admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:37:58 +00:00
parent 23611ba7ba
commit d985542f2b
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
48 changed files with 3509 additions and 3509 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
2006/0xxx/CVE-2006-0164.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0164", "ID": "CVE-2006-0164",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "phgstats.inc.php in phgstats before 0.5.1, if register_globals is enabled, allows remote attackers to include arbitrary files and execute arbitrary PHP code by modifying the PHGDIR variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sourceforge.net/project/shownotes.php?release_id=384232", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=384232" "lang": "eng",
}, "value": "phgstats.inc.php in phgstats before 0.5.1, if register_globals is enabled, allows remote attackers to include arbitrary files and execute arbitrary PHP code by modifying the PHGDIR variable."
{ }
"name" : "17469", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/17469" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-0123", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0123" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "22302", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/22302" ]
}, },
{ "references": {
"name" : "18346", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18346" "name": "http://sourceforge.net/project/shownotes.php?release_id=384232",
}, "refsource": "CONFIRM",
{ "url": "http://sourceforge.net/project/shownotes.php?release_id=384232"
"name" : "phgstats-php-file-include(24062)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24062" "name": "22302",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/22302"
} },
} {
"name": "ADV-2006-0123",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0123"
},
{
"name": "phgstats-php-file-include(24062)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24062"
},
{
"name": "17469",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17469"
},
{
"name": "18346",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18346"
}
]
}
}

160
2006/0xxx/CVE-2006-0572.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0572", "ID": "CVE-2006-0572",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "phpstatus 1.0 does not require passwords when using cookies to identify a user, which allows remote attackers to bypass authentication."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060212 [eVuln] phpstatus Authentication Bypass", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/424842/100/0/threaded" "lang": "eng",
}, "value": "phpstatus 1.0 does not require passwords when using cookies to identify a user, which allows remote attackers to bypass authentication."
{ }
"name" : "http://evuln.com/vulns/61/summary.html", ]
"refsource" : "MISC", },
"url" : "http://evuln.com/vulns/61/summary.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16587", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16587" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "18791", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/18791" ]
}, },
{ "references": {
"name" : "427", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/427" "name": "http://evuln.com/vulns/61/summary.html",
} "refsource": "MISC",
] "url": "http://evuln.com/vulns/61/summary.html"
} },
} {
"name": "18791",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18791"
},
{
"name": "16587",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16587"
},
{
"name": "427",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/427"
},
{
"name": "20060212 [eVuln] phpstatus Authentication Bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424842/100/0/threaded"
}
]
}
}

140
2006/0xxx/CVE-2006-0865.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0865", "ID": "CVE-2006-0865",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PunBB 1.2.10 and earlier allows remote attackers to cause a denial of service (resource consumption) by registering many user accounts quickly."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060219 PunBB 1.2.10 Multiple DoS Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/425630/100/0/threaded" "lang": "eng",
}, "value": "PunBB 1.2.10 and earlier allows remote attackers to cause a denial of service (resource consumption) by registering many user accounts quickly."
{ }
"name" : "http://www.neosecurityteam.net/advisories/Advisory-15.txt", ]
"refsource" : "MISC", },
"url" : "http://www.neosecurityteam.net/advisories/Advisory-15.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "punbb-register-ip-dos(24837)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24837" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20060219 PunBB 1.2.10 Multiple DoS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425630/100/0/threaded"
},
{
"name": "http://www.neosecurityteam.net/advisories/Advisory-15.txt",
"refsource": "MISC",
"url": "http://www.neosecurityteam.net/advisories/Advisory-15.txt"
},
{
"name": "punbb-register-ip-dos(24837)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24837"
}
]
}
}

280
2006/1xxx/CVE-2006-1055.json
View File

@ -1,142 +1,142 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2006-1055", "ID": "CVE-2006-1055",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The fill_write_buffer function in sysfs/file.c in Linux kernel 2.6.12 up to versions before 2.6.17-rc1 does not zero terminate a buffer when a length of PAGE_SIZE or more is requested, which might allow local users to cause a denial of service (crash) by causing an out-of-bounds read."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6e0dd741a89be35defa05bd79f4211c5a2762825", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6e0dd741a89be35defa05bd79f4211c5a2762825" "lang": "eng",
}, "value": "The fill_write_buffer function in sysfs/file.c in Linux kernel 2.6.12 up to versions before 2.6.17-rc1 does not zero terminate a buffer when a length of PAGE_SIZE or more is requested, which might allow local users to cause a denial of service (crash) by causing an out-of-bounds read."
{ }
"name" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=6e0dd741a89be35defa05bd79f4211c5a2762825;hp=597a7679dd83691be2f3a53e1f3f915b4a7f6eba", ]
"refsource" : "CONFIRM", },
"url" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=6e0dd741a89be35defa05bd79f4211c5a2762825;hp=597a7679dd83691be2f3a53e1f3f915b4a7f6eba" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2006-423", "description": [
"refsource" : "FEDORA", {
"url" : "http://lwn.net/Alerts/180820/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SUSE-SA:2006:028", ]
"refsource" : "SUSE", }
"url" : "http://www.novell.com/linux/security/advisories/2006-05-31.html" ]
}, },
{ "references": {
"name" : "2006-0020", "reference_data": [
"refsource" : "TRUSTIX", {
"url" : "http://www.trustix.org/errata/2006/0020" "name": "17402",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/17402"
"name" : "USN-281-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/281-1/" "name": "19735",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19735"
"name" : "USN-302-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-302-1" "name": "20716",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20716"
"name" : "17402", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17402" "name": "USN-281-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/281-1/"
"name" : "ADV-2006-1273", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1273" "name": "FEDORA-2006-423",
}, "refsource": "FEDORA",
{ "url": "http://lwn.net/Alerts/180820/"
"name" : "ADV-2006-1475", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1475" "name": "19495",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19495"
"name" : "24443", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/24443" "name": "USN-302-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-302-1"
"name" : "19495", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19495" "name": "SUSE-SA:2006:028",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2006-05-31.html"
"name" : "19955", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19955" "name": "19955",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19955"
"name" : "20716", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20716" "name": "ADV-2006-1475",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/1475"
"name" : "20398", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20398" "name": "ADV-2006-1273",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/1273"
"name" : "19735", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19735" "name": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6e0dd741a89be35defa05bd79f4211c5a2762825",
}, "refsource": "CONFIRM",
{ "url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6e0dd741a89be35defa05bd79f4211c5a2762825"
"name" : "linux-fillwritebuffer-dos(25693)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25693" "name": "20398",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/20398"
} },
} {
"name": "24443",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24443"
},
{
"name": "2006-0020",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0020"
},
{
"name": "linux-fillwritebuffer-dos(25693)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25693"
},
{
"name": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=6e0dd741a89be35defa05bd79f4211c5a2762825;hp=597a7679dd83691be2f3a53e1f3f915b4a7f6eba",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=6e0dd741a89be35defa05bd79f4211c5a2762825;hp=597a7679dd83691be2f3a53e1f3f915b4a7f6eba"
}
]
}
}

210
2006/1xxx/CVE-2006-1256.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1256", "ID": "CVE-2006-1256",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in guestbook.php in Soren Boysen (SkullSplitter) PHP Guestbook 2.6 allows remote attackers to inject arbitrary web script or HTML via the url parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060329 [eVuln] Skull-Splitter's PHP Guestbook XSS Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/429254/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in guestbook.php in Soren Boysen (SkullSplitter) PHP Guestbook 2.6 allows remote attackers to inject arbitrary web script or HTML via the url parameter."
{ }
"name" : "20060318 Vendor ACK for Skull-Splitter Guestbook XSS", ]
"refsource" : "VIM", },
"url" : "http://attrition.org/pipermail/vim/2006-March/000613.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://evuln.com/vulns/104/summary.html", "description": [
"refsource" : "MISC", {
"url" : "http://evuln.com/vulns/104/summary.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.boysen.be/en/", ]
"refsource" : "CONFIRM", }
"url" : "http://www.boysen.be/en/" ]
}, },
{ "references": {
"name" : "17136", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17136" "name": "650",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/650"
"name" : "ADV-2006-0974", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0974" "name": "http://evuln.com/vulns/104/summary.html",
}, "refsource": "MISC",
{ "url": "http://evuln.com/vulns/104/summary.html"
"name" : "23941", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/23941" "name": "23941",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/23941"
"name" : "19268", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19268" "name": "ADV-2006-0974",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/0974"
"name" : "650", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/650" "name": "20060318 Vendor ACK for Skull-Splitter Guestbook XSS",
}, "refsource": "VIM",
{ "url": "http://attrition.org/pipermail/vim/2006-March/000613.html"
"name" : "skullsplitter-guestbook-xss(25293)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25293" "name": "http://www.boysen.be/en/",
} "refsource": "CONFIRM",
] "url": "http://www.boysen.be/en/"
} },
} {
"name": "20060329 [eVuln] Skull-Splitter's PHP Guestbook XSS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/429254/100/0/threaded"
},
{
"name": "19268",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19268"
},
{
"name": "17136",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17136"
},
{
"name": "skullsplitter-guestbook-xss(25293)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25293"
}
]
}
}

170
2006/1xxx/CVE-2006-1478.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1478", "ID": "CVE-2006-1478",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in (1) initiate.php and (2) possibly other PHP scripts in Turnkey Web Tools PHP Live Helper 1.8, and possibly later versions, allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by uploading PHP code in a gl_session cookie to users.php, which causes the code to be stored in error.log, which is then included by initiate.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060327 PHPLiveHelper 1.8 remote command execution (include) Xploit (perl)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/428976/100/0/threaded" "lang": "eng",
}, "value": "Directory traversal vulnerability in (1) initiate.php and (2) possibly other PHP scripts in Turnkey Web Tools PHP Live Helper 1.8, and possibly later versions, allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by uploading PHP code in a gl_session cookie to users.php, which causes the code to be stored in error.log, which is then included by initiate.php."
{ }
"name" : "http://www.turnkeywebtools.com/forum/showthread.php?p=10415", ]
"refsource" : "MISC", },
"url" : "http://www.turnkeywebtools.com/forum/showthread.php?p=10415" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.worlddefacers.de/Public/WD-TMPLH.txt", "description": [
"refsource" : "MISC", {
"url" : "http://www.worlddefacers.de/Public/WD-TMPLH.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "19428", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/19428" ]
}, },
{ "references": {
"name" : "641", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/641" "name": "20060327 PHPLiveHelper 1.8 remote command execution (include) Xploit (perl)",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/428976/100/0/threaded"
"name" : "phplivehelper-abspath-file-include(25489)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25489" "name": "641",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/641"
} },
} {
"name": "19428",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19428"
},
{
"name": "http://www.turnkeywebtools.com/forum/showthread.php?p=10415",
"refsource": "MISC",
"url": "http://www.turnkeywebtools.com/forum/showthread.php?p=10415"
},
{
"name": "phplivehelper-abspath-file-include(25489)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25489"
},
{
"name": "http://www.worlddefacers.de/Public/WD-TMPLH.txt",
"refsource": "MISC",
"url": "http://www.worlddefacers.de/Public/WD-TMPLH.txt"
}
]
}
}

180
2006/1xxx/CVE-2006-1499.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1499", "ID": "CVE-2006-1499",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in vCounter.php in vCounter 1.0 allows remote attackers to execute arbitrary SQL commands via the URI (_SERVER[REQUEST_URI] variable)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060407 [eVuln] vCounter - sourceworkshop SQL Injection Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/430353/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in vCounter.php in vCounter 1.0 allows remote attackers to execute arbitrary SQL commands via the URI (_SERVER[REQUEST_URI] variable)."
{ }
"name" : "http://evuln.com/vulns/108/summary.html", ]
"refsource" : "MISC", },
"url" : "http://evuln.com/vulns/108/summary.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "17302", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17302" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-1147", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/1147" ]
}, },
{ "references": {
"name" : "24234", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/24234" "name": "24234",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/24234"
"name" : "19422", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19422" "name": "19422",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19422"
"name" : "vcounter-url-sql-injection(25500)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25500" "name": "vcounter-url-sql-injection(25500)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25500"
} },
} {
"name": "http://evuln.com/vulns/108/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/108/summary.html"
},
{
"name": "ADV-2006-1147",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1147"
},
{
"name": "17302",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17302"
},
{
"name": "20060407 [eVuln] vCounter - sourceworkshop SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430353/100/0/threaded"
}
]
}
}

150
2006/1xxx/CVE-2006-1774.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1774", "ID": "CVE-2006-1774",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HP System Management Homepage (SMH) 2.1.3.132, when running on CompaqHTTPServer/9.9 on Windows, Linux, or Tru64 UNIX, and when \"Trust by Certificates\" is not enabled, allows remote attackers to bypass authentication via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060411 [SRC-Telindus advisory] - HP System Management Homepage Remote Unauthorized Access", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/430688/100/0/threaded" "lang": "eng",
}, "value": "HP System Management Homepage (SMH) 2.1.3.132, when running on CompaqHTTPServer/9.9 on Windows, Linux, or Tru64 UNIX, and when \"Trust by Certificates\" is not enabled, allows remote attackers to bypass authentication via a crafted URL."
{ }
"name" : "http://src.telindus.com/articles/hpsm_vulnerability.html", ]
"refsource" : "MISC", },
"url" : "http://src.telindus.com/articles/hpsm_vulnerability.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1015901", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015901" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "hp-smh-auth-bypass(25761)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25761" ]
} },
] "references": {
} "reference_data": [
} {
"name": "1015901",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015901"
},
{
"name": "20060411 [SRC-Telindus advisory] - HP System Management Homepage Remote Unauthorized Access",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430688/100/0/threaded"
},
{
"name": "http://src.telindus.com/articles/hpsm_vulnerability.html",
"refsource": "MISC",
"url": "http://src.telindus.com/articles/hpsm_vulnerability.html"
},
{
"name": "hp-smh-auth-bypass(25761)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25761"
}
]
}
}

160
2006/1xxx/CVE-2006-1853.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1853", "ID": "CVE-2006-1853",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier allow remote attackers or administrators to execute arbitrary SQL commands via the (1) id parameter in (a) user.php, or (2) where and (3) order parameters to (b) admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels0.blogspot.com/2006/04/modernbill-multiple-sql-inj-vuln.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels0.blogspot.com/2006/04/modernbill-multiple-sql-inj-vuln.html" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier allow remote attackers or administrators to execute arbitrary SQL commands via the (1) id parameter in (a) user.php, or (2) where and (3) order parameters to (b) admin.php."
{ }
"name" : "17596", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/17596" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-1415", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1415" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "19641", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/19641" ]
}, },
{ "references": {
"name" : "modernbill-user-sql-injection(25926)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25926" "name": "modernbill-user-sql-injection(25926)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25926"
} },
} {
"name": "17596",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17596"
},
{
"name": "ADV-2006-1415",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1415"
},
{
"name": "http://pridels0.blogspot.com/2006/04/modernbill-multiple-sql-inj-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/04/modernbill-multiple-sql-inj-vuln.html"
},
{
"name": "19641",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19641"
}
]
}
}

140
2006/4xxx/CVE-2006-4875.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4875", "ID": "CVE-2006-4875",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in modules/galleryuploadfunction.php in Jupiter CMS allows remote attackers to upload picture files, and possibly files with arbitrary extensions, to gallery/albums/public."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060915 Jupiter CMS Multiple injections", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/446064/100/0/threaded" "lang": "eng",
}, "value": "Unrestricted file upload vulnerability in modules/galleryuploadfunction.php in Jupiter CMS allows remote attackers to upload picture files, and possibly files with arbitrary extensions, to gallery/albums/public."
{ }
"name" : "20048", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/20048" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1608", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1608" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20060915 Jupiter CMS Multiple injections",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446064/100/0/threaded"
},
{
"name": "20048",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20048"
},
{
"name": "1608",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1608"
}
]
}
}

160
2006/5xxx/CVE-2006-5062.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5062", "ID": "CVE-2006-5062",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in templates/pb/language/lang_nl.php in PBLang (PBL) 4.66z and earlier allows remote attackers to execute arbitrary PHP code via a URL in the temppath parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "2428", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2428" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in templates/pb/language/lang_nl.php in PBLang (PBL) 4.66z and earlier allows remote attackers to execute arbitrary PHP code via a URL in the temppath parameter."
{ }
"name" : "20184", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/20184" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-3772", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3772" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "22121", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/22121" ]
}, },
{ "references": {
"name" : "pblang-lang-file-include(29139)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29139" "name": "2428",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/2428"
} },
} {
"name": "ADV-2006-3772",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3772"
},
{
"name": "pblang-lang-file-include(29139)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29139"
},
{
"name": "20184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20184"
},
{
"name": "22121",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22121"
}
]
}
}

220
2006/5xxx/CVE-2006-5499.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5499", "ID": "CVE-2006-5499",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061019 Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/449189/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page."
{ }
"name" : "20061019 Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities", ]
"refsource" : "FULLDISC", },
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0395.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.hardened-php.net/advisory_112006.136.html", "description": [
"refsource" : "MISC", {
"url" : "http://www.hardened-php.net/advisory_112006.136.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.s9y.org/forums/viewtopic.php?t=7356", ]
"refsource" : "CONFIRM", }
"url" : "http://www.s9y.org/forums/viewtopic.php?t=7356" ]
}, },
{ "references": {
"name" : "20627", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/20627" "name": "20061019 Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/449189/100/0/threaded"
"name" : "ADV-2006-4135", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4135" "name": "1771",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/1771"
"name" : "29893", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/29893" "name": "20627",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/20627"
"name" : "1017100", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1017100" "name": "29893",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/29893"
"name" : "22501", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22501" "name": "http://www.hardened-php.net/advisory_112006.136.html",
}, "refsource": "MISC",
{ "url": "http://www.hardened-php.net/advisory_112006.136.html"
"name" : "1771", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1771" "name": "serendipity-admin-xss(29695)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29695"
"name" : "serendipity-admin-xss(29695)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29695" "name": "22501",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/22501"
} },
} {
"name": "1017100",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017100"
},
{
"name": "20061019 Advisory 11/2006: Serendipity Weblog XSS Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0395.html"
},
{
"name": "http://www.s9y.org/forums/viewtopic.php?t=7356",
"refsource": "CONFIRM",
"url": "http://www.s9y.org/forums/viewtopic.php?t=7356"
},
{
"name": "ADV-2006-4135",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4135"
}
]
}
}

150
2006/5xxx/CVE-2006-5978.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5978", "ID": "CVE-2006-5978",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in E-Xoopport before 2.2.0 has unknown impact and attack vectors, as addressed by \"Some security fix.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sourceforge.net/project/shownotes.php?release_id=463210", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=463210" "lang": "eng",
}, "value": "Unspecified vulnerability in E-Xoopport before 2.2.0 has unknown impact and attack vectors, as addressed by \"Some security fix.\""
{ }
"name" : "21052", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/21052" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-4494", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4494" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "exoopport-multiple-unspecified(30269)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30269" ]
} },
] "references": {
} "reference_data": [
} {
"name": "21052",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21052"
},
{
"name": "ADV-2006-4494",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4494"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=463210",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=463210"
},
{
"name": "exoopport-multiple-unspecified(30269)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30269"
}
]
}
}

170
2010/0xxx/CVE-2010-0127.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID" : "CVE-2010-0127", "ID": "CVE-2010-0127",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100512 Secunia Research: Adobe Shockwave Player 3D Parsing Memory Corruption", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/511260/100/0/threaded" "lang": "eng",
}, "value": "Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file."
{ }
"name" : "http://secunia.com/secunia_research/2010-17/", ]
"refsource" : "MISC", },
"url" : "http://secunia.com/secunia_research/2010-17/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-12.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-12.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:7477", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7477" ]
}, },
{ "references": {
"name" : "38751", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38751" "name": "38751",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38751"
"name" : "ADV-2010-1128", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1128" "name": "http://www.adobe.com/support/security/bulletins/apsb10-12.html",
} "refsource": "CONFIRM",
] "url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
} },
} {
"name": "ADV-2010-1128",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1128"
},
{
"name": "oval:org.mitre.oval:def:7477",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7477"
},
{
"name": "20100512 Secunia Research: Adobe Shockwave Player 3D Parsing Memory Corruption",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511260/100/0/threaded"
},
{
"name": "http://secunia.com/secunia_research/2010-17/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-17/"
}
]
}
}

160
2010/0xxx/CVE-2010-0192.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2010-0192", "ID": "CVE-2010-0192",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0193 and CVE-2010-0196."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-09.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-09.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0193 and CVE-2010-0196."
{ }
"name" : "TA10-103C", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-103C.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "39329", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/39329" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:7046", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7046" ]
}, },
{ "references": {
"name" : "ADV-2010-0873", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0873" "name": "ADV-2010-0873",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2010/0873"
} },
} {
"name": "TA10-103C",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-103C.html"
},
{
"name": "39329",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39329"
},
{
"name": "oval:org.mitre.oval:def:7046",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7046"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-09.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-09.html"
}
]
}
}

150
2010/0xxx/CVE-2010-0515.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2010-0515", "ID": "CVE-2010-0515",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with H.264 encoding."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT4077", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4077" "lang": "eng",
}, "value": "QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with H.264 encoding."
{ }
"name" : "APPLE-SA-2010-03-29-1", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2010-03-30-1", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:6783", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6783" ]
} },
] "references": {
} "reference_data": [
} {
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "APPLE-SA-2010-03-30-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html"
},
{
"name": "oval:org.mitre.oval:def:6783",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6783"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
}
]
}
}

150
2010/0xxx/CVE-2010-0991.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID" : "CVE-2010-0991", "ID": "CVE-2010-0991",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple heap-based buffer overflows in imlib2 1.4.3 allow context-dependent attackers to execute arbitrary code via a crafted (1) ARGB, (2) XPM, or (3) BMP file, related to the IMAGE_DIMENSIONS_OK macro in lib/image.h."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100421 Secunia Research: imlib2 \"IMAGE_DIMENSIONS_OK()\" Logic Error", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/510866/100/0/threaded" "lang": "eng",
}, "value": "Multiple heap-based buffer overflows in imlib2 1.4.3 allow context-dependent attackers to execute arbitrary code via a crafted (1) ARGB, (2) XPM, or (3) BMP file, related to the IMAGE_DIMENSIONS_OK macro in lib/image.h."
{ }
"name" : "http://secunia.com/secunia_research/2010-54/", ]
"refsource" : "MISC", },
"url" : "http://secunia.com/secunia_research/2010-54/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "39354", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39354" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2010-0959", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2010/0959" ]
} },
] "references": {
} "reference_data": [
} {
"name": "39354",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39354"
},
{
"name": "20100421 Secunia Research: imlib2 \"IMAGE_DIMENSIONS_OK()\" Logic Error",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510866/100/0/threaded"
},
{
"name": "ADV-2010-0959",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0959"
},
{
"name": "http://secunia.com/secunia_research/2010-54/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-54/"
}
]
}
}

34
2010/2xxx/CVE-2010-2472.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2472", "ID": "CVE-2010-2472",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

190
2010/3xxx/CVE-2010-3066.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-3066", "ID": "CVE-2010-3066",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The io_submit_one function in fs/aio.c in the Linux kernel before 2.6.23 allows local users to cause a denial of service (NULL pointer dereference) via a crafted io_submit system call with an IOCB_FLAG_RESFD flag."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded" "lang": "eng",
}, "value": "The io_submit_one function in fs/aio.c in the Linux kernel before 2.6.23 allows local users to cause a denial of service (NULL pointer dereference) via a crafted io_submit system call with an IOCB_FLAG_RESFD flag."
{ }
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=87e2831c3fa39cbf6f7ab676bb5aef039b9659e2", ]
"refsource" : "CONFIRM", },
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=87e2831c3fa39cbf6f7ab676bb5aef039b9659e2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=631716", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=631716" ]
}, },
{ "references": {
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
"name" : "RHSA-2010:0839", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0839.html" "name": "46397",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/46397"
"name" : "1024708", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1024708" "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=87e2831c3fa39cbf6f7ab676bb5aef039b9659e2",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=87e2831c3fa39cbf6f7ab676bb5aef039b9659e2"
"name" : "46397", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/46397" "name": "1024708",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1024708"
} },
} {
"name": "RHSA-2010:0839",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0839.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=631716",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=631716"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
}
]
}
}

140
2010/3xxx/CVE-2010-3252.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3252", "ID": "CVE-2010-3252",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the Notifications presenter in Google Chrome before 6.0.472.53 allows attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=50386", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=50386" "lang": "eng",
}, "value": "Use-after-free vulnerability in the Notifications presenter in Google Chrome before 6.0.472.53 allows attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors."
{ }
"name" : "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:11987", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11987" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:11987",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11987"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=50386",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=50386"
},
{
"name": "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html"
}
]
}
}

140
2010/3xxx/CVE-2010-3428.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3428", "ID": "CVE-2010-3428",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in modules/notes/json.php in Intermesh Group-Office 3.5.9 allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a category action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "14988", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/14988" "lang": "eng",
}, "value": "SQL injection vulnerability in modules/notes/json.php in Intermesh Group-Office 3.5.9 allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a category action."
{ }
"name" : "http://www.securityfocus.com/bid/43174/exploit", ]
"refsource" : "MISC", },
"url" : "http://www.securityfocus.com/bid/43174/exploit" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "43174", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/43174" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/43174/exploit",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/43174/exploit"
},
{
"name": "14988",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14988"
},
{
"name": "43174",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43174"
}
]
}
}

34
2010/4xxx/CVE-2010-4285.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2010-4285", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2010-4285",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
} }
] ]
} }
} }

170
2010/4xxx/CVE-2010-4831.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2010-4831", "ID": "CVE-2010-4831",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in gdk/win32/gdkinput-win32.c in GTK+ before 2.21.8 allows local users to gain privileges via a Trojan horse Wintab32.dll file in the current working directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://ftp.gnome.org/pub/gnome/sources/gtk+/2.21/gtk+-2.21.8.changes", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://ftp.gnome.org/pub/gnome/sources/gtk+/2.21/gtk+-2.21.8.changes" "lang": "eng",
}, "value": "Untrusted search path vulnerability in gdk/win32/gdkinput-win32.c in GTK+ before 2.21.8 allows local users to gain privileges via a Trojan horse Wintab32.dll file in the current working directory."
{ }
"name" : "http://git.gnome.org/browse/gtk+/commit/gdk/win32/gdkinput-win32.c?h=gtk-2-24&id=88f54ea47d4a55bbbf9e34a7a0502f365eb69ae5&ss=1", ]
"refsource" : "CONFIRM", },
"url" : "http://git.gnome.org/browse/gtk+/commit/gdk/win32/gdkinput-win32.c?h=gtk-2-24&id=88f54ea47d4a55bbbf9e34a7a0502f365eb69ae5&ss=1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "JVN#58019849", "description": [
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN58019849/index.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "JVNDB-2011-000072", ]
"refsource" : "JVNDB", }
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000072" ]
}, },
{ "references": {
"name" : "49449", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/49449" "name": "49449",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/49449"
"name" : "45815", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/45815" "name": "http://git.gnome.org/browse/gtk+/commit/gdk/win32/gdkinput-win32.c?h=gtk-2-24&id=88f54ea47d4a55bbbf9e34a7a0502f365eb69ae5&ss=1",
} "refsource": "CONFIRM",
] "url": "http://git.gnome.org/browse/gtk+/commit/gdk/win32/gdkinput-win32.c?h=gtk-2-24&id=88f54ea47d4a55bbbf9e34a7a0502f365eb69ae5&ss=1"
} },
} {
"name": "JVN#58019849",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN58019849/index.html"
},
{
"name": "http://ftp.gnome.org/pub/gnome/sources/gtk+/2.21/gtk+-2.21.8.changes",
"refsource": "CONFIRM",
"url": "http://ftp.gnome.org/pub/gnome/sources/gtk+/2.21/gtk+-2.21.8.changes"
},
{
"name": "45815",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45815"
},
{
"name": "JVNDB-2011-000072",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000072"
}
]
}
}

140
2014/10xxx/CVE-2014-10010.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-10010", "ID": "CVE-2014-10010",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a pjActionDownload action to the pjBackup controller."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "30911", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/30911" "lang": "eng",
}, "value": "Directory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a pjActionDownload action to the pjBackup controller."
{ }
"name" : "http://packetstormsecurity.com/files/124755", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/124755" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "appointmentscheduler-index-dir-traversal(90421)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90421" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "30911",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/30911"
},
{
"name": "appointmentscheduler-index-dir-traversal(90421)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90421"
},
{
"name": "http://packetstormsecurity.com/files/124755",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124755"
}
]
}
}

300
2014/3xxx/CVE-2014-3145.json
View File

@ -1,152 +1,152 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-3145", "ID": "CVE-2014-3145",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20140509 Re: CVE request Linux kernel: filter: prevent nla extensions to peek beyond the end of the message", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2014/05/09/6" "lang": "eng",
}, "value": "The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced."
{ }
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=05ab8f2647e4221cbdb3856dd7d32bd5407316b3", ]
"refsource" : "CONFIRM", },
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=05ab8f2647e4221cbdb3856dd7d32bd5407316b3" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/torvalds/linux/commit/05ab8f2647e4221cbdb3856dd7d32bd5407316b3", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/torvalds/linux/commit/05ab8f2647e4221cbdb3856dd7d32bd5407316b3" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://linux.oracle.com/errata/ELSA-2014-3052.html", ]
"refsource" : "CONFIRM", }
"url" : "http://linux.oracle.com/errata/ELSA-2014-3052.html" ]
}, },
{ "references": {
"name" : "https://source.android.com/security/bulletin/2017-04-01", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-04-01" "name": "[oss-security] 20140509 Re: CVE request Linux kernel: filter: prevent nla extensions to peek beyond the end of the message",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2014/05/09/6"
"name" : "DSA-2949", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2014/dsa-2949" "name": "USN-2263-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2263-1"
"name" : "USN-2259-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2259-1" "name": "DSA-2949",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2014/dsa-2949"
"name" : "USN-2261-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2261-1" "name": "https://source.android.com/security/bulletin/2017-04-01",
}, "refsource": "CONFIRM",
{ "url": "https://source.android.com/security/bulletin/2017-04-01"
"name" : "USN-2262-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2262-1" "name": "USN-2261-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2261-1"
"name" : "USN-2263-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2263-1" "name": "USN-2252-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2252-1"
"name" : "USN-2264-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2264-1" "name": "http://linux.oracle.com/errata/ELSA-2014-3052.html",
}, "refsource": "CONFIRM",
{ "url": "http://linux.oracle.com/errata/ELSA-2014-3052.html"
"name" : "USN-2251-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2251-1" "name": "58990",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/58990"
"name" : "USN-2252-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2252-1" "name": "60613",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/60613"
"name" : "67321", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/67321" "name": "USN-2264-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2264-1"
"name" : "1038201", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038201" "name": "https://github.com/torvalds/linux/commit/05ab8f2647e4221cbdb3856dd7d32bd5407316b3",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/torvalds/linux/commit/05ab8f2647e4221cbdb3856dd7d32bd5407316b3"
"name" : "58990", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/58990" "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=05ab8f2647e4221cbdb3856dd7d32bd5407316b3",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=05ab8f2647e4221cbdb3856dd7d32bd5407316b3"
"name" : "59597", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/59597" "name": "USN-2262-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2262-1"
"name" : "60613", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/60613" "name": "67321",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/67321"
"name" : "59311", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/59311" "name": "USN-2259-1",
} "refsource": "UBUNTU",
] "url": "http://www.ubuntu.com/usn/USN-2259-1"
} },
} {
"name": "USN-2251-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2251-1"
},
{
"name": "59311",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59311"
},
{
"name": "59597",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59597"
},
{
"name": "1038201",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038201"
}
]
}
}

200
2014/3xxx/CVE-2014-3693.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-3693", "ID": "CVE-2014-3693",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.libreoffice.org/about-us/security/advisories/CVE-2014-3693/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.libreoffice.org/about-us/security/advisories/CVE-2014-3693/" "lang": "eng",
}, "value": "Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599."
{ }
"name" : "GLSA-201603-05", ]
"refsource" : "GENTOO", },
"url" : "https://security.gentoo.org/glsa/201603-05" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2015:0377", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0377.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "openSUSE-SU-2014:1412", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00049.html" ]
}, },
{ "references": {
"name" : "USN-2398-1", "reference_data": [
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2398-1" "name": "https://www.libreoffice.org/about-us/security/advisories/CVE-2014-3693/",
}, "refsource": "CONFIRM",
{ "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2014-3693/"
"name" : "71351", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/71351" "name": "62396",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/62396"
"name" : "62111", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62111" "name": "71351",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/71351"
"name" : "62132", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62132" "name": "USN-2398-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2398-1"
"name" : "62396", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62396" "name": "RHSA-2015:0377",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2015-0377.html"
} },
} {
"name": "62132",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62132"
},
{
"name": "openSUSE-SU-2014:1412",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00049.html"
},
{
"name": "62111",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62111"
},
{
"name": "GLSA-201603-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-05"
}
]
}
}

140
2014/3xxx/CVE-2014-3821.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3821", "ID": "CVE-2014-3821",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in SRX Web Authentication (webauth) in Juniper Junos 11.4 before 11.4R11, 12.1X44 before 12.1X44-D34, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10640", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10640" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in SRX Web Authentication (webauth) in Juniper Junos 11.4 before 11.4R11, 12.1X44 before 12.1X44-D34, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "68548", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/68548" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1030563", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1030563" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10640",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10640"
},
{
"name": "68548",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68548"
},
{
"name": "1030563",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030563"
}
]
}
}

34
2014/4xxx/CVE-2014-4697.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-4697", "ID": "CVE-2014-4697",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2014/8xxx/CVE-2014-8295.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8295", "ID": "CVE-2014-8295",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "34851", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/34851" "lang": "eng",
}, "value": "SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter."
{ }
"name" : "http://packetstormsecurity.com/files/128480/Bacula-web-5.2.10-SQL-Injection.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/128480/Bacula-web-5.2.10-SQL-Injection.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "112418", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/show/osvdb/112418" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "112418",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/112418"
},
{
"name": "http://packetstormsecurity.com/files/128480/Bacula-web-5.2.10-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128480/Bacula-web-5.2.10-SQL-Injection.html"
},
{
"name": "34851",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/34851"
}
]
}
}

130
2014/8xxx/CVE-2014-8298.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8298", "ID": "CVE-2014-8298",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Linux for Tegra (L4T) driver before R21.2, and Chrome OS driver before R40 allows remote attackers to cause a denial of service (segmentation fault and X server crash) or possibly execute arbitrary code via a crafted GLX indirect rendering protocol request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/3610", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/3610" "lang": "eng",
}, "value": "The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Linux for Tegra (L4T) driver before R21.2, and Chrome OS driver before R40 allows remote attackers to cause a denial of service (segmentation fault and X server crash) or possibly execute arbitrary code via a crafted GLX indirect rendering protocol request."
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/3610",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/3610"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
}
]
}
}

150
2014/8xxx/CVE-2014-8398.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8398", "ID": "CVE-2014-8398",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple untrusted search path vulnerabilities in Corel FastFlick allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) igfxcmrt32.dll, (2) ipl.dll, (3) MSPStyleLib.dll, (4) uFioUtil.dll, (5) uhDSPlay.dll, (6) uipl.dll, (7) uvipl.dll, (8) VC1DecDll.dll, or (9) VC1DecDll_SSE3.dll file that is located in the same folder as the file being processed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150112 Corel Software DLL Hijacking", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/534452/100/0/threaded" "lang": "eng",
}, "value": "Multiple untrusted search path vulnerabilities in Corel FastFlick allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) igfxcmrt32.dll, (2) ipl.dll, (3) MSPStyleLib.dll, (4) uFioUtil.dll, (5) uhDSPlay.dll, (6) uipl.dll, (7) uvipl.dll, (8) VC1DecDll.dll, or (9) VC1DecDll_SSE3.dll file that is located in the same folder as the file being processed."
{ }
"name" : "20150112 Corel Software DLL Hijacking", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2015/Jan/33" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.coresecurity.com/advisories/corel-software-dll-hijacking", "description": [
"refsource" : "MISC", {
"url" : "http://www.coresecurity.com/advisories/corel-software-dll-hijacking" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "72010", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/72010" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20150112 Corel Software DLL Hijacking",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534452/100/0/threaded"
},
{
"name": "http://www.coresecurity.com/advisories/corel-software-dll-hijacking",
"refsource": "MISC",
"url": "http://www.coresecurity.com/advisories/corel-software-dll-hijacking"
},
{
"name": "20150112 Corel Software DLL Hijacking",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/33"
},
{
"name": "72010",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72010"
}
]
}
}

34
2014/8xxx/CVE-2014-8408.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8408", "ID": "CVE-2014-8408",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

180
2014/8xxx/CVE-2014-8987.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8987", "ID": "CVE-2014-8987",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the \"set configuration\" box in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via the config_option parameter, a different vulnerability than CVE-2014-8986."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20141114 CVE Request: XSS vulnerability in MantisBT 1.2.13", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2014/11/14/9" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the \"set configuration\" box in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via the config_option parameter, a different vulnerability than CVE-2014-8986."
{ }
"name" : "[oss-security] 20141115 RE: CVE Request: XSS vulnerability in MantisBT 1.2.13", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2014/11/15/2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20141115 Re: CVE Request: XSS vulnerability in MantisBT 1.2.13", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2014/11/15/4" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20141115 Re: Re: CVE Request: XSS vulnerability in MantisBT 1.2.13", ]
"refsource" : "MLIST", }
"url" : "http://www.openwall.com/lists/oss-security/2014/11/15/3" ]
}, },
{ "references": {
"name" : "[oss-security] 20141119 RE: CVE Request: XSS vulnerability in MantisBT 1.2.13", "reference_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2014/11/19/21" "name": "[oss-security] 20141115 RE: CVE Request: XSS vulnerability in MantisBT 1.2.13",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2014/11/15/2"
"name" : "http://www.mantisbt.org/bugs/view.php?id=17870", },
"refsource" : "CONFIRM", {
"url" : "http://www.mantisbt.org/bugs/view.php?id=17870" "name": "https://github.com/mantisbt/mantisbt/commit/49c3d089",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/mantisbt/mantisbt/commit/49c3d089"
"name" : "https://github.com/mantisbt/mantisbt/commit/49c3d089", },
"refsource" : "CONFIRM", {
"url" : "https://github.com/mantisbt/mantisbt/commit/49c3d089" "name": "http://www.mantisbt.org/bugs/view.php?id=17870",
} "refsource": "CONFIRM",
] "url": "http://www.mantisbt.org/bugs/view.php?id=17870"
} },
} {
"name": "[oss-security] 20141115 Re: Re: CVE Request: XSS vulnerability in MantisBT 1.2.13",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/11/15/3"
},
{
"name": "[oss-security] 20141119 RE: CVE Request: XSS vulnerability in MantisBT 1.2.13",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/11/19/21"
},
{
"name": "[oss-security] 20141114 CVE Request: XSS vulnerability in MantisBT 1.2.13",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/11/14/9"
},
{
"name": "[oss-security] 20141115 Re: CVE Request: XSS vulnerability in MantisBT 1.2.13",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/11/15/4"
}
]
}
}

34
2014/9xxx/CVE-2014-9552.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9552", "ID": "CVE-2014-9552",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2014/9xxx/CVE-2014-9788.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@android.com",
"ID" : "CVE-2014-9788", "ID": "CVE-2014-9788",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in the voice drivers in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28573112 and Qualcomm internal bug CR548872."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://source.android.com/security/bulletin/2016-07-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://source.android.com/security/bulletin/2016-07-01.html" "lang": "eng",
}, "value": "Multiple buffer overflows in the voice drivers in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28573112 and Qualcomm internal bug CR548872."
{ }
"name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=73bfc22aa70cc0b7e6709381125a0a42aa72a4f2", ]
"refsource" : "CONFIRM", },
"url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=73bfc22aa70cc0b7e6709381125a0a42aa72a4f2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "91628", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/91628" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "91628",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91628"
},
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=73bfc22aa70cc0b7e6709381125a0a42aa72a4f2",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=73bfc22aa70cc0b7e6709381125a0a42aa72a4f2"
},
{
"name": "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
}
]
}
}

120
2016/2xxx/CVE-2016-2029.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-2029", "ID": "CVE-2016-2029",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4358."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" "lang": "eng",
} "value": "HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4358."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
}
]
}
}

34
2016/2xxx/CVE-2016-2606.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-2606", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-2606",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

34
2016/2xxx/CVE-2016-2748.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-2748", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-2748",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

166
2016/2xxx/CVE-2016-2975.json
View File

@ -1,85 +1,85 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-08-25T00:00:00", "DATE_PUBLIC": "2017-08-25T00:00:00",
"ID" : "CVE-2016-2975", "ID": "CVE-2016-2975",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Sametime", "product_name": "Sametime",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "8.5.2" "version_value": "8.5.2"
}, },
{ {
"version_value" : "8.5.2.1" "version_value": "8.5.2.1"
}, },
{ {
"version_value" : "9.0" "version_value": "9.0"
}, },
{ {
"version_value" : "9.0.0.1" "version_value": "9.0.0.1"
}, },
{ {
"version_value" : "9.0.1" "version_value": "9.0.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113935."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113935", "description_data": [
"refsource" : "MISC", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113935" "lang": "eng",
}, "value": "IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113935."
{ }
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22006441", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22006441" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "100572", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/100572" "lang": "eng",
} "value": "Cross-Site Scripting"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006441",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006441"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113935",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113935"
},
{
"name": "100572",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100572"
}
]
}
}

180
2016/3xxx/CVE-2016-3119.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-3119", "ID": "CVE-2016-3119",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180131 [SECURITY] [DLA 1265-1] krb5 security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html" "lang": "eng",
}, "value": "The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal."
{ }
"name" : "https://github.com/krb5/krb5/commit/08c642c09c38a9c6454ab43a9b53b2a89b9eef99", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/krb5/krb5/commit/08c642c09c38a9c6454ab43a9b53b2a89b9eef99" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2016:2591", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2591.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "openSUSE-SU-2016:1072", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-updates/2016-04/msg00055.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2016:0947", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2016-04/msg00007.html" "name": "openSUSE-SU-2016:1072",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00055.html"
"name" : "85392", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/85392" "name": "[debian-lts-announce] 20180131 [SECURITY] [DLA 1265-1] krb5 security update",
}, "refsource": "MLIST",
{ "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html"
"name" : "1035399", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1035399" "name": "1035399",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1035399"
} },
} {
"name": "openSUSE-SU-2016:0947",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00007.html"
},
{
"name": "RHSA-2016:2591",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2591.html"
},
{
"name": "85392",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/85392"
},
{
"name": "https://github.com/krb5/krb5/commit/08c642c09c38a9c6454ab43a9b53b2a89b9eef99",
"refsource": "CONFIRM",
"url": "https://github.com/krb5/krb5/commit/08c642c09c38a9c6454ab43a9b53b2a89b9eef99"
}
]
}
}

160
2016/3xxx/CVE-2016-3534.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2016-3534", "ID": "CVE-2016-3534",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Installed Base component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Engineering Change Order. NOTE: the previous information is from the July 2016 CPU. Oracle has not commented on third-party claims that this issue involves an open redirect vulnerability, which allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.onapsis.com/blog/oracle-fixes-record-276-vulnerabilities-july-2016", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.onapsis.com/blog/oracle-fixes-record-276-vulnerabilities-july-2016" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle Installed Base component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Engineering Change Order. NOTE: the previous information is from the July 2016 CPU. Oracle has not commented on third-party claims that this issue involves an open redirect vulnerability, which allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
{ }
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "91787", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/91787" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "91907", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/91907" ]
}, },
{ "references": {
"name" : "1036403", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036403" "name": "https://www.onapsis.com/blog/oracle-fixes-record-276-vulnerabilities-july-2016",
} "refsource": "MISC",
] "url": "https://www.onapsis.com/blog/oracle-fixes-record-276-vulnerabilities-july-2016"
} },
} {
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "91907",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91907"
},
{
"name": "1036403",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036403"
}
]
}
}

180
2016/6xxx/CVE-2016-6352.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6352", "ID": "CVE-2016-6352",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160713 CVE Request: Write out-of-bounds in gdk-pixbuf 2.30.7", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/07/13/11" "lang": "eng",
}, "value": "The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file."
{ }
"name" : "[oss-security] 20160726 Re: CVE Request: Write out-of-bounds in gdk-pixbuf 2.30.7", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2016/07/26/11" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.gnome.org/show_bug.cgi?id=769170", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.gnome.org/show_bug.cgi?id=769170" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=88af50a864195da1a4f7bda5f02539704fbda599", ]
"refsource" : "CONFIRM", }
"url" : "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=88af50a864195da1a4f7bda5f02539704fbda599" ]
}, },
{ "references": {
"name" : "https://git.gnome.org/browse/gdk-pixbuf/tree/NEWS?id=640134c46221689d263369872937192e4484c83b", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://git.gnome.org/browse/gdk-pixbuf/tree/NEWS?id=640134c46221689d263369872937192e4484c83b" "name": "[oss-security] 20160726 Re: CVE Request: Write out-of-bounds in gdk-pixbuf 2.30.7",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2016/07/26/11"
"name" : "openSUSE-SU-2016:2276", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2016-09/msg00040.html" "name": "https://git.gnome.org/browse/gdk-pixbuf/tree/NEWS?id=640134c46221689d263369872937192e4484c83b",
}, "refsource": "CONFIRM",
{ "url": "https://git.gnome.org/browse/gdk-pixbuf/tree/NEWS?id=640134c46221689d263369872937192e4484c83b"
"name" : "USN-3085-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-3085-1" "name": "USN-3085-1",
} "refsource": "UBUNTU",
] "url": "http://www.ubuntu.com/usn/USN-3085-1"
} },
} {
"name": "[oss-security] 20160713 CVE Request: Write out-of-bounds in gdk-pixbuf 2.30.7",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/13/11"
},
{
"name": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=88af50a864195da1a4f7bda5f02539704fbda599",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/gdk-pixbuf/commit/?id=88af50a864195da1a4f7bda5f02539704fbda599"
},
{
"name": "openSUSE-SU-2016:2276",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00040.html"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=769170",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=769170"
}
]
}
}

140
2016/6xxx/CVE-2016-6425.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2016-6425", "ID": "CVE-2016-6425",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020 and CSCuy81652."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20161005 Cisco Unified Intelligence Center (CUIC) Software Cross-Site Scripting Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis1" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020 and CSCuy81652."
{ }
"name" : "93422", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/93422" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1036951", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036951" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "93422",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93422"
},
{
"name": "20161005 Cisco Unified Intelligence Center (CUIC) Software Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis1"
},
{
"name": "1036951",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036951"
}
]
}
}

250
2016/7xxx/CVE-2016-7055.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-7055", "ID": "CVE-2016-7055",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.openssl.org/news/secadv/20161110.txt", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.openssl.org/news/secadv/20161110.txt" "lang": "eng",
}, "value": "There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected."
{ }
"name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us", ]
"refsource" : "CONFIRM", },
"url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03752en_us", "description": [
"refsource" : "CONFIRM", {
"url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03752en_us" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" ]
}, },
{ "references": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" "name": "RHSA-2018:2185",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2185"
"name" : "https://www.tenable.com/security/tns-2017-04", },
"refsource" : "CONFIRM", {
"url" : "https://www.tenable.com/security/tns-2017-04" "name": "RHSA-2018:2186",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2186"
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
"name" : "FreeBSD-SA-17:02", },
"refsource" : "FREEBSD", {
"url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc" "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us",
}, "refsource": "CONFIRM",
{ "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03744en_us"
"name" : "GLSA-201702-07", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201702-07" "name": "FreeBSD-SA-17:02",
}, "refsource": "FREEBSD",
{ "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc"
"name" : "RHSA-2018:2185", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2185" "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name" : "RHSA-2018:2186", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2186" "name": "https://www.tenable.com/security/tns-2017-04",
}, "refsource": "CONFIRM",
{ "url": "https://www.tenable.com/security/tns-2017-04"
"name" : "RHSA-2018:2187", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2187" "name": "GLSA-201702-07",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201702-07"
"name" : "94242", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/94242" "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
"name" : "1037261", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037261" "name": "94242",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/94242"
} },
} {
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03752en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03752en_us"
},
{
"name": "RHSA-2018:2187",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2187"
},
{
"name": "https://www.openssl.org/news/secadv/20161110.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv/20161110.txt"
},
{
"name": "1037261",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037261"
}
]
}
}

180
2016/7xxx/CVE-2016-7162.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-7162", "ID": "CVE-2016-7162",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160908 Re: CVE Request: File Roller path traversal", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/09/08/4" "lang": "eng",
}, "value": "The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive."
{ }
"name" : "http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.20/file-roller-3.20.3.news", ]
"refsource" : "CONFIRM", },
"url" : "http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.20/file-roller-3.20.3.news" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.21/file-roller-3.21.90.news", "description": [
"refsource" : "CONFIRM", {
"url" : "http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.21/file-roller-3.21.90.news" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.gnome.org/show_bug.cgi?id=698554", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.gnome.org/show_bug.cgi?id=698554" ]
}, },
{ "references": {
"name" : "https://git.gnome.org/browse/file-roller/commit/?id=f70be1f41688859ec8dbe266df35a1839ceb96c5", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://git.gnome.org/browse/file-roller/commit/?id=f70be1f41688859ec8dbe266df35a1839ceb96c5" "name": "92896",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/92896"
"name" : "USN-3074-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-3074-1" "name": "https://git.gnome.org/browse/file-roller/commit/?id=f70be1f41688859ec8dbe266df35a1839ceb96c5",
}, "refsource": "CONFIRM",
{ "url": "https://git.gnome.org/browse/file-roller/commit/?id=f70be1f41688859ec8dbe266df35a1839ceb96c5"
"name" : "92896", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/92896" "name": "http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.20/file-roller-3.20.3.news",
} "refsource": "CONFIRM",
] "url": "http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.20/file-roller-3.20.3.news"
} },
} {
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=698554",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=698554"
},
{
"name": "[oss-security] 20160908 Re: CVE Request: File Roller path traversal",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/08/4"
},
{
"name": "USN-3074-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3074-1"
},
{
"name": "http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.21/file-roller-3.21.90.news",
"refsource": "CONFIRM",
"url": "http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.21/file-roller-3.21.90.news"
}
]
}
}

150
2016/7xxx/CVE-2016-7246.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2016-7246", "ID": "CVE-2016-7246",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-594", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-594" "lang": "eng",
}, "value": "The kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka \"Win32k Elevation of Privilege Vulnerability.\""
{ }
"name" : "MS16-135", ]
"refsource" : "MS", },
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-135" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "94063", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/94063" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1037251", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1037251" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-594",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-594"
},
{
"name": "1037251",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037251"
},
{
"name": "MS16-135",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-135"
},
{
"name": "94063",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94063"
}
]
}
}

140
2016/7xxx/CVE-2016-7275.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2016-7275", "ID": "CVE-2016-7275",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka \"Microsoft Office OLE DLL Side Loading Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS16-148", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148" "lang": "eng",
}, "value": "Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka \"Microsoft Office OLE DLL Side Loading Vulnerability.\""
{ }
"name" : "94665", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/94665" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037441", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037441" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "MS16-148",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "1037441",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037441"
},
{
"name": "94665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94665"
}
]
}
}

34
2016/7xxx/CVE-2016-7430.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-7430", "ID": "CVE-2016-7430",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }