/10" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/", "description": [
"refsource" : "MISC", {
"url" : "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2620", ]
"refsource" : "CONFIRM", }
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2620" ]
}, },
{ "references": {
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2622", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2622" "name": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/",
}, "refsource": "MISC",
{ "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/"
"name" : "https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a", },
"refsource" : "CONFIRM", {
"url" : "https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a" "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2620",
}, "refsource": "CONFIRM",
{ "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2620"
"name" : "DSA-3762", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3762" "name": "[oss-security] 20170101 Re: Re: libtiff: multiple heap-based buffer overflow",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2017/01/01/12"
"name" : "95218", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/95218" "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2622",
} "refsource": "CONFIRM",
] "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2622"
} },
{
"name": "95218",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95218"
},
{
"name": "[oss-security] 20170101 Re: libtiff: multiple heap-based buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/01/10"
},
{
"name": "DSA-3762",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3762"
},
{
"name": "https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a",
"refsource": "CONFIRM",
"url": "https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a"
}
]
}
} }

32
2016/10xxx/CVE-2016-10245.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-10245", "ID": "CVE-2016-10245",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2016/10xxx/CVE-2016-10690.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00", "DATE_PUBLIC": "2018-04-26T00:00:00",
"ID" : "CVE-2016-10690", "ID": "CVE-2016-10690",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "openframe-ascii-image node module", "product_name": "openframe-ascii-image node module",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Missing Encryption of Sensitive Data (CWE-311)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://nodesecurity.io/advisories/298", "description_data": [
"refsource" : "MISC", {
"url" : "https://nodesecurity.io/advisories/298" "lang": "eng",
} "value": "openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Encryption of Sensitive Data (CWE-311)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/298",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/298"
}
]
}
} }

158
2016/10xxx/CVE-2016-10717.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-10717", "ID": "CVE-2016-10717",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.securitytube.net/video/16690", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.securitytube.net/video/16690" "lang": "eng",
}, "value": "A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP."
{ }
"name" : "https://forums.malwarebytes.com/topic/158251-malwarebytes-hall-of-fame/", ]
"refsource" : "MISC", },
"url" : "https://forums.malwarebytes.com/topic/158251-malwarebytes-hall-of-fame/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/mspaling/mbam-exclusions-poc-", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/mspaling/mbam-exclusions-poc-" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/mspaling/mbam-exclusions-poc-/blob/master/mbam-whitelist-poc.txt", ]
"refsource" : "MISC", }
"url" : "https://github.com/mspaling/mbam-exclusions-poc-/blob/master/mbam-whitelist-poc.txt" ]
}, },
{ "references": {
"name" : "https://www.youtube.com/watch?v=LF5ic5nOoUY", "reference_data": [
"refsource" : "MISC", {
"url" : "https://www.youtube.com/watch?v=LF5ic5nOoUY" "name": "https://www.youtube.com/watch?v=LF5ic5nOoUY",
} "refsource": "MISC",
] "url": "https://www.youtube.com/watch?v=LF5ic5nOoUY"
} },
{
"name": "http://www.securitytube.net/video/16690",
"refsource": "MISC",
"url": "http://www.securitytube.net/video/16690"
},
{
"name": "https://github.com/mspaling/mbam-exclusions-poc-/blob/master/mbam-whitelist-poc.txt",
"refsource": "MISC",
"url": "https://github.com/mspaling/mbam-exclusions-poc-/blob/master/mbam-whitelist-poc.txt"
},
{
"name": "https://github.com/mspaling/mbam-exclusions-poc-",
"refsource": "MISC",
"url": "https://github.com/mspaling/mbam-exclusions-poc-"
},
{
"name": "https://forums.malwarebytes.com/topic/158251-malwarebytes-hall-of-fame/",
"refsource": "MISC",
"url": "https://forums.malwarebytes.com/topic/158251-malwarebytes-hall-of-fame/"
}
]
}
} }

218
2016/3xxx/CVE-2016-3022.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2016-3022", "ID": "CVE-2016-3022",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Access Manager", "product_name": "Access Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.0" "version_value": "9.0"
}, },
{ {
"version_value" : "9.0.0.1" "version_value": "9.0.0.1"
}, },
{ {
"version_value" : "9.0.1" "version_value": "9.0.1"
}, },
{ {
"version_value" : "7.0.0" "version_value": "7.0.0"
}, },
{ {
"version_value" : "8.0.0" "version_value": "8.0.0"
}, },
{ {
"version_value" : "8.0.0.1" "version_value": "8.0.0.1"
}, },
{ {
"version_value" : "8.0.0.2" "version_value": "8.0.0.2"
}, },
{ {
"version_value" : "8.0.0.3" "version_value": "8.0.0.3"
}, },
{ {
"version_value" : "8.0.0.4" "version_value": "8.0.0.4"
}, },
{ {
"version_value" : "8.0.0.5" "version_value": "8.0.0.5"
}, },
{ {
"version_value" : "8.0.1" "version_value": "8.0.1"
}, },
{ {
"version_value" : "8.0.1.2" "version_value": "8.0.1.2"
}, },
{ {
"version_value" : "8.0.1.3" "version_value": "8.0.1.3"
}, },
{ {
"version_value" : "8.0.1.4" "version_value": "8.0.1.4"
}, },
{ {
"version_value" : "9.0.0" "version_value": "9.0.0"
}, },
{ {
"version_value" : "9.0.1.0" "version_value": "9.0.1.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM Corporation" "vendor_name": "IBM Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21995360", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21995360" "lang": "eng",
}, "value": "IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions."
{ }
"name" : "96130", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96130" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96130",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96130"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21995360",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995360"
}
]
}
} }

148
2016/3xxx/CVE-2016-3542.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2016-3542", "ID": "CVE-2016-3542",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentiality and integrity via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentiality and integrity via unknown vectors."
{ }
"name" : "91787", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/91787" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "91873", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/91873" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1036403", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1036403" ]
} },
] "references": {
} "reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "91873",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91873"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "1036403",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036403"
}
]
}
} }

148
2016/3xxx/CVE-2016-3822.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-3822", "ID": "CVE-2016-3822",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 28868315."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://source.android.com/security/bulletin/2016-08-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://source.android.com/security/bulletin/2016-08-01.html" "lang": "eng",
}, "value": "exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 28868315."
{ }
"name" : "https://android.googlesource.com/platform/external/jhead/+/bae671597d47b9e5955c4cb742e468cebfd7ca6b", ]
"refsource" : "CONFIRM", },
"url" : "https://android.googlesource.com/platform/external/jhead/+/bae671597d47b9e5955c4cb742e468cebfd7ca6b" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-3825", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3825" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "92226", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/92226" ]
} },
] "references": {
} "reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name": "92226",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92226"
},
{
"name": "https://android.googlesource.com/platform/external/jhead/+/bae671597d47b9e5955c4cb742e468cebfd7ca6b",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/external/jhead/+/bae671597d47b9e5955c4cb742e468cebfd7ca6b"
},
{
"name": "DSA-3825",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3825"
}
]
}
} }

138
2016/3xxx/CVE-2016-3830.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-3830", "ID": "CVE-2016-3830",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device hang or reboot) via crafted ADTS data, aka internal bug 29153599."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://source.android.com/security/bulletin/2016-08-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://source.android.com/security/bulletin/2016-08-01.html" "lang": "eng",
}, "value": "codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device hang or reboot) via crafted ADTS data, aka internal bug 29153599."
{ }
"name" : "https://android.googlesource.com/platform/frameworks/av/+/8e438e153f661e9df8db0ac41d587e940352df06", ]
"refsource" : "CONFIRM", },
"url" : "https://android.googlesource.com/platform/frameworks/av/+/8e438e153f661e9df8db0ac41d587e940352df06" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "92221", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/92221" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/8e438e153f661e9df8db0ac41d587e940352df06",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/8e438e153f661e9df8db0ac41d587e940352df06"
},
{
"name": "92221",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92221"
}
]
}
} }

148
2016/7xxx/CVE-2016-7240.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2016-7240", "ID": "CVE-2016-7240",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7242, and CVE-2016-7243."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "40773", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/40773/" "lang": "eng",
}, "value": "The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7242, and CVE-2016-7243."
{ }
"name" : "MS16-129", ]
"refsource" : "MS", },
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "94046", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/94046" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1037245", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1037245" ]
} },
] "references": {
} "reference_data": [
{
"name": "MS16-129",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129"
},
{
"name": "40773",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40773/"
},
{
"name": "94046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94046"
},
{
"name": "1037245",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037245"
}
]
}
} }

32
2016/8xxx/CVE-2016-8138.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-8138", "ID": "CVE-2016-8138",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

128
2016/8xxx/CVE-2016-8461.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-8461", "ID": "CVE-2016-8461",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android Kernel-3.18", "product_name": "Android Kernel-3.18",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android Kernel-3.18" "version_value": "Android Kernel-3.18"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. This issue is rated as High because it could be used to access sensitive data. Product: Android. Versions: Kernel-3.18. Android ID: A-32369621."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-01-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-01-01.html" "lang": "eng",
}, "value": "An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. This issue is rated as High because it could be used to access sensitive data. Product: Android. Versions: Kernel-3.18. Android ID: A-32369621."
{ }
"name" : "95237", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95237" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-01-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-01-01.html"
},
{
"name": "95237",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95237"
}
]
}
} }

32
2016/8xxx/CVE-2016-8985.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-8985", "ID": "CVE-2016-8985",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

148
2016/9xxx/CVE-2016-9019.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-9019", "ID": "CVE-2016-9019",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20161102 Disclose [10 * cve] in Exponent CMS", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2016/Nov/12" "lang": "eng",
}, "value": "SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter."
{ }
"name" : "http://forums.exponentcms.org/index.php?p=/discussion/comment/1591#Comment_1591", ]
"refsource" : "MISC", },
"url" : "http://forums.exponentcms.org/index.php?p=/discussion/comment/1591#Comment_1591" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://packetstormsecurity.com/files/139484/Exponent-CMS-2.3.9-SQL-Injection.html", "description": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/139484/Exponent-CMS-2.3.9-SQL-Injection.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "97240", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/97240" ]
} },
] "references": {
} "reference_data": [
{
"name": "http://packetstormsecurity.com/files/139484/Exponent-CMS-2.3.9-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/139484/Exponent-CMS-2.3.9-SQL-Injection.html"
},
{
"name": "20161102 Disclose [10 * cve] in Exponent CMS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Nov/12"
},
{
"name": "97240",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97240"
},
{
"name": "http://forums.exponentcms.org/index.php?p=/discussion/comment/1591#Comment_1591",
"refsource": "MISC",
"url": "http://forums.exponentcms.org/index.php?p=/discussion/comment/1591#Comment_1591"
}
]
}
} }

150
2016/9xxx/CVE-2016-9072.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@mozilla.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2016-9072", "ID": "CVE-2016-9072",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Firefox", "product_name": "Firefox",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "50" "version_value": "50"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Mozilla" "vendor_name": "Mozilla"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected. This vulnerability affects Firefox < 50."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "64-bit NPAPI sandbox isn't enabled on fresh profile"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1300083", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1300083" "lang": "eng",
}, "value": "When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected. This vulnerability affects Firefox < 50."
{ }
"name" : "https://www.mozilla.org/security/advisories/mfsa2016-89/", ]
"refsource" : "CONFIRM", },
"url" : "https://www.mozilla.org/security/advisories/mfsa2016-89/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "94337", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/94337" "lang": "eng",
}, "value": "64-bit NPAPI sandbox isn't enabled on fresh profile"
{ }
"name" : "1037298", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1037298" ]
} },
] "references": {
} "reference_data": [
{
"name": "94337",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94337"
},
{
"name": "1037298",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037298"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1300083",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1300083"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-89/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
}
]
}
} }

138
2016/9xxx/CVE-2016-9201.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2016-9201", "ID": "CVE-2016-9201",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco IOS and Cisco IOS XE", "product_name": "Cisco IOS and Cisco IOS XE",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco IOS and Cisco IOS XE" "version_value": "Cisco IOS and Cisco IOS XE"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traffic that should otherwise have been dropped based on the configuration. More Information: CSCuz21015. Known Affected Releases: 15.3(3)M3. Known Fixed Releases: 15.6(2)T0.1 15.6(2.0.1a)T0 15.6(2.19)T 15.6(3)M."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unspecified"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-zbf", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-zbf" "lang": "eng",
}, "value": "A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traffic that should otherwise have been dropped based on the configuration. More Information: CSCuz21015. Known Affected Releases: 15.3(3)M3. Known Fixed Releases: 15.6(2)T0.1 15.6(2.0.1a)T0 15.6(2.19)T 15.6(3)M."
{ }
"name" : "94811", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/94811" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037419", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037419" "lang": "eng",
} "value": "unspecified"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "94811",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94811"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-zbf",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-zbf"
},
{
"name": "1037419",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037419"
}
]
}
} }

32
2016/9xxx/CVE-2016-9230.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-9230", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-9230",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

32
2016/9xxx/CVE-2016-9241.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-9241", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-9241",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

32
2019/2xxx/CVE-2019-2085.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2085", "ID": "CVE-2019-2085",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2019/2xxx/CVE-2019-2164.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2164", "ID": "CVE-2019-2164",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2019/2xxx/CVE-2019-2258.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2258", "ID": "CVE-2019-2258",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2019/2xxx/CVE-2019-2936.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2936", "ID": "CVE-2019-2936",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2019/6xxx/CVE-2019-6297.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-6297", "ID": "CVE-2019-6297",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2019/6xxx/CVE-2019-6903.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-6903", "ID": "CVE-2019-6903",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }