admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:44:22 +00:00
parent ee68aaf13d
commit ea43edafe5
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
52 changed files with 4444 additions and 4444 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2006/0xxx/CVE-2006-0175.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0175",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz Forums 6.34 allows remote attackers to inject arbitrary web script or HTML via the search parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060109 Advisory:XSS vulnerability on WebWiz Forums <= 6.34 (search_form.asp)",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0299.html"
},
{
"name" : "20060111 Advisory:XSS vulnerability on WebWiz Forums <= 6.34(search_form.asp)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/421615/100/0/threaded"
},
{
"name" : "16196",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16196"
},
{
"name" : "22398",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22398"
},
{
"name" : "webwizforums-searchform-xss(24048)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24048"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz Forums 6.34 allows remote attackers to inject arbitrary web script or HTML via the search parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060111 Advisory:XSS vulnerability on WebWiz Forums <= 6.34(search_form.asp)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421615/100/0/threaded"
},
{
"name": "22398",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22398"
},
{
"name": "20060109 Advisory:XSS vulnerability on WebWiz Forums <= 6.34 (search_form.asp)",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0299.html"
},
{
"name": "16196",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16196"
},
{
"name": "webwizforums-searchform-xss(24048)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24048"
}
]
}
}

180
2006/0xxx/CVE-2006-0424.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0424",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allows remote authenticated guest users to read the server log and obtain sensitive configuration information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "BEA06-111.00",
"refsource" : "BEA",
"url" : "http://dev2dev.bea.com/pub/advisory/168"
},
{
"name" : "16358",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16358"
},
{
"name" : "ADV-2006-0313",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0313"
},
{
"name" : "22776",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22776"
},
{
"name" : "1015528",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015528"
},
{
"name" : "18592",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18592"
},
{
"name" : "weblogic-server-log-disclosure(24295)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24295"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allows remote authenticated guest users to read the server log and obtain sensitive configuration information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "BEA06-111.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/168"
},
{
"name": "ADV-2006-0313",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0313"
},
{
"name": "weblogic-server-log-disclosure(24295)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24295"
},
{
"name": "22776",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22776"
},
{
"name": "1015528",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015528"
},
{
"name": "18592",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18592"
},
{
"name": "16358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16358"
}
]
}
}

160
2006/0xxx/CVE-2006-0945.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0945",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file include vulnerability in admin/index.php in Archangel Weblog 0.90.02 allows remote authenticated administrators to execute arbitrary PHP code via a URL ending in a NULL (%00) in the index parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060226 Archangel Weblog 0.90.02 Admin Authentication Bypass & Remote File Inclusion",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/426184/100/0/threaded"
},
{
"name" : "16848",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16848"
},
{
"name" : "23621",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23621"
},
{
"name" : "1015689",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015689"
},
{
"name" : "archangel-index-file-include(25142)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25142"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file include vulnerability in admin/index.php in Archangel Weblog 0.90.02 allows remote authenticated administrators to execute arbitrary PHP code via a URL ending in a NULL (%00) in the index parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015689",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015689"
},
{
"name": "23621",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23621"
},
{
"name": "16848",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16848"
},
{
"name": "archangel-index-file-include(25142)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25142"
},
{
"name": "20060226 Archangel Weblog 0.90.02 Admin Authentication Bypass & Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426184/100/0/threaded"
}
]
}
}

180
2006/1xxx/CVE-2006-1115.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1115",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in significantly less time than a brute force attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1115",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060308 nCipher Advisory #12: Insecure Generation of Diffie-Hellman keys",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/427146/100/0/threaded"
},
{
"name" : "http://www.ncipher.com/resources/95/sa12_insecure_generation_of_diffiehellman_keys",
"refsource" : "CONFIRM",
"url" : "http://www.ncipher.com/resources/95/sa12_insecure_generation_of_diffiehellman_keys"
},
{
"name" : "17006",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17006"
},
{
"name" : "ADV-2006-0862",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0862"
},
{
"name" : "1015719",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015719"
},
{
"name" : "19137",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19137"
},
{
"name" : "ncipher-hsm-weak-key(25060)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25060"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in significantly less time than a brute force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0862",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0862"
},
{
"name": "1015719",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015719"
},
{
"name": "20060308 nCipher Advisory #12: Insecure Generation of Diffie-Hellman keys",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427146/100/0/threaded"
},
{
"name": "http://www.ncipher.com/resources/95/sa12_insecure_generation_of_diffiehellman_keys",
"refsource": "CONFIRM",
"url": "http://www.ncipher.com/resources/95/sa12_insecure_generation_of_diffiehellman_keys"
},
{
"name": "17006",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17006"
},
{
"name": "19137",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19137"
},
{
"name": "ncipher-hsm-weak-key(25060)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25060"
}
]
}
}

150
2006/1xxx/CVE-2006-1241.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1241",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Firebird 1.5.2.4731 installs (1) fb_lock_mgr, (2) gds_drop, and (3) fb_inet_server with setuid firebird permissions, which might allow local users to gain privileges via a buffer overflow as identified by CVE-2006-1240, or possibly other vulnerabilities."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060312 Buffer Overflow and Installation Script Error in Firebird 1.5.3",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/427480/100/0/threaded"
},
{
"name" : "20060312 Buffer Overflow and Installation Script Error in Firebird 1.5.3",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043546.html"
},
{
"name" : "17077",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17077"
},
{
"name" : "firebird-fbinetserver-fbserver-bo(25282)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25282"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Firebird 1.5.2.4731 installs (1) fb_lock_mgr, (2) gds_drop, and (3) fb_inet_server with setuid firebird permissions, which might allow local users to gain privileges via a buffer overflow as identified by CVE-2006-1240, or possibly other vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060312 Buffer Overflow and Installation Script Error in Firebird 1.5.3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427480/100/0/threaded"
},
{
"name": "17077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17077"
},
{
"name": "firebird-fbinetserver-fbserver-bo(25282)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25282"
},
{
"name": "20060312 Buffer Overflow and Installation Script Error in Firebird 1.5.3",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043546.html"
}
]
}
}

180
2006/1xxx/CVE-2006-1412.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1412",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TFT Gallery 0.10 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the admin password file and obtain password hashes via a direct request to admin/passwd."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1412",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061204 Multiple bugs in TFT-Gallery",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/453471/100/0/threaded"
},
{
"name" : "20061204 Re: Multiple bugs in TFT-Gallery",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/453485/100/0/threaded"
},
{
"name" : "1611",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1611"
},
{
"name" : "17250",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17250"
},
{
"name" : "ADV-2006-1115",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1115"
},
{
"name" : "19411",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19411"
},
{
"name" : "tftgallery-passwd-disclosure(25465)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25465"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TFT Gallery 0.10 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the admin password file and obtain password hashes via a direct request to admin/passwd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061204 Multiple bugs in TFT-Gallery",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453471/100/0/threaded"
},
{
"name": "1611",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1611"
},
{
"name": "17250",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17250"
},
{
"name": "19411",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19411"
},
{
"name": "20061204 Re: Multiple bugs in TFT-Gallery",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453485/100/0/threaded"
},
{
"name": "ADV-2006-1115",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1115"
},
{
"name": "tftgallery-passwd-disclosure(25465)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25465"
}
]
}
}

190
2006/1xxx/CVE-2006-1425.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1425",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in track.php in phpmyfamily 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060327 HYSA-2006-007 phpmyfamily 1.4.1 CRLF injection & XSS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/428901/100/0/threaded"
},
{
"name" : "20060327 HYSA-2006-007 phpmyfamily 1.4.1 CRLF injection & XSS",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=114344921211241&w=2"
},
{
"name" : "17278",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17278"
},
{
"name" : "ADV-2006-1130",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1130"
},
{
"name" : "24166",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24166"
},
{
"name" : "19409",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19409"
},
{
"name" : "636",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/636"
},
{
"name" : "phpmyfamily-track-xss(25476)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25476"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in track.php in phpmyfamily 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060327 HYSA-2006-007 phpmyfamily 1.4.1 CRLF injection & XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/428901/100/0/threaded"
},
{
"name": "17278",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17278"
},
{
"name": "24166",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24166"
},
{
"name": "20060327 HYSA-2006-007 phpmyfamily 1.4.1 CRLF injection & XSS",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=114344921211241&w=2"
},
{
"name": "636",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/636"
},
{
"name": "19409",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19409"
},
{
"name": "ADV-2006-1130",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1130"
},
{
"name": "phpmyfamily-track-xss(25476)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25476"
}
]
}
}

860
2006/1xxx/CVE-2006-1728.json
View File

@ -1,432 +1,432 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1728",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-1728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-24.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-24.html"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm"
},
{
"name" : "DSA-1044",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1044"
},
{
"name" : "DSA-1046",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1046"
},
{
"name" : "DSA-1051",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1051"
},
{
"name" : "FEDORA-2006-410",
"refsource" : "FEDORA",
"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html"
},
{
"name" : "FEDORA-2006-411",
"refsource" : "FEDORA",
"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html"
},
{
"name" : "FLSA:189137-1",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/436296/100/0/threaded"
},
{
"name" : "FLSA:189137-2",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/436338/100/0/threaded"
},
{
"name" : "GLSA-200604-12",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml"
},
{
"name" : "GLSA-200604-18",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml"
},
{
"name" : "GLSA-200605-09",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml"
},
{
"name" : "HPSBTU02118",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/434524/100/0/threaded"
},
{
"name" : "SSRT061145",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/434524/100/0/threaded"
},
{
"name" : "HPSBUX02122",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/438730/100/0/threaded"
},
{
"name" : "SSRT061158",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/438730/100/0/threaded"
},
{
"name" : "HPSBUX02153",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
},
{
"name" : "SSRT061181",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
},
{
"name" : "HPSBUX02156",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
},
{
"name" : "SSRT061236",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
},
{
"name" : "MDKSA-2006:075",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:075"
},
{
"name" : "MDKSA-2006:076",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:076"
},
{
"name" : "MDKSA-2006:078",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078"
},
{
"name" : "RHSA-2006:0328",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0328.html"
},
{
"name" : "RHSA-2006:0329",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0329.html"
},
{
"name" : "RHSA-2006:0330",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0330.html"
},
{
"name" : "SCOSA-2006.26",
"refsource" : "SCO",
"url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt"
},
{
"name" : "20060404-01-U",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc"
},
{
"name" : "102550",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1"
},
{
"name" : "102763",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1"
},
{
"name" : "SUSE-SA:2006:022",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_04_25.html"
},
{
"name" : "SUSE-SA:2006:021",
"refsource" : "SUSE",
"url" : "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html"
},
{
"name" : "USN-275-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/275-1/"
},
{
"name" : "USN-276-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/276-1/"
},
{
"name" : "USN-271-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/271-1/"
},
{
"name" : "TA06-107A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-107A.html"
},
{
"name" : "VU#932734",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/932734"
},
{
"name" : "17516",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17516"
},
{
"name" : "oval:org.mitre.oval:def:10508",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10508"
},
{
"name" : "ADV-2006-1356",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1356"
},
{
"name" : "ADV-2006-3391",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3391"
},
{
"name" : "ADV-2007-0058",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0058"
},
{
"name" : "ADV-2006-3748",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3748"
},
{
"name" : "ADV-2006-3749",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3749"
},
{
"name" : "ADV-2008-0083",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name" : "oval:org.mitre.oval:def:1698",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1698"
},
{
"name" : "1015922",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015922"
},
{
"name" : "1015923",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015923"
},
{
"name" : "1015924",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015924"
},
{
"name" : "1015925",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015925"
},
{
"name" : "19631",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19631"
},
{
"name" : "19649",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19649"
},
{
"name" : "19759",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19759"
},
{
"name" : "19794",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19794"
},
{
"name" : "19821",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19821"
},
{
"name" : "19811",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19811"
},
{
"name" : "19823",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19823"
},
{
"name" : "19852",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19852"
},
{
"name" : "19862",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19862"
},
{
"name" : "19863",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19863"
},
{
"name" : "19902",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19902"
},
{
"name" : "19950",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19950"
},
{
"name" : "19941",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19941"
},
{
"name" : "19714",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19714"
},
{
"name" : "19721",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19721"
},
{
"name" : "19746",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19746"
},
{
"name" : "21033",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21033"
},
{
"name" : "21622",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21622"
},
{
"name" : "19696",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19696"
},
{
"name" : "19729",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19729"
},
{
"name" : "19780",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19780"
},
{
"name" : "20051",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20051"
},
{
"name" : "22065",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22065"
},
{
"name" : "22066",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22066"
},
{
"name" : "mozilla-generatecrmfrequest-code-execution(25812)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25812"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-275-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/275-1/"
},
{
"name": "ADV-2006-3748",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3748"
},
{
"name": "RHSA-2006:0330",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0330.html"
},
{
"name": "SSRT061145",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/434524/100/0/threaded"
},
{
"name": "19902",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19902"
},
{
"name": "20060404-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc"
},
{
"name": "USN-276-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/276-1/"
},
{
"name": "HPSBUX02122",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded"
},
{
"name": "19941",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19941"
},
{
"name": "19780",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19780"
},
{
"name": "RHSA-2006:0328",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0328.html"
},
{
"name": "19821",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19821"
},
{
"name": "GLSA-200604-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml"
},
{
"name": "21622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21622"
},
{
"name": "19862",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19862"
},
{
"name": "MDKSA-2006:075",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:075"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm"
},
{
"name": "19823",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19823"
},
{
"name": "ADV-2007-0058",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0058"
},
{
"name": "DSA-1051",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1051"
},
{
"name": "FEDORA-2006-410",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html"
},
{
"name": "ADV-2006-3749",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3749"
},
{
"name": "USN-271-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/271-1/"
},
{
"name": "19714",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19714"
},
{
"name": "RHSA-2006:0329",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0329.html"
},
{
"name": "GLSA-200604-18",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml"
},
{
"name": "19811",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19811"
},
{
"name": "HPSBTU02118",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/434524/100/0/threaded"
},
{
"name": "19794",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19794"
},
{
"name": "1015922",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015922"
},
{
"name": "http://www.mozilla.org/security/announce/2006/mfsa2006-24.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-24.html"
},
{
"name": "19746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19746"
},
{
"name": "21033",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21033"
},
{
"name": "ADV-2008-0083",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name": "102550",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1"
},
{
"name": "19696",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19696"
},
{
"name": "19759",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19759"
},
{
"name": "oval:org.mitre.oval:def:1698",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1698"
},
{
"name": "SUSE-SA:2006:021",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html"
},
{
"name": "FLSA:189137-2",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/436338/100/0/threaded"
},
{
"name": "SSRT061181",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
},
{
"name": "ADV-2006-1356",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1356"
},
{
"name": "SSRT061236",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
},
{
"name": "SSRT061158",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded"
},
{
"name": "1015924",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015924"
},
{
"name": "mozilla-generatecrmfrequest-code-execution(25812)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25812"
},
{
"name": "MDKSA-2006:078",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078"
},
{
"name": "19729",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19729"
},
{
"name": "HPSBUX02153",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
},
{
"name": "19649",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19649"
},
{
"name": "20051",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20051"
},
{
"name": "19863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19863"
},
{
"name": "HPSBUX02156",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
},
{
"name": "SCOSA-2006.26",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt"
},
{
"name": "102763",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1"
},
{
"name": "TA06-107A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-107A.html"
},
{
"name": "FLSA:189137-1",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/436296/100/0/threaded"
},
{
"name": "17516",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17516"
},
{
"name": "FEDORA-2006-411",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html"
},
{
"name": "19852",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19852"
},
{
"name": "19721",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19721"
},
{
"name": "22066",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22066"
},
{
"name": "SUSE-SA:2006:022",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_04_25.html"
},
{
"name": "1015923",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015923"
},
{
"name": "GLSA-200605-09",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml"
},
{
"name": "ADV-2006-3391",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3391"
},
{
"name": "VU#932734",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/932734"
},
{
"name": "22065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22065"
},
{
"name": "oval:org.mitre.oval:def:10508",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10508"
},
{
"name": "19631",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19631"
},
{
"name": "19950",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19950"
},
{
"name": "1015925",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015925"
},
{
"name": "MDKSA-2006:076",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:076"
},
{
"name": "DSA-1046",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1046"
},
{
"name": "DSA-1044",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1044"
}
]
}
}

180
2006/1xxx/CVE-2006-1839.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1839",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in language.php in PHP Album 0.3.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary code via an FTP URL in the data_dir parameter, which satisfies the file_exists function call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060415 PHP Album <= 0.3.2.3 remote commnads execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/431067/100/0/threaded"
},
{
"name" : "http://retrogod.altervista.org/phpalbum_0323_incl_xpl.html",
"refsource" : "MISC",
"url" : "http://retrogod.altervista.org/phpalbum_0323_incl_xpl.html"
},
{
"name" : "17526",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17526"
},
{
"name" : "ADV-2006-1382",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1382"
},
{
"name" : "24741",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24741"
},
{
"name" : "19661",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19661"
},
{
"name" : "phpalbum-language-file-include(25846)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25846"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in language.php in PHP Album 0.3.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary code via an FTP URL in the data_dir parameter, which satisfies the file_exists function call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1382",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1382"
},
{
"name": "19661",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19661"
},
{
"name": "http://retrogod.altervista.org/phpalbum_0323_incl_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/phpalbum_0323_incl_xpl.html"
},
{
"name": "17526",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17526"
},
{
"name": "phpalbum-language-file-include(25846)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25846"
},
{
"name": "24741",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24741"
},
{
"name": "20060415 PHP Album <= 0.3.2.3 remote commnads execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431067/100/0/threaded"
}
]
}
}

160
2006/4xxx/CVE-2006-4588.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4588",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.security-net.biz/adv/D3906a.txt",
"refsource" : "MISC",
"url" : "http://www.security-net.biz/adv/D3906a.txt"
},
{
"name" : "19829",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19829"
},
{
"name" : "ADV-2006-3444",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3444"
},
{
"name" : "28462",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28462"
},
{
"name" : "21728",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21728"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21728",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21728"
},
{
"name": "http://www.security-net.biz/adv/D3906a.txt",
"refsource": "MISC",
"url": "http://www.security-net.biz/adv/D3906a.txt"
},
{
"name": "ADV-2006-3444",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3444"
},
{
"name": "19829",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19829"
},
{
"name": "28462",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28462"
}
]
}
}

320
2006/4xxx/CVE-2006-4624.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4624",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060913 Mailman 2.1.8 Multiple Security Issues",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445992/100/0/threaded"
},
{
"name" : "[Mailman-Announce] 20060913 RELEASED: Mailman 2.1.9",
"refsource" : "MLIST",
"url" : "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"
},
{
"name" : "http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859&r2=7923",
"refsource" : "MISC",
"url" : "http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859&r2=7923"
},
{
"name" : "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt",
"refsource" : "MISC",
"url" : "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295"
},
{
"name" : "DSA-1188",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1188"
},
{
"name" : "GLSA-200609-12",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200609-12.xml"
},
{
"name" : "MDKSA-2006:165",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:165"
},
{
"name" : "RHSA-2007:0779",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0779.html"
},
{
"name" : "SUSE-SR:2006:025",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_25_sr.html"
},
{
"name" : "19831",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19831"
},
{
"name" : "20021",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20021"
},
{
"name" : "oval:org.mitre.oval:def:9756",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9756"
},
{
"name" : "ADV-2006-3446",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3446"
},
{
"name" : "21732",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21732"
},
{
"name" : "22011",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22011"
},
{
"name" : "22020",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22020"
},
{
"name" : "22227",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22227"
},
{
"name" : "22639",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22639"
},
{
"name" : "27669",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27669"
},
{
"name" : "mailman-admin-spoofing(28734)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28734"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3446",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3446"
},
{
"name": "DSA-1188",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1188"
},
{
"name": "[Mailman-Announce] 20060913 RELEASED: Mailman 2.1.9",
"refsource": "MLIST",
"url": "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"
},
{
"name": "19831",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19831"
},
{
"name": "mailman-admin-spoofing(28734)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28734"
},
{
"name": "22639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22639"
},
{
"name": "20021",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20021"
},
{
"name": "RHSA-2007:0779",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0779.html"
},
{
"name": "GLSA-200609-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200609-12.xml"
},
{
"name": "20060913 Mailman 2.1.8 Multiple Security Issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445992/100/0/threaded"
},
{
"name": "http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859&r2=7923",
"refsource": "MISC",
"url": "http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859&r2=7923"
},
{
"name": "27669",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27669"
},
{
"name": "22227",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22227"
},
{
"name": "SUSE-SR:2006:025",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html"
},
{
"name": "MDKSA-2006:165",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:165"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295"
},
{
"name": "21732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21732"
},
{
"name": "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt",
"refsource": "MISC",
"url": "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt"
},
{
"name": "22011",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22011"
},
{
"name": "oval:org.mitre.oval:def:9756",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9756"
},
{
"name": "22020",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22020"
}
]
}
}

160
2006/5xxx/CVE-2006-5000.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5000",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, have unknown impact and remote authenticated attack vectors via the (1) XCRC, (2) XMD5, and (3) XSHA1 commands. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5000",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060926 ZDI-06-029: Ipswitch WS_FTP Server Checksum Command Parsing Buffer Overflow Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/447077/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-06-029.html",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-06-029.html"
},
{
"name" : "http://www.ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp",
"refsource" : "CONFIRM",
"url" : "http://www.ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp"
},
{
"name" : "1016935",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016935"
},
{
"name" : "wsftp-multiple-commands-bo(41829)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41829"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, have unknown impact and remote authenticated attack vectors via the (1) XCRC, (2) XMD5, and (3) XSHA1 commands. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "wsftp-multiple-commands-bo(41829)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41829"
},
{
"name": "20060926 ZDI-06-029: Ipswitch WS_FTP Server Checksum Command Parsing Buffer Overflow Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447077/100/0/threaded"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-06-029.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-029.html"
},
{
"name": "1016935",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016935"
},
{
"name": "http://www.ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp",
"refsource": "CONFIRM",
"url": "http://www.ipswitch.com/support/ws_ftp-server/releases/wr505hf1.asp"
}
]
}
}

190
2006/5xxx/CVE-2006-5909.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5909",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "generaloptions.php in Paul Tarjan Stanford Conference And Research Forum (SCARF) before 20070227 does not require the admin privilege, which allows remote attackers to reconfigure the application or its user accounts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061104 Stanford university SCARF user editing",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/450679/100/0/threaded"
},
{
"name" : "20070215 Re: Stanford university SCARF user editing",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/460196/100/0/threaded"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?group_id=177652&release_id=489633",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?group_id=177652&release_id=489633"
},
{
"name" : "20934",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20934"
},
{
"name" : "ADV-2007-0760",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0760"
},
{
"name" : "24311",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24311"
},
{
"name" : "scarf-generaloptions-privilege-escalation(30037)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30037"
},
{
"name" : "scarf-generaloptions-security-bypass(32700)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/32700"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "generaloptions.php in Paul Tarjan Stanford Conference And Research Forum (SCARF) before 20070227 does not require the admin privilege, which allows remote attackers to reconfigure the application or its user accounts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "scarf-generaloptions-privilege-escalation(30037)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30037"
},
{
"name": "ADV-2007-0760",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0760"
},
{
"name": "20070215 Re: Stanford university SCARF user editing",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/460196/100/0/threaded"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=177652&release_id=489633",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=177652&release_id=489633"
},
{
"name": "24311",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24311"
},
{
"name": "20061104 Stanford university SCARF user editing",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450679/100/0/threaded"
},
{
"name": "scarf-generaloptions-security-bypass(32700)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32700"
},
{
"name": "20934",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20934"
}
]
}
}

130
2010/0xxx/CVE-2010-0076.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0076",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Application Express Application Builder component in Oracle Database 3.2.1.00.10 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-0076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"
},
{
"name" : "TA10-012A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-012A.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Application Express Application Builder component in Oracle Database 3.2.1.00.10 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"
},
{
"name": "TA10-012A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-012A.html"
}
]
}
}

160
2010/0xxx/CVE-2010-0180.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0180",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when use_suexec is enabled, uses world-readable permissions for the localconfig files, which allows local users to read sensitive configuration fields, as demonstrated by the database password field and the site_wide_secret field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.bugzilla.org/security/3.2.6/",
"refsource" : "CONFIRM",
"url" : "http://www.bugzilla.org/security/3.2.6/"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=561797",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=561797"
},
{
"name" : "41144",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41144"
},
{
"name" : "40300",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40300"
},
{
"name" : "ADV-2010-1595",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1595"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when use_suexec is enabled, uses world-readable permissions for the localconfig files, which allows local users to read sensitive configuration fields, as demonstrated by the database password field and the site_wide_secret field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.bugzilla.org/security/3.2.6/",
"refsource": "CONFIRM",
"url": "http://www.bugzilla.org/security/3.2.6/"
},
{
"name": "40300",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40300"
},
{
"name": "ADV-2010-1595",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1595"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=561797",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=561797"
},
{
"name": "41144",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41144"
}
]
}
}

230
2010/0xxx/CVE-2010-0288.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0288",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "11141",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/11141"
},
{
"name" : "http://bugs.splitbrain.org/index.php?do=details&task_id=1847",
"refsource" : "CONFIRM",
"url" : "http://bugs.splitbrain.org/index.php?do=details&task_id=1847"
},
{
"name" : "http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security",
"refsource" : "CONFIRM",
"url" : "http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security"
},
{
"name" : "DSA-1976",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-1976"
},
{
"name" : "FEDORA-2010-0770",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034729.html"
},
{
"name" : "FEDORA-2010-0800",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034831.html"
},
{
"name" : "GLSA-201301-07",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201301-07.xml"
},
{
"name" : "37820",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37820"
},
{
"name" : "61710",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/61710"
},
{
"name" : "38183",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38183"
},
{
"name" : "ADV-2010-0150",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0150"
},
{
"name" : "dokuwiki-ajax-security-bypass(55661)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55661"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "dokuwiki-ajax-security-bypass(55661)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55661"
},
{
"name": "61710",
"refsource": "OSVDB",
"url": "http://osvdb.org/61710"
},
{
"name": "FEDORA-2010-0770",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034729.html"
},
{
"name": "38183",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38183"
},
{
"name": "GLSA-201301-07",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201301-07.xml"
},
{
"name": "ADV-2010-0150",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0150"
},
{
"name": "http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security",
"refsource": "CONFIRM",
"url": "http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security"
},
{
"name": "DSA-1976",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-1976"
},
{
"name": "FEDORA-2010-0800",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034831.html"
},
{
"name": "37820",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37820"
},
{
"name": "http://bugs.splitbrain.org/index.php?do=details&task_id=1847",
"refsource": "CONFIRM",
"url": "http://bugs.splitbrain.org/index.php?do=details&task_id=1847"
},
{
"name": "11141",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11141"
}
]
}
}

230
2010/0xxx/CVE-2010-0645.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0645",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in factory.cc in Google V8 before r3560, as used in Google Chrome before 4.0.249.89, allow remote attackers to execute arbitrary code in the Chrome sandbox via crafted use of JavaScript arrays."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=31009",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=31009"
},
{
"name" : "http://code.google.com/p/v8/source/detail?r=3560",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/v8/source/detail?r=3560"
},
{
"name" : "http://codereview.chromium.org/525064",
"refsource" : "CONFIRM",
"url" : "http://codereview.chromium.org/525064"
},
{
"name" : "http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html"
},
{
"name" : "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs",
"refsource" : "CONFIRM",
"url" : "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs"
},
{
"name" : "38177",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38177"
},
{
"name" : "62316",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/62316"
},
{
"name" : "oval:org.mitre.oval:def:14508",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14508"
},
{
"name" : "1023583",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023583"
},
{
"name" : "38545",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38545"
},
{
"name" : "ADV-2010-0361",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0361"
},
{
"name" : "googlechrome-v8engine-code-exec(56213)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56213"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in factory.cc in Google V8 before r3560, as used in Google Chrome before 4.0.249.89, allow remote attackers to execute arbitrary code in the Chrome sandbox via crafted use of JavaScript arrays."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "googlechrome-v8engine-code-exec(56213)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56213"
},
{
"name": "38177",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38177"
},
{
"name": "http://code.google.com/p/v8/source/detail?r=3560",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/v8/source/detail?r=3560"
},
{
"name": "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs",
"refsource": "CONFIRM",
"url": "http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs"
},
{
"name": "1023583",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023583"
},
{
"name": "ADV-2010-0361",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0361"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=31009",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=31009"
},
{
"name": "62316",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/62316"
},
{
"name": "http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/02/stable-channel-update.html"
},
{
"name": "oval:org.mitre.oval:def:14508",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14508"
},
{
"name": "http://codereview.chromium.org/525064",
"refsource": "CONFIRM",
"url": "http://codereview.chromium.org/525064"
},
{
"name": "38545",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38545"
}
]
}
}

180
2010/2xxx/CVE-2010-2576.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2576",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera before 10.61 does not properly suppress clicks on download dialogs that became visible after a recent tab change, which allows remote attackers to conduct clickjacking attacks, and consequently execute arbitrary code, via vectors involving (1) closing a tab or (2) hiding a tab, a related issue to CVE-2005-2407."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2010-2576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100812 Secunia Research: Opera \"Download\" Dialog File Execution Security Issue",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/513040/100/0/threaded"
},
{
"name" : "http://secunia.com/secunia_research/2010-110/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2010-110/"
},
{
"name" : "http://www.opera.com/docs/changelogs/mac/1061/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/mac/1061/"
},
{
"name" : "http://www.opera.com/docs/changelogs/unix/1061/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/unix/1061/"
},
{
"name" : "http://www.opera.com/docs/changelogs/windows/1061/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/windows/1061/"
},
{
"name" : "http://www.opera.com/support/kb/view/967/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/support/kb/view/967/"
},
{
"name" : "oval:org.mitre.oval:def:12084",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12084"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera before 10.61 does not properly suppress clicks on download dialogs that became visible after a recent tab change, which allows remote attackers to conduct clickjacking attacks, and consequently execute arbitrary code, via vectors involving (1) closing a tab or (2) hiding a tab, a related issue to CVE-2005-2407."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:12084",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12084"
},
{
"name": "http://www.opera.com/docs/changelogs/unix/1061/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/unix/1061/"
},
{
"name": "http://www.opera.com/support/kb/view/967/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/kb/view/967/"
},
{
"name": "20100812 Secunia Research: Opera \"Download\" Dialog File Execution Security Issue",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513040/100/0/threaded"
},
{
"name": "http://www.opera.com/docs/changelogs/mac/1061/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/mac/1061/"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/1061/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/1061/"
},
{
"name": "http://secunia.com/secunia_research/2010-110/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-110/"
}
]
}
}

34
2010/2xxx/CVE-2010-2593.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2593",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2593",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2010/3xxx/CVE-2010-3003.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3003",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.0-11 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2010-3003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-05",
"refsource" : "MISC",
"url" : "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-05"
},
{
"name" : "HPSBMA02571",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02492472"
},
{
"name" : "SSRT100034",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02492472"
},
{
"name" : "ADV-2010-2245",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2245"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.0-11 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBMA02571",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02492472"
},
{
"name": "ADV-2010-2245",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2245"
},
{
"name": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-05",
"refsource": "MISC",
"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-05"
},
{
"name": "SSRT100034",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02492472"
}
]
}
}

270
2010/3xxx/CVE-2010-3774.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3774",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle (1) about:neterror and (2) about:certerror pages, which allows remote attackers to spoof the location bar via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-83.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-83.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=602780",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=602780"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100124650",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100124650"
},
{
"name" : "FEDORA-2010-18773",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html"
},
{
"name" : "FEDORA-2010-18775",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html"
},
{
"name" : "FEDORA-2010-18890",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html"
},
{
"name" : "FEDORA-2010-18920",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html"
},
{
"name" : "MDVSA-2010:251",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:251"
},
{
"name" : "RHSA-2010:0966",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0966.html"
},
{
"name" : "SUSE-SA:2011:003",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html"
},
{
"name" : "USN-1019-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1019-1"
},
{
"name" : "oval:org.mitre.oval:def:12512",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12512"
},
{
"name" : "1024850",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024850"
},
{
"name" : "42716",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42716"
},
{
"name" : "42818",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42818"
},
{
"name" : "ADV-2011-0030",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0030"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle (1) about:neterror and (2) about:certerror pages, which allows remote attackers to spoof the location bar via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2011:003",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html"
},
{
"name": "FEDORA-2010-18775",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html"
},
{
"name": "MDVSA-2010:251",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:251"
},
{
"name": "http://support.avaya.com/css/P8/documents/100124650",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100124650"
},
{
"name": "RHSA-2010:0966",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0966.html"
},
{
"name": "USN-1019-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1019-1"
},
{
"name": "42818",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42818"
},
{
"name": "1024850",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024850"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=602780",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=602780"
},
{
"name": "oval:org.mitre.oval:def:12512",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12512"
},
{
"name": "FEDORA-2010-18920",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html"
},
{
"name": "ADV-2011-0030",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0030"
},
{
"name": "http://www.mozilla.org/security/announce/2010/mfsa2010-83.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-83.html"
},
{
"name": "FEDORA-2010-18890",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html"
},
{
"name": "42716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42716"
},
{
"name": "FEDORA-2010-18773",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html"
}
]
}
}

340
2010/3xxx/CVE-2010-3876.json
View File

@ -1,172 +1,172 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3876",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_RAW capability to read copies of the applicable structures."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name" : "[netdev] 20101031 [PATCH 2/3] net: packet: fix information leak to userland",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=linux-netdev&m=128854507220908&w=2"
},
{
"name" : "[oss-security] 20101102 CVE request: kernel stack infoleaks",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/11/02/7"
},
{
"name" : "[oss-security] 20101102 Re: CVE request: kernel stack infoleaks",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/11/02/12"
},
{
"name" : "[oss-security] 20101102 Re: CVE request: kernel stack infoleaks",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/11/02/10"
},
{
"name" : "[oss-security] 20101102 Re: CVE request: kernel stack infoleaks",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/11/02/9"
},
{
"name" : "[oss-security] 20101104 Re: CVE request: kernel stack infoleaks",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/11/04/5"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=67286640f638f5ad41a946b9a3dc75327950248f",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=67286640f638f5ad41a946b9a3dc75327950248f"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=649715",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=649715"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name" : "DSA-2126",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2126"
},
{
"name" : "RHSA-2010:0958",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0958.html"
},
{
"name" : "RHSA-2011:0004",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0004.html"
},
{
"name" : "RHSA-2011:0162",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0162.html"
},
{
"name" : "RHSA-2011:0007",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0007.html"
},
{
"name" : "44630",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44630"
},
{
"name" : "42789",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42789"
},
{
"name" : "42963",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42963"
},
{
"name" : "42890",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42890"
},
{
"name" : "46397",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46397"
},
{
"name" : "ADV-2011-0024",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0024"
},
{
"name" : "ADV-2011-0168",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0168"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_RAW capability to read copies of the applicable structures."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42789",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42789"
},
{
"name": "[oss-security] 20101102 Re: CVE request: kernel stack infoleaks",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/11/02/9"
},
{
"name": "ADV-2011-0024",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0024"
},
{
"name": "RHSA-2011:0004",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0004.html"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46397"
},
{
"name": "[oss-security] 20101102 Re: CVE request: kernel stack infoleaks",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/11/02/12"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2"
},
{
"name": "[oss-security] 20101104 Re: CVE request: kernel stack infoleaks",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/11/04/5"
},
{
"name": "RHSA-2011:0007",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=67286640f638f5ad41a946b9a3dc75327950248f",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=67286640f638f5ad41a946b9a3dc75327950248f"
},
{
"name": "[oss-security] 20101102 Re: CVE request: kernel stack infoleaks",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/11/02/10"
},
{
"name": "RHSA-2010:0958",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0958.html"
},
{
"name": "42963",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42963"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=649715",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=649715"
},
{
"name": "[netdev] 20101031 [PATCH 2/3] net: packet: fix information leak to userland",
"refsource": "MLIST",
"url": "http://marc.info/?l=linux-netdev&m=128854507220908&w=2"
},
{
"name": "[oss-security] 20101102 CVE request: kernel stack infoleaks",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/11/02/7"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "42890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42890"
},
{
"name": "RHSA-2011:0162",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0162.html"
},
{
"name": "ADV-2011-0168",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0168"
},
{
"name": "44630",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44630"
},
{
"name": "DSA-2126",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2126"
}
]
}
}

140
2010/4xxx/CVE-2010-4269.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4269",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in managechat.php in Collabtive 0.65 allows remote attackers to execute arbitrary SQL commands via the chatstart[USERTOID] cookie in a pull action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15381",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15381"
},
{
"name" : "http://packetstormsecurity.org/1011-exploits/collabtive065-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1011-exploits/collabtive065-sql.txt"
},
{
"name" : "collabtive-managechat-sql-injection(62930)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62930"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in managechat.php in Collabtive 0.65 allows remote attackers to execute arbitrary SQL commands via the chatstart[USERTOID] cookie in a pull action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/1011-exploits/collabtive065-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1011-exploits/collabtive065-sql.txt"
},
{
"name": "collabtive-managechat-sql-injection(62930)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62930"
},
{
"name": "15381",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15381"
}
]
}
}

140
2010/4xxx/CVE-2010-4390.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4390",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple heap-based buffer overflows in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allow remote attackers to have an unspecified impact via a crafted header in an IVR file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://service.real.com/realplayer/security/12102010_player/en/",
"refsource" : "CONFIRM",
"url" : "http://service.real.com/realplayer/security/12102010_player/en/"
},
{
"name" : "69850",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/69850"
},
{
"name" : "1024861",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024861"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allow remote attackers to have an unspecified impact via a crafted header in an IVR file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69850",
"refsource": "OSVDB",
"url": "http://osvdb.org/69850"
},
{
"name": "1024861",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024861"
},
{
"name": "http://service.real.com/realplayer/security/12102010_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/12102010_player/en/"
}
]
}
}

150
2010/4xxx/CVE-2010-4397.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4397",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the pnen3260.dll module in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a crafted TIT2 atom in an AAC file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-269",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-269"
},
{
"name" : "http://service.real.com/realplayer/security/12102010_player/en/",
"refsource" : "CONFIRM",
"url" : "http://service.real.com/realplayer/security/12102010_player/en/"
},
{
"name" : "69856",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/69856"
},
{
"name" : "1024861",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024861"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the pnen3260.dll module in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a crafted TIT2 atom in an AAC file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024861",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024861"
},
{
"name": "69856",
"refsource": "OSVDB",
"url": "http://osvdb.org/69856"
},
{
"name": "http://service.real.com/realplayer/security/12102010_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/12102010_player/en/"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-269",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-269"
}
]
}
}

140
2011/5xxx/CVE-2011-5093.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5093",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Best Practical Solutions RT 4.x before 4.0.6 does not properly implement the DisallowExecuteCode option, which allows remote authenticated users to bypass intended access restrictions and execute arbitrary code by leveraging access to a privileged account, a different vulnerability than CVE-2011-4458 and CVE-2011-5092."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5093",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[rt-announce] 20120522 RT 3.8.12 Released - Security Release",
"refsource" : "MLIST",
"url" : "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"name" : "[rt-announce] 20120522 RT 4.0.6 Released - Security Release",
"refsource" : "MLIST",
"url" : "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"name" : "[rt-announce] 20120522 Security vulnerabilities in RT",
"refsource" : "MLIST",
"url" : "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Best Practical Solutions RT 4.x before 4.0.6 does not properly implement the DisallowExecuteCode option, which allows remote authenticated users to bypass intended access restrictions and execute arbitrary code by leveraging access to a privileged account, a different vulnerability than CVE-2011-4458 and CVE-2011-5092."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rt-announce] 20120522 RT 3.8.12 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"name": "[rt-announce] 20120522 RT 4.0.6 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"name": "[rt-announce] 20120522 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
}
]
}
}

34
2014/10xxx/CVE-2014-10060.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-10060",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-10060",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2014/3xxx/CVE-2014-3503.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3503",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140707 [SECURITY] CVE-2014-3503 Apache Syncope",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/532669/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/127375/Apache-Syncope-Insecure-Password-Generation.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127375/Apache-Syncope-Insecure-Password-Generation.html"
},
{
"name" : "http://syncope.apache.org/security.html",
"refsource" : "CONFIRM",
"url" : "http://syncope.apache.org/security.html"
},
{
"name" : "68431",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68431"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140707 [SECURITY] CVE-2014-3503 Apache Syncope",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532669/100/0/threaded"
},
{
"name": "http://syncope.apache.org/security.html",
"refsource": "CONFIRM",
"url": "http://syncope.apache.org/security.html"
},
{
"name": "http://packetstormsecurity.com/files/127375/Apache-Syncope-Insecure-Password-Generation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127375/Apache-Syncope-Insecure-Password-Generation.html"
},
{
"name": "68431",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68431"
}
]
}
}

330
2014/3xxx/CVE-2014-3687.json
View File

@ -1,167 +1,167 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3687",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b69040d8e39f20d5215a03502a8e8b4c6ab78395",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b69040d8e39f20d5215a03502a8e8b4c6ab78395"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1155731",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1155731"
},
{
"name" : "https://github.com/torvalds/linux/commit/b69040d8e39f20d5215a03502a8e8b4c6ab78395",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/b69040d8e39f20d5215a03502a8e8b4c6ab78395"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2014-3087.html",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2014-3087.html"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2014-3088.html",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2014-3088.html"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2014-3089.html",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2014-3089.html"
},
{
"name" : "DSA-3060",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3060"
},
{
"name" : "HPSBGN03282",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142722544401658&w=2"
},
{
"name" : "HPSBGN03285",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142722450701342&w=2"
},
{
"name" : "RHSA-2015:0062",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0062.html"
},
{
"name" : "RHSA-2015:0115",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0115.html"
},
{
"name" : "SUSE-SU-2015:0178",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html"
},
{
"name" : "SUSE-SU-2015:0481",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
},
{
"name" : "SUSE-SU-2015:0529",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html"
},
{
"name" : "openSUSE-SU-2015:0566",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
},
{
"name" : "SUSE-SU-2015:0652",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html"
},
{
"name" : "SUSE-SU-2015:0736",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html"
},
{
"name" : "SUSE-SU-2015:1489",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html"
},
{
"name" : "USN-2417-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2417-1"
},
{
"name" : "USN-2418-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2418-1"
},
{
"name" : "70766",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70766"
},
{
"name" : "62428",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62428"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://linux.oracle.com/errata/ELSA-2014-3087.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-3087.html"
},
{
"name": "SUSE-SU-2015:1489",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html"
},
{
"name": "HPSBGN03285",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142722450701342&w=2"
},
{
"name": "SUSE-SU-2015:0736",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html"
},
{
"name": "USN-2418-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2418-1"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-3089.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-3089.html"
},
{
"name": "SUSE-SU-2015:0652",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html"
},
{
"name": "RHSA-2015:0062",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0062.html"
},
{
"name": "USN-2417-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2417-1"
},
{
"name": "HPSBGN03282",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142722544401658&w=2"
},
{
"name": "SUSE-SU-2015:0178",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html"
},
{
"name": "https://github.com/torvalds/linux/commit/b69040d8e39f20d5215a03502a8e8b4c6ab78395",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/b69040d8e39f20d5215a03502a8e8b4c6ab78395"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b69040d8e39f20d5215a03502a8e8b4c6ab78395",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b69040d8e39f20d5215a03502a8e8b4c6ab78395"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-3088.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-3088.html"
},
{
"name": "DSA-3060",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3060"
},
{
"name": "SUSE-SU-2015:0481",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
},
{
"name": "62428",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62428"
},
{
"name": "openSUSE-SU-2015:0566",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
},
{
"name": "70766",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70766"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1155731",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1155731"
},
{
"name": "SUSE-SU-2015:0529",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html"
},
{
"name": "RHSA-2015:0115",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0115.html"
}
]
}
}

130
2014/3xxx/CVE-2014-3761.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3761",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in D-Link DAP 1150 with firmware 1.2.94 allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi in the Control/URL-filter section."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140418 CSRF, AoF and XSS vulnerabilities in D-Link DAP 1150",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Apr/246"
},
{
"name" : "http://websecurity.com.ua/7112",
"refsource" : "MISC",
"url" : "http://websecurity.com.ua/7112"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in D-Link DAP 1150 with firmware 1.2.94 allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi in the Control/URL-filter section."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140418 CSRF, AoF and XSS vulnerabilities in D-Link DAP 1150",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Apr/246"
},
{
"name": "http://websecurity.com.ua/7112",
"refsource": "MISC",
"url": "http://websecurity.com.ua/7112"
}
]
}
}

120
2014/3xxx/CVE-2014-3837.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3837",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The document application in ownCloud Server before 6.0.3 uses sequential values for the file_id, which allows remote authenticated users to enumerate shared files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://owncloud.org/about/security/advisories/oc-sa-2014-015/",
"refsource" : "CONFIRM",
"url" : "http://owncloud.org/about/security/advisories/oc-sa-2014-015/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The document application in ownCloud Server before 6.0.3 uses sequential values for the file_id, which allows remote authenticated users to enumerate shared files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oc-sa-2014-015/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oc-sa-2014-015/"
}
]
}
}

130
2014/3xxx/CVE-2014-3851.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3851",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "usr/lib/cgi-bin/create_passwd_file.py in Pyplate 0.08 uses world-readable permissions for passwd.db, which allows local users to obtain the administrator password by reading this file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140514 CVE request: Pyplate multiple vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/05/14/3"
},
{
"name" : "[oss-security] 20140523 Re: CVE request: Pyplate multiple vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/05/23/1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "usr/lib/cgi-bin/create_passwd_file.py in Pyplate 0.08 uses world-readable permissions for passwd.db, which allows local users to obtain the administrator password by reading this file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140523 Re: CVE request: Pyplate multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/23/1"
},
{
"name": "[oss-security] 20140514 CVE request: Pyplate multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/14/3"
}
]
}
}

160
2014/4xxx/CVE-2014-4071.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4071",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Server in Microsoft Lync Server 2013 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon hang) via a crafted request, aka \"Lync Denial of Service Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-4071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blogs.technet.com/b/srd/archive/2014/09/09/assessing-risk-for-the-september-2014-security-updates.aspx",
"refsource" : "CONFIRM",
"url" : "http://blogs.technet.com/b/srd/archive/2014/09/09/assessing-risk-for-the-september-2014-security-updates.aspx"
},
{
"name" : "MS14-055",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-055"
},
{
"name" : "69592",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69592"
},
{
"name" : "1030821",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030821"
},
{
"name" : "ms-lync-cve20144071-dos(95547)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95547"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Server in Microsoft Lync Server 2013 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon hang) via a crafted request, aka \"Lync Denial of Service Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ms-lync-cve20144071-dos(95547)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95547"
},
{
"name": "1030821",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030821"
},
{
"name": "69592",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69592"
},
{
"name": "http://blogs.technet.com/b/srd/archive/2014/09/09/assessing-risk-for-the-september-2014-security-updates.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/b/srd/archive/2014/09/09/assessing-risk-for-the-september-2014-security-updates.aspx"
},
{
"name": "MS14-055",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-055"
}
]
}
}

150
2014/4xxx/CVE-2014-4140.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4140",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka \"Internet Explorer ASLR Bypass Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-4140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-056",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-056"
},
{
"name" : "70325",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70325"
},
{
"name" : "1031018",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031018"
},
{
"name" : "60968",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60968"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka \"Internet Explorer ASLR Bypass Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70325"
},
{
"name": "60968",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60968"
},
{
"name": "1031018",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031018"
},
{
"name": "MS14-056",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-056"
}
]
}
}

130
2014/4xxx/CVE-2014-4291.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4291",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, CVE-2014-6547, and CVE-2014-6477."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-4291",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name" : "70500",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70500"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, CVE-2014-6547, and CVE-2014-6477."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "70500",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70500"
}
]
}
}

190
2014/8xxx/CVE-2014-8554.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8554",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary SQL commands via the project_id parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1609."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141030 RE: SQL injection vulnerability in MantisBT SOAP API",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q4/479"
},
{
"name" : "[oss-security] 20141102 Re: SQL injection vulnerability in MantisBT SOAP API [CVE-2014-8554]",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q4/487"
},
{
"name" : "http://www.mantisbt.org/bugs/view.php?id=16880",
"refsource" : "CONFIRM",
"url" : "http://www.mantisbt.org/bugs/view.php?id=16880"
},
{
"name" : "http://www.mantisbt.org/bugs/view.php?id=17812",
"refsource" : "CONFIRM",
"url" : "http://www.mantisbt.org/bugs/view.php?id=17812"
},
{
"name" : "DSA-3120",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3120"
},
{
"name" : "70856",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70856"
},
{
"name" : "62101",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62101"
},
{
"name" : "mantisbt-cve20148554-sql-injection(98457)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98457"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary SQL commands via the project_id parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1609."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20141102 Re: SQL injection vulnerability in MantisBT SOAP API [CVE-2014-8554]",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q4/487"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=17812",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=17812"
},
{
"name": "70856",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70856"
},
{
"name": "[oss-security] 20141030 RE: SQL injection vulnerability in MantisBT SOAP API",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q4/479"
},
{
"name": "mantisbt-cve20148554-sql-injection(98457)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98457"
},
{
"name": "62101",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62101"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=16880",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=16880"
},
{
"name": "DSA-3120",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3120"
}
]
}
}

34
2014/8xxx/CVE-2014-8623.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8623",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8623",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2014/9xxx/CVE-2014-9642.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9642",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "bdagent.sys in BullGuard Antivirus, Internet Security, Premium Protection, and Online Backup before 15.0.288 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x0022405c IOCTL call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9642",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "35994",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/35994"
},
{
"name" : "http://packetstormsecurity.com/files/130247/BullGuard-14.1.285.4-Privilege-Escalation.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/130247/BullGuard-14.1.285.4-Privilege-Escalation.html"
},
{
"name" : "http://www.greyhathacker.net/?p=818",
"refsource" : "MISC",
"url" : "http://www.greyhathacker.net/?p=818"
},
{
"name" : "http://www.bullguard.com/about/release-notes.aspx",
"refsource" : "CONFIRM",
"url" : "http://www.bullguard.com/about/release-notes.aspx"
},
{
"name" : "114478",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/114478"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bdagent.sys in BullGuard Antivirus, Internet Security, Premium Protection, and Online Backup before 15.0.288 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x0022405c IOCTL call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.greyhathacker.net/?p=818",
"refsource": "MISC",
"url": "http://www.greyhathacker.net/?p=818"
},
{
"name": "114478",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/114478"
},
{
"name": "http://www.bullguard.com/about/release-notes.aspx",
"refsource": "CONFIRM",
"url": "http://www.bullguard.com/about/release-notes.aspx"
},
{
"name": "http://packetstormsecurity.com/files/130247/BullGuard-14.1.285.4-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130247/BullGuard-14.1.285.4-Privilege-Escalation.html"
},
{
"name": "35994",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35994"
}
]
}
}

34
2016/2xxx/CVE-2016-2582.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2582",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2582",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

320
2016/2xxx/CVE-2016-2782.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2782",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "39539",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/39539/"
},
{
"name" : "[oss-security] 20160228 Re: CVE request -- linux kernel: visor: crash on invalid USB device descriptors in treo_attach() in visor driver",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/02/28/9"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cac9b50b0d75a1d50d6c056ff65c005f3224c8e0",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cac9b50b0d75a1d50d6c056ff65c005f3224c8e0"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1312670",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1312670"
},
{
"name" : "https://github.com/torvalds/linux/commit/cac9b50b0d75a1d50d6c056ff65c005f3224c8e0",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/cac9b50b0d75a1d50d6c056ff65c005f3224c8e0"
},
{
"name" : "SUSE-SU-2016:1672",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name" : "SUSE-SU-2016:1690",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name" : "SUSE-SU-2016:1707",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name" : "SUSE-SU-2016:1764",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name" : "SUSE-SU-2016:2074",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name" : "SUSE-SU-2016:1019",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
},
{
"name" : "USN-2967-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2967-1"
},
{
"name" : "USN-2967-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2967-2"
},
{
"name" : "USN-2929-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2929-1"
},
{
"name" : "USN-2929-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2929-2"
},
{
"name" : "USN-2930-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2930-1"
},
{
"name" : "USN-2930-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2930-2"
},
{
"name" : "USN-2930-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2930-3"
},
{
"name" : "USN-2932-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2932-1"
},
{
"name" : "USN-2948-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2948-1"
},
{
"name" : "USN-2948-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2948-2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2016:1690",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "USN-2930-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2930-1"
},
{
"name": "USN-2967-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2967-1"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cac9b50b0d75a1d50d6c056ff65c005f3224c8e0",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cac9b50b0d75a1d50d6c056ff65c005f3224c8e0"
},
{
"name": "https://github.com/torvalds/linux/commit/cac9b50b0d75a1d50d6c056ff65c005f3224c8e0",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/cac9b50b0d75a1d50d6c056ff65c005f3224c8e0"
},
{
"name": "USN-2930-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2930-2"
},
{
"name": "39539",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39539/"
},
{
"name": "USN-2967-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2967-2"
},
{
"name": "SUSE-SU-2016:1764",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "USN-2930-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2930-3"
},
{
"name": "[oss-security] 20160228 Re: CVE request -- linux kernel: visor: crash on invalid USB device descriptors in treo_attach() in visor driver",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/02/28/9"
},
{
"name": "SUSE-SU-2016:1707",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "SUSE-SU-2016:1019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
},
{
"name": "USN-2929-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2929-1"
},
{
"name": "USN-2932-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2932-1"
},
{
"name": "SUSE-SU-2016:2074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name": "USN-2948-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2948-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1312670",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1312670"
},
{
"name": "USN-2929-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2929-2"
},
{
"name": "USN-2948-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2948-2"
}
]
}
}

190
2016/2xxx/CVE-2016-2839.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2839",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-2839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-65.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-65.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1275339",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1275339"
},
{
"name" : "GLSA-201701-15",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-15"
},
{
"name" : "openSUSE-SU-2016:1964",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html"
},
{
"name" : "openSUSE-SU-2016:2026",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html"
},
{
"name" : "USN-3044-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3044-1"
},
{
"name" : "92261",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92261"
},
{
"name" : "1036508",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036508"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1275339",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1275339"
},
{
"name": "1036508",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036508"
},
{
"name": "USN-3044-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3044-1"
},
{
"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-65.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-65.html"
},
{
"name": "GLSA-201701-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "openSUSE-SU-2016:1964",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html"
},
{
"name": "92261",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92261"
},
{
"name": "openSUSE-SU-2016:2026",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html"
}
]
}
}

160
2016/3xxx/CVE-2016-3060.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3060",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-3060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21989060",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21989060"
},
{
"name" : "PI64063",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI64063"
},
{
"name" : "PI64064",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI64064"
},
{
"name" : "PI67537",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI67537"
},
{
"name" : "92633",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92633"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PI64064",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI64064"
},
{
"name": "PI64063",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI64063"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21989060",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989060"
},
{
"name": "PI67537",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI67537"
},
{
"name": "92633",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92633"
}
]
}
}

120
2016/6xxx/CVE-2016-6112.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-6112",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Marketing Platform",
"version" : {
"version_data" : [
{
"version_value" : "8.0, 8.1, 8.2, 8.3, 8.5, 8.6, 9.0, 9.1, 9.1.1, 9.1.2, 10.0"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Marketing Platform",
"version": {
"version_data": [
{
"version_value": "8.0, 8.1, 8.2, 8.3, 8.5, 8.6, 9.0, 9.1, 9.1.1, 9.1.2, 10.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21992739",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21992739"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21992739",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21992739"
}
]
}
}

170
2016/6xxx/CVE-2016-6521.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6521",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160801 CVE Request: CSRF in Grails console",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/08/02/2"
},
{
"name" : "[oss-security] 20160802 Re: CVE Request: CSRF in Grails console",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/08/02/11"
},
{
"name" : "[oss-security] 20160803 Grails Console is still vulnerable to CSRF CVE-2016-6521",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/08/03/9"
},
{
"name" : "https://github.com/sheehan/grails-console/issues/54",
"refsource" : "CONFIRM",
"url" : "https://github.com/sheehan/grails-console/issues/54"
},
{
"name" : "https://github.com/sheehan/grails-console/issues/55",
"refsource" : "CONFIRM",
"url" : "https://github.com/sheehan/grails-console/issues/55"
},
{
"name" : "92267",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92267"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160801 CVE Request: CSRF in Grails console",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/08/02/2"
},
{
"name": "[oss-security] 20160802 Re: CVE Request: CSRF in Grails console",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/08/02/11"
},
{
"name": "https://github.com/sheehan/grails-console/issues/54",
"refsource": "CONFIRM",
"url": "https://github.com/sheehan/grails-console/issues/54"
},
{
"name": "92267",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92267"
},
{
"name": "https://github.com/sheehan/grails-console/issues/55",
"refsource": "CONFIRM",
"url": "https://github.com/sheehan/grails-console/issues/55"
},
{
"name": "[oss-security] 20160803 Grails Console is still vulnerable to CSRF CVE-2016-6521",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/08/03/9"
}
]
}
}

140
2016/6xxx/CVE-2016-6526.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6526",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160805 Fwd: CVE request - samsumg android phone SVE-2016-6244 Possible Privilege Escalation in telecom",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/08/05/1"
},
{
"name" : "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016",
"refsource" : "CONFIRM",
"url" : "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016"
},
{
"name" : "92330",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92330"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016",
"refsource": "CONFIRM",
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016"
},
{
"name": "[oss-security] 20160805 Fwd: CVE request - samsumg android phone SVE-2016-6244 Possible Privilege Escalation in telecom",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/08/05/1"
},
{
"name": "92330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92330"
}
]
}
}

140
2016/6xxx/CVE-2016-6613.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6613",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.phpmyadmin.net/security/PMASA-2016-36",
"refsource" : "CONFIRM",
"url" : "https://www.phpmyadmin.net/security/PMASA-2016-36"
},
{
"name" : "GLSA-201701-32",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-32"
},
{
"name" : "94115",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94115"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.phpmyadmin.net/security/PMASA-2016-36",
"refsource": "CONFIRM",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-36"
},
{
"name": "94115",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94115"
},
{
"name": "GLSA-201701-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-32"
}
]
}
}

150
2016/7xxx/CVE-2016-7089.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7089",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WatchGuard RapidStream appliances allow local users to gain privileges and execute arbitrary commands via a crafted ifconfig command, aka ESCALATEPLOWMAN."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "40270",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40270/"
},
{
"name" : "http://packetstormsecurity.com/files/138393/ESCALATEPLOWMAN-WatchGuard-Privilege-Escalation.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/138393/ESCALATEPLOWMAN-WatchGuard-Privilege-Escalation.html"
},
{
"name" : "https://www.secplicity.org/2016/08/16/nsa-equation-group-exploit-leak-mean/",
"refsource" : "MISC",
"url" : "https://www.secplicity.org/2016/08/16/nsa-equation-group-exploit-leak-mean/"
},
{
"name" : "92638",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92638"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WatchGuard RapidStream appliances allow local users to gain privileges and execute arbitrary commands via a crafted ifconfig command, aka ESCALATEPLOWMAN."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92638",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92638"
},
{
"name": "http://packetstormsecurity.com/files/138393/ESCALATEPLOWMAN-WatchGuard-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/138393/ESCALATEPLOWMAN-WatchGuard-Privilege-Escalation.html"
},
{
"name": "https://www.secplicity.org/2016/08/16/nsa-equation-group-exploit-leak-mean/",
"refsource": "MISC",
"url": "https://www.secplicity.org/2016/08/16/nsa-equation-group-exploit-leak-mean/"
},
{
"name": "40270",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40270/"
}
]
}
}

34
2016/7xxx/CVE-2016-7183.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7183",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7183",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

140
2016/7xxx/CVE-2016-7217.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2016-7217",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Media Foundation in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka \"Media Foundation Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7217",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-132",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-132"
},
{
"name" : "94066",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94066"
},
{
"name" : "1037243",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037243"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Media Foundation in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka \"Media Foundation Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94066"
},
{
"name": "1037243",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037243"
},
{
"name": "MS16-132",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-132"
}
]
}
}

34
2016/7xxx/CVE-2016-7350.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7350",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7350",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/7xxx/CVE-2016-7693.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7693",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7693",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

140
2016/7xxx/CVE-2016-7905.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7905",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161008 ffmpeg before 3.1.4 [CVE-2016-7562] [CVE-2016-7122] [CVE-2016-7450] [CVE-2016-7502] [CVE-2016-7555] [CVE-2016-7785] [CVE-2016-7905]",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/08/1"
},
{
"name" : "GLSA-201701-71",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-71"
},
{
"name" : "94837",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94837"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20161008 ffmpeg before 3.1.4 [CVE-2016-7562] [CVE-2016-7122] [CVE-2016-7450] [CVE-2016-7502] [CVE-2016-7555] [CVE-2016-7785] [CVE-2016-7905]",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/1"
},
{
"name": "GLSA-201701-71",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-71"
},
{
"name": "94837",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94837"
}
]
}
}