admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:04:51 +00:00
parent b32e0750dd
commit ec31e73f89
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 4240 additions and 4240 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

168
2006/0xxx/CVE-2006-0342.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0342", "ID": "CVE-2006-0342",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RockLiffe MailSite HTTP Mail management agent (httpma) 7.0.3.1 allows remote attackers to cause a denial of service (CPU consumption and crash) via a malformed query string containing special characters such as \"|\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060120 RockLiffe MailSite wconsole.dll Denial of Service/Script Injection Vulnerability", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://marc.info/?l=full-disclosure&m=113777628702043&w=2" "lang": "eng",
}, "value": "RockLiffe MailSite HTTP Mail management agent (httpma) 7.0.3.1 allows remote attackers to cause a denial of service (CPU consumption and crash) via a malformed query string containing special characters such as \"|\"."
{ }
"name" : "16331", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/16331" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-0284", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0284" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "22678", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/22678" ]
}, },
{ "references": {
"name" : "18551", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18551" "name": "ADV-2006-0284",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/0284"
"name" : "mailsite-wconsole-dos(24255)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24255" "name": "20060120 RockLiffe MailSite wconsole.dll Denial of Service/Script Injection Vulnerability",
} "refsource": "FULLDISC",
] "url": "http://marc.info/?l=full-disclosure&m=113777628702043&w=2"
} },
{
"name": "22678",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22678"
},
{
"name": "18551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18551"
},
{
"name": "mailsite-wconsole-dos(24255)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24255"
},
{
"name": "16331",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16331"
}
]
}
} }

138
2006/0xxx/CVE-2006-0803.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0803", "ID": "CVE-2006-0803",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "SUSE-SA:2006:009", "description_data": [
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2006_09_gpg.html" "lang": "eng",
}, "value": "The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used."
{ }
"name" : "SUSE-SA:2006:013", ]
"refsource" : "SUSE", },
"url" : "http://www.novell.com/linux/security/advisories/2006_13_gpg.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16889", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16889" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2006:013",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_13_gpg.html"
},
{
"name": "SUSE-SA:2006:009",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_09_gpg.html"
},
{
"name": "16889",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16889"
}
]
}
} }

168
2006/0xxx/CVE-2006-0892.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0892", "ID": "CVE-2006-0892",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NOCC Webmail 1.0 stores e-mail attachments in temporary files with predictable filenames, which makes it easier for remote attackers to execute arbitrary code by accessing the e-mail attachment via directory traversal vulnerabilities."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060223 NOCC Webmail <= 1.0 multiple vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-02/0418.html" "lang": "eng",
}, "value": "NOCC Webmail 1.0 stores e-mail attachments in temporary files with predictable filenames, which makes it easier for remote attackers to execute arbitrary code by accessing the e-mail attachment via directory traversal vulnerabilities."
{ }
"name" : "http://retrogod.altervista.org/noccw_10_incl_xpl.html", ]
"refsource" : "MISC", },
"url" : "http://retrogod.altervista.org/noccw_10_incl_xpl.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16793", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16793" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "23420", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/23420" ]
}, },
{ "references": {
"name" : "1015671", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015671" "name": "1015671",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1015671"
"name" : "16921", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/16921" "name": "20060223 NOCC Webmail <= 1.0 multiple vulnerabilities",
} "refsource": "BUGTRAQ",
] "url": "http://archives.neohapsis.com/archives/bugtraq/2006-02/0418.html"
} },
{
"name": "23420",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23420"
},
{
"name": "16921",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16921"
},
{
"name": "http://retrogod.altervista.org/noccw_10_incl_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/noccw_10_incl_xpl.html"
},
{
"name": "16793",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16793"
}
]
}
} }

158
2006/1xxx/CVE-2006-1140.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1140", "ID": "CVE-2006-1140",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in rss.php in RedBLoG 0.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.x128.net/redblog-05-remote-sql-injection.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.x128.net/redblog-05-remote-sql-injection.txt" "lang": "eng",
}, "value": "SQL injection vulnerability in rss.php in RedBLoG 0.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter."
{ }
"name" : "17041", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/17041" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-0894", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0894" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "19181", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/19181" ]
}, },
{ "references": {
"name" : "redblog-catid-sql-injection(25122)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25122" "name": "19181",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/19181"
} },
{
"name": "redblog-catid-sql-injection(25122)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25122"
},
{
"name": "17041",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17041"
},
{
"name": "ADV-2006-0894",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0894"
},
{
"name": "http://www.x128.net/redblog-05-remote-sql-injection.txt",
"refsource": "MISC",
"url": "http://www.x128.net/redblog-05-remote-sql-injection.txt"
}
]
}
} }

32
2006/4xxx/CVE-2006-4804.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4804", "ID": "CVE-2006-4804",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

148
2006/5xxx/CVE-2006-5260.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5260", "ID": "CVE-2006-5260",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in compteur.php in Compteur 2 allows remote attackers to execute arbitrary PHP code via a URL in the cp parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "ADV-2006-3997", "description_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3997" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in compteur.php in Compteur 2 allows remote attackers to execute arbitrary PHP code via a URL in the cp parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
{ }
"name" : "29618", ]
"refsource" : "OSVDB", },
"url" : "http://www.osvdb.org/29618" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "22373", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22373" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "compteur-param-file-include(29425)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29425" ]
} },
] "references": {
} "reference_data": [
{
"name": "compteur-param-file-include(29425)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29425"
},
{
"name": "29618",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29618"
},
{
"name": "22373",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22373"
},
{
"name": "ADV-2006-3997",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3997"
}
]
}
} }

158
2006/5xxx/CVE-2006-5513.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5513", "ID": "CVE-2006-5513",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in GeoNetwork opensource before 2.0.3 allows remote attackers to execute arbitrary SQL commands, and complete a login, via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sourceforge.net/project/shownotes.php?release_id=457195", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=457195" "lang": "eng",
}, "value": "SQL injection vulnerability in GeoNetwork opensource before 2.0.3 allows remote attackers to execute arbitrary SQL commands, and complete a login, via unspecified vectors."
{ }
"name" : "20671", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/20671" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-4151", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4151" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "22502", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/22502" ]
}, },
{ "references": {
"name" : "geonetwork-unspecified-sql-injection(29771)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29771" "name": "22502",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/22502"
} },
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=457195",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=457195"
},
{
"name": "ADV-2006-4151",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4151"
},
{
"name": "geonetwork-unspecified-sql-injection(29771)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29771"
},
{
"name": "20671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20671"
}
]
}
} }

138
2006/5xxx/CVE-2006-5565.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5565", "ID": "CVE-2006-5565",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary HTTP headers via a CRLF sequence in the (1) name, (2) file, (3) module, and (4) func parameters in (a) index.php; and the (5) file parameter in (b) modules.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20754", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/20754" "lang": "eng",
}, "value": "CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary HTTP headers via a CRLF sequence in the (1) name, (2) file, (3) module, and (4) func parameters in (a) index.php; and the (5) file parameter in (b) modules.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
{ }
"name" : "ADV-2006-4195", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2006/4195" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "22564", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22564" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4195",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4195"
},
{
"name": "22564",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22564"
},
{
"name": "20754",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20754"
}
]
}
} }

188
2006/5xxx/CVE-2006-5761.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5761", "ID": "CVE-2006-5761",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in Rhadrix If-CMS 1.01 and 2.07 allows remote attackers to inject arbitrary web script or HTML via the rns parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061104 IF-CMS multiples XSS vunerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/450566/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in index.php in Rhadrix If-CMS 1.01 and 2.07 allows remote attackers to inject arbitrary web script or HTML via the rns parameter."
{ }
"name" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=5", ]
"refsource" : "MISC", },
"url" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=5" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20909", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/20909" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-4367", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/4367" ]
}, },
{ "references": {
"name" : "1017161", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1017161" "name": "ifcms-index-xss(30010)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30010"
"name" : "22715", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22715" "name": "ADV-2006-4367",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/4367"
"name" : "1825", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1825" "name": "1825",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/1825"
"name" : "ifcms-index-xss(30010)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30010" "name": "20909",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/20909"
} },
{
"name": "20061104 IF-CMS multiples XSS vunerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450566/100/0/threaded"
},
{
"name": "http://s-a-p.ca/index.php?page=OurAdvisories&id=5",
"refsource": "MISC",
"url": "http://s-a-p.ca/index.php?page=OurAdvisories&id=5"
},
{
"name": "1017161",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017161"
},
{
"name": "22715",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22715"
}
]
}
} }

178
2006/5xxx/CVE-2006-5886.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5886", "ID": "CVE-2006-5886",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in propertysdetails.asp in Dynamic Dataworx NuRealestate (NuRems) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the PropID parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061111 NuRems 1.0 Remote XSS/SQL Injection Exploit", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/451331/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in propertysdetails.asp in Dynamic Dataworx NuRealestate (NuRems) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the PropID parameter."
{ }
"name" : "2755", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/2755" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "21017", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/21017" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-4469", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/4469" ]
}, },
{ "references": {
"name" : "22828", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22828" "name": "nurems-propertysdetails-sql-injection(30194)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30194"
"name" : "1850", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1850" "name": "21017",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/21017"
"name" : "nurems-propertysdetails-sql-injection(30194)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30194" "name": "2755",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/2755"
} },
{
"name": "1850",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1850"
},
{
"name": "20061111 NuRems 1.0 Remote XSS/SQL Injection Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451331/100/0/threaded"
},
{
"name": "22828",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22828"
},
{
"name": "ADV-2006-4469",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4469"
}
]
}
} }

168
2006/5xxx/CVE-2006-5926.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5926", "ID": "CVE-2006-5926",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in mail.php in Vallheru before 1.0.7 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) to parameters. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sourceforge.net/project/shownotes.php?release_id=463228", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=463228" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in mail.php in Vallheru before 1.0.7 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) to parameters. NOTE: some of these details are obtained from third party information."
{ }
"name" : "http://vallheru.svn.sourceforge.net/viewvc/vallheru/vallheru/mail.php?r1=782&r2=781&pathrev=782", ]
"refsource" : "CONFIRM", },
"url" : "http://vallheru.svn.sourceforge.net/viewvc/vallheru/vallheru/mail.php?r1=782&r2=781&pathrev=782" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "21051", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/21051" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-4493", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/4493" ]
}, },
{ "references": {
"name" : "22812", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22812" "name": "22812",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22812"
"name" : "vallheru-mail-sql-injection(30255)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30255" "name": "http://vallheru.svn.sourceforge.net/viewvc/vallheru/vallheru/mail.php?r1=782&r2=781&pathrev=782",
} "refsource": "CONFIRM",
] "url": "http://vallheru.svn.sourceforge.net/viewvc/vallheru/vallheru/mail.php?r1=782&r2=781&pathrev=782"
} },
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=463228",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=463228"
},
{
"name": "vallheru-mail-sql-injection(30255)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30255"
},
{
"name": "ADV-2006-4493",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4493"
},
{
"name": "21051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21051"
}
]
}
} }

168
2007/2xxx/CVE-2007-2078.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2078", "ID": "CVE-2007-2078",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Maian Weblog 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, since the path_to_folder variable is initialized before use."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070414 Maian Weblog v3.1", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/465735/100/0/threaded" "lang": "eng",
}, "value": "** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Maian Weblog 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, since the path_to_folder variable is initialized before use."
{ }
"name" : "20070415 Re: phpMyChat-0.14.5", ]
"refsource" : "BUGTRAQ", },
"url" : "http://archives.neohapsis.com/archives/bugtraq/2007-04/0244.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20070415 false: Maian Weblog v3.1", "description": [
"refsource" : "VIM", {
"url" : "http://attrition.org/pipermail/vim/2007-April/001527.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "35360", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/35360" ]
}, },
{ "references": {
"name" : "2582", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/2582" "name": "35360",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/35360"
"name" : "maianweblog-pathtofolder-file-include(33708)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33708" "name": "2582",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/2582"
} },
{
"name": "20070414 Maian Weblog v3.1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465735/100/0/threaded"
},
{
"name": "20070415 Re: phpMyChat-0.14.5",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-04/0244.html"
},
{
"name": "maianweblog-pathtofolder-file-include(33708)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33708"
},
{
"name": "20070415 false: Maian Weblog v3.1",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2007-April/001527.html"
}
]
}
} }

458
2010/0xxx/CVE-2010-0205.json
View File

@ -1,232 +1,232 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2010-0205", "ID": "CVE-2010-0205",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a \"decompression bomb\" attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lists.vmware.com/pipermail/security-announce/2010/000105.html" "lang": "eng",
}, "value": "The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a \"decompression bomb\" attack."
{ }
"name" : "http://libpng.sourceforge.net/ADVISORY-1.4.1.html", ]
"refsource" : "CONFIRM", },
"url" : "http://libpng.sourceforge.net/ADVISORY-1.4.1.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://libpng.sourceforge.net/decompression_bombs.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://libpng.sourceforge.net/decompression_bombs.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.vmware.com/security/advisories/VMSA-2010-0014.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.vmware.com/security/advisories/VMSA-2010-0014.html" ]
}, },
{ "references": {
"name" : "http://support.apple.com/kb/HT4435", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4435" "name": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"
"name" : "APPLE-SA-2010-11-10-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" "name": "ADV-2010-0517",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/0517"
"name" : "DSA-2032", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2010/dsa-2032" "name": "ADV-2010-0682",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/0682"
"name" : "FEDORA-2010-2988", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html" "name": "http://support.apple.com/kb/HT4435",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4435"
"name" : "FEDORA-2010-3375", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html" "name": "62670",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/62670"
"name" : "FEDORA-2010-3414", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html" "name": "MDVSA-2010:063",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:063"
"name" : "FEDORA-2010-4683", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html" "name": "ADV-2010-0605",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/0605"
"name" : "MDVSA-2010:063", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:063" "name": "FEDORA-2010-3414",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html"
"name" : "MDVSA-2010:064", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:064" "name": "ADV-2010-0626",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/0626"
"name" : "SUSE-SR:2010:011", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" "name": "ADV-2010-0686",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/0686"
"name" : "SUSE-SR:2010:012", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html" "name": "39251",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/39251"
"name" : "SUSE-SR:2010:013", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" "name": "ADV-2010-1107",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1107"
"name" : "USN-913-1", },
"refsource" : "UBUNTU", {
"url" : "http://ubuntu.com/usn/usn-913-1" "name": "MDVSA-2010:064",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:064"
"name" : "VU#576029", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/576029" "name": "libpng-pngdecompresschunk-dos(56661)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56661"
"name" : "38478", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/38478" "name": "SUSE-SR:2010:011",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
"name" : "62670", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/62670" "name": "USN-913-1",
}, "refsource": "UBUNTU",
{ "url": "http://ubuntu.com/usn/usn-913-1"
"name" : "1023674", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1023674" "name": "APPLE-SA-2010-11-10-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
"name" : "38774", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38774" "name": "SUSE-SR:2010:013",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
"name" : "39251", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39251" "name": "DSA-2032",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2010/dsa-2032"
"name" : "41574", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41574" "name": "41574",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/41574"
"name" : "ADV-2010-0605", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0605" "name": "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues",
}, "refsource": "MLIST",
{ "url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"
"name" : "ADV-2010-0637", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0637" "name": "FEDORA-2010-3375",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html"
"name" : "ADV-2010-0626", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0626" "name": "38774",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38774"
"name" : "ADV-2010-0517", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0517" "name": "SUSE-SR:2010:012",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
"name" : "ADV-2010-0847", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0847" "name": "ADV-2010-0637",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/0637"
"name" : "ADV-2010-0667", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0667" "name": "VU#576029",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/576029"
"name" : "ADV-2010-0682", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0682" "name": "FEDORA-2010-4683",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html"
"name" : "ADV-2010-0686", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0686" "name": "38478",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/38478"
"name" : "ADV-2010-1107", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1107" "name": "ADV-2010-2491",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/2491"
"name" : "ADV-2010-2491", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2491" "name": "http://libpng.sourceforge.net/ADVISORY-1.4.1.html",
}, "refsource": "CONFIRM",
{ "url": "http://libpng.sourceforge.net/ADVISORY-1.4.1.html"
"name" : "libpng-pngdecompresschunk-dos(56661)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56661" "name": "1023674",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1023674"
} },
{
"name": "ADV-2010-0847",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0847"
},
{
"name": "ADV-2010-0667",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0667"
},
{
"name": "FEDORA-2010-2988",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html"
},
{
"name": "http://libpng.sourceforge.net/decompression_bombs.html",
"refsource": "CONFIRM",
"url": "http://libpng.sourceforge.net/decompression_bombs.html"
}
]
}
} }

188
2010/0xxx/CVE-2010-0783.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-0783", "ID": "CVE-2010-0783",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27004980", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27004980" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463", ]
"refsource" : "CONFIRM", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "PM14251", "description": [
"refsource" : "AIXAPAR", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM14251" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "69007", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/69007" ]
}, },
{ "references": {
"name" : "1024686", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1024686" "name": "was-admin-cons-xss(62947)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62947"
"name" : "41722", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41722" "name": "42136",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42136"
"name" : "42136", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42136" "name": "PM14251",
}, "refsource": "AIXAPAR",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM14251"
"name" : "was-admin-cons-xss(62947)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62947" "name": "41722",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/41722"
} },
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27004980",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27004980"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
},
{
"name": "69007",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/69007"
},
{
"name": "1024686",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024686"
}
]
}
} }

128
2010/2xxx/CVE-2010-2700.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2700", "ID": "CVE-2010-2700",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in Edge PHP Clickbank Affiliate Marketplace Script (CBQuick) allows remote attackers to inject arbitrary web script or HTML via the search parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "14322", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/14322" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in index.php in Edge PHP Clickbank Affiliate Marketplace Script (CBQuick) allows remote attackers to inject arbitrary web script or HTML via the search parameter."
{ }
"name" : "41538", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/41538" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14322",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14322"
},
{
"name": "41538",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41538"
}
]
}
} }

258
2010/3xxx/CVE-2010-3074.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-3074", "ID": "CVE-2010-3074",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100826 Multiple Vulnerabilities in EncFS", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0316.html" "lang": "eng",
}, "value": "SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack."
{ }
"name" : "[oss-security] 20100905 CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2010/09/05/3" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20100905 Re: CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2010/09/06/1" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20100907 Re: CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS", ]
"refsource" : "MLIST", }
"url" : "http://www.openwall.com/lists/oss-security/2010/09/07/8" ]
}, },
{ "references": {
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=335938", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=335938" "name": "41158",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/41158"
"name" : "http://code.google.com/p/encfs/source/detail?r=59", },
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/encfs/source/detail?r=59" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=630460",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630460"
"name" : "http://www.arg0.net/encfs", },
"refsource" : "CONFIRM", {
"url" : "http://www.arg0.net/encfs" "name": "41478",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/41478"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=630460", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=630460" "name": "http://code.google.com/p/encfs/source/detail?r=59",
}, "refsource": "CONFIRM",
{ "url": "http://code.google.com/p/encfs/source/detail?r=59"
"name" : "FEDORA-2010-14200", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047825.html" "name": "FEDORA-2010-14268",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047794.html"
"name" : "FEDORA-2010-14254", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047798.html" "name": "FEDORA-2010-14200",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047825.html"
"name" : "FEDORA-2010-14268", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047794.html" "name": "http://bugs.gentoo.org/show_bug.cgi?id=335938",
}, "refsource": "CONFIRM",
{ "url": "http://bugs.gentoo.org/show_bug.cgi?id=335938"
"name" : "SUSE-SR:2010:023", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html" "name": "SUSE-SR:2010:023",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
"name" : "41158", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41158" "name": "20100826 Multiple Vulnerabilities in EncFS",
}, "refsource": "FULLDISC",
{ "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0316.html"
"name" : "41478", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41478" "name": "[oss-security] 20100905 CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2010/09/05/3"
"name" : "ADV-2010-2414", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2414" "name": "[oss-security] 20100907 Re: CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2010/09/07/8"
} },
{
"name": "[oss-security] 20100905 Re: CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/06/1"
},
{
"name": "ADV-2010-2414",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2414"
},
{
"name": "http://www.arg0.net/encfs",
"refsource": "CONFIRM",
"url": "http://www.arg0.net/encfs"
},
{
"name": "FEDORA-2010-14254",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047798.html"
}
]
}
} }

278
2010/3xxx/CVE-2010-3303.json
View File

@ -1,142 +1,142 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-3303", "ID": "CVE-2010-3303",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) a plugin name, related to manage_plugin_uninstall.php; (2) an enumeration value or (3) a String value of a custom field, related to core/cfdefs/cfdef_standard.php; or a (4) project or (5) category name to print_all_bug_page_word.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20100914 CVE request: mantis before 1.2.3 (XSS)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2010/09/14/12" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) a plugin name, related to manage_plugin_uninstall.php; (2) an enumeration value or (3) a String value of a custom field, related to core/cfdefs/cfdef_standard.php; or a (4) project or (5) category name to print_all_bug_page_word.php."
{ }
"name" : "[oss-security] 20100914 Re: CVE request: mantis before 1.2.3 (XSS)", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2010/09/14/19" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20100914 Re: CVE request: mantis before 1.2.3 (XSS)", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2010/09/14/13" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20100916 Re: CVE request: mantis before 1.2.3 (XSS)", ]
"refsource" : "MLIST", }
"url" : "http://www.openwall.com/lists/oss-security/2010/09/16/16" ]
}, },
{ "references": {
"name" : "http://www.mantisbt.org/bugs/changelog_page.php?version_id=111", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mantisbt.org/bugs/changelog_page.php?version_id=111" "name": "FEDORA-2010-15080",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048639.html"
"name" : "http://www.mantisbt.org/bugs/view.php?id=12231", },
"refsource" : "CONFIRM", {
"url" : "http://www.mantisbt.org/bugs/view.php?id=12231" "name": "FEDORA-2010-15082",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048659.html"
"name" : "http://www.mantisbt.org/bugs/view.php?id=12232", },
"refsource" : "CONFIRM", {
"url" : "http://www.mantisbt.org/bugs/view.php?id=12232" "name": "GLSA-201211-01",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201211-01.xml"
"name" : "http://www.mantisbt.org/bugs/view.php?id=12234", },
"refsource" : "CONFIRM", {
"url" : "http://www.mantisbt.org/bugs/view.php?id=12234" "name": "41653",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/41653"
"name" : "http://www.mantisbt.org/bugs/view.php?id=12238", },
"refsource" : "CONFIRM", {
"url" : "http://www.mantisbt.org/bugs/view.php?id=12238" "name": "http://www.mantisbt.org/bugs/view.php?id=12234",
}, "refsource": "CONFIRM",
{ "url": "http://www.mantisbt.org/bugs/view.php?id=12234"
"name" : "FEDORA-2010-15061", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048548.html" "name": "http://www.mantisbt.org/bugs/view.php?id=12231",
}, "refsource": "CONFIRM",
{ "url": "http://www.mantisbt.org/bugs/view.php?id=12231"
"name" : "FEDORA-2010-15080", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048639.html" "name": "[oss-security] 20100914 Re: CVE request: mantis before 1.2.3 (XSS)",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2010/09/14/19"
"name" : "FEDORA-2010-15082", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048659.html" "name": "ADV-2010-2535",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/2535"
"name" : "GLSA-201211-01", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201211-01.xml" "name": "[oss-security] 20100914 CVE request: mantis before 1.2.3 (XSS)",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2010/09/14/12"
"name" : "43604", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/43604" "name": "FEDORA-2010-15061",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048548.html"
"name" : "41653", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41653" "name": "51199",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51199"
"name" : "51199", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51199" "name": "[oss-security] 20100914 Re: CVE request: mantis before 1.2.3 (XSS)",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2010/09/14/13"
"name" : "ADV-2010-2535", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2535" "name": "[oss-security] 20100916 Re: CVE request: mantis before 1.2.3 (XSS)",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2010/09/16/16"
} },
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php?version_id=111",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php?version_id=111"
},
{
"name": "43604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43604"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=12232",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=12232"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=12238",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=12238"
}
]
}
} }

158
2010/3xxx/CVE-2010-3794.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2010-3794", "ID": "CVE-2010-3794",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of FlashPix image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT4435", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4435" "lang": "eng",
}, "value": "QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of FlashPix image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file."
{ }
"name" : "http://support.apple.com/kb/HT4447", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT4447" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2010-11-10-1", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2010-12-07-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html" ]
}, },
{ "references": {
"name" : "1024729", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024729" "name": "http://support.apple.com/kb/HT4435",
} "refsource": "CONFIRM",
] "url": "http://support.apple.com/kb/HT4435"
} },
{
"name": "1024729",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024729"
},
{
"name": "APPLE-SA-2010-12-07-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html"
},
{
"name": "APPLE-SA-2010-11-10-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT4447",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4447"
}
]
}
} }

32
2010/3xxx/CVE-2010-3969.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2010-3969", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2010-3969",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
} }
] ]
} }
} }

148
2010/4xxx/CVE-2010-4026.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "hp-security-alert@hp.com",
"ID" : "CVE-2010-4026", "ID": "CVE-2010-4026",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the service API in HP Palm webOS 1.4.1 allows local users to gain privileges by leveraging the ability to perform certain service calls."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBMI02580", "description_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=128820663424237&w=2" "lang": "eng",
}, "value": "Unspecified vulnerability in the service API in HP Palm webOS 1.4.1 allows local users to gain privileges by leveraging the ability to perform certain service calls."
{ }
"name" : "SSRT100254", ]
"refsource" : "HP", },
"url" : "http://marc.info/?l=bugtraq&m=128820663424237&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1024647", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024647" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "42023", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/42023" ]
} },
] "references": {
} "reference_data": [
{
"name": "1024647",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024647"
},
{
"name": "HPSBMI02580",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=128820663424237&w=2"
},
{
"name": "42023",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42023"
},
{
"name": "SSRT100254",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=128820663424237&w=2"
}
]
}
} }

428
2010/4xxx/CVE-2010-4344.json
View File

@ -1,217 +1,217 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-4344", "ID": "CVE-2010-4344",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20101213 Exim security issue in historical release", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/515172/100/0/threaded" "lang": "eng",
}, "value": "Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging."
{ }
"name" : "[exim-dev] 20101207 Remote root vulnerability in Exim", ]
"refsource" : "MLIST", },
"url" : "http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[exim-dev] 20101210 Re: Remote root vulnerability in Exim", "description": [
"refsource" : "MLIST", {
"url" : "http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20101210 Exim remote root", ]
"refsource" : "MLIST", }
"url" : "http://openwall.com/lists/oss-security/2010/12/10/1" ]
}, },
{ "references": {
"name" : "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format", "reference_data": [
"refsource" : "MISC", {
"url" : "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format" "name": "SUSE-SA:2010:059",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html"
"name" : "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/", },
"refsource" : "MISC", {
"url" : "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/" "name": "[exim-dev] 20101207 Remote root vulnerability in Exim",
}, "refsource": "MLIST",
{ "url": "http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html"
"name" : "ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70", },
"refsource" : "CONFIRM", {
"url" : "ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70" "name": "http://bugs.exim.org/show_bug.cgi?id=787",
}, "refsource": "CONFIRM",
{ "url": "http://bugs.exim.org/show_bug.cgi?id=787"
"name" : "http://bugs.exim.org/show_bug.cgi?id=787", },
"refsource" : "CONFIRM", {
"url" : "http://bugs.exim.org/show_bug.cgi?id=787" "name": "1024858",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1024858"
"name" : "http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b", },
"refsource" : "CONFIRM", {
"url" : "http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b" "name": "RHSA-2010:0970",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0970.html"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=661756", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=661756" "name": "ADV-2010-3186",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/3186"
"name" : "http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html" "name": "45308",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/45308"
"name" : "http://atmail.com/blog/2010/atmail-6204-now-available/", },
"refsource" : "CONFIRM", {
"url" : "http://atmail.com/blog/2010/atmail-6204-now-available/" "name": "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format",
}, "refsource": "MISC",
{ "url": "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format"
"name" : "DSA-2131", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2010/dsa-2131" "name": "http://atmail.com/blog/2010/atmail-6204-now-available/",
}, "refsource": "CONFIRM",
{ "url": "http://atmail.com/blog/2010/atmail-6204-now-available/"
"name" : "RHSA-2010:0970", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0970.html" "name": "42576",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42576"
"name" : "SUSE-SA:2010:059", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html" "name": "42587",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42587"
"name" : "USN-1032-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1032-1" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=661756",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=661756"
"name" : "VU#682457", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/682457" "name": "[exim-dev] 20101210 Re: Remote root vulnerability in Exim",
}, "refsource": "MLIST",
{ "url": "http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html"
"name" : "45308", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/45308" "name": "40019",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/40019"
"name" : "69685", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/69685" "name": "ADV-2010-3172",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/3172"
"name" : "1024858", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024858" "name": "VU#682457",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/682457"
"name" : "40019", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40019" "name": "ADV-2010-3181",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/3181"
"name" : "42576", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42576" "name": "42586",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42586"
"name" : "42586", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42586" "name": "ADV-2010-3317",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/3317"
"name" : "42587", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42587" "name": "USN-1032-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1032-1"
"name" : "42589", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42589" "name": "http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html"
"name" : "ADV-2010-3171", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/3171" "name": "69685",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/69685"
"name" : "ADV-2010-3172", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/3172" "name": "20101213 Exim security issue in historical release",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/515172/100/0/threaded"
"name" : "ADV-2010-3181", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/3181" "name": "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/",
}, "refsource": "MISC",
{ "url": "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/"
"name" : "ADV-2010-3186", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/3186" "name": "ADV-2010-3246",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/3246"
"name" : "ADV-2010-3204", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/3204" "name": "ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70",
}, "refsource": "CONFIRM",
{ "url": "ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70"
"name" : "ADV-2010-3246", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/3246" "name": "ADV-2010-3204",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/3204"
"name" : "ADV-2010-3317", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/3317" "name": "http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b",
} "refsource": "CONFIRM",
] "url": "http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b"
} },
{
"name": "DSA-2131",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2131"
},
{
"name": "ADV-2010-3171",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3171"
},
{
"name": "42589",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42589"
},
{
"name": "[oss-security] 20101210 Exim remote root",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/12/10/1"
}
]
}
} }

138
2010/4xxx/CVE-2010-4731.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4731", "ID": "CVE-2010-4731",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Absolute path traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to read arbitrary files via a full pathname in the file parameter, a different vulnerability than CVE-2009-4463."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20101001 [STANKOINFORMZASCHITA-10-01] Netbiter, webSCADA multiple vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2010-10/0002.html" "lang": "eng",
}, "value": "Absolute path traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to read arbitrary files via a full pathname in the file parameter, a different vulnerability than CVE-2009-4463."
{ }
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-10-316-01A.pdf", ]
"refsource" : "MISC", },
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-10-316-01A.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#114560", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/114560" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#114560",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/114560"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-316-01A.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-316-01A.pdf"
},
{
"name": "20101001 [STANKOINFORMZASCHITA-10-01] Netbiter, webSCADA multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-10/0002.html"
}
]
}
} }

168
2014/0xxx/CVE-2014-0501.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2014-0501", "ID": "CVE-2014-0501",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Shockwave Player before 12.0.9.149 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0500."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://helpx.adobe.com/security/products/shockwave/apsb14-06.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://helpx.adobe.com/security/products/shockwave/apsb14-06.html" "lang": "eng",
}, "value": "Adobe Shockwave Player before 12.0.9.149 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0500."
{ }
"name" : "65493", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/65493" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "103158", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/103158" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1029740", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1029740" ]
}, },
{ "references": {
"name" : "56740", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56740" "name": "adobe-cve20140501-code-exec(91008)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91008"
"name" : "adobe-cve20140501-code-exec(91008)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91008" "name": "56740",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/56740"
} },
{
"name": "1029740",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029740"
},
{
"name": "65493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65493"
},
{
"name": "http://helpx.adobe.com/security/products/shockwave/apsb14-06.html",
"refsource": "CONFIRM",
"url": "http://helpx.adobe.com/security/products/shockwave/apsb14-06.html"
},
{
"name": "103158",
"refsource": "OSVDB",
"url": "http://osvdb.org/103158"
}
]
}
} }

138
2014/3xxx/CVE-2014-3709.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-3709", "ID": "CVE-2014-3709",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The org.keycloak.services.resources.SocialResource.callback method in JBoss KeyCloak before 1.0.3.Final allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1154971", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1154971" "lang": "eng",
}, "value": "The org.keycloak.services.resources.SocialResource.callback method in JBoss KeyCloak before 1.0.3.Final allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection."
{ }
"name" : "https://issues.jboss.org/browse/KEYCLOAK-765", ]
"refsource" : "CONFIRM", },
"url" : "https://issues.jboss.org/browse/KEYCLOAK-765" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "101508", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/101508" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.jboss.org/browse/KEYCLOAK-765",
"refsource": "CONFIRM",
"url": "https://issues.jboss.org/browse/KEYCLOAK-765"
},
{
"name": "101508",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101508"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1154971",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154971"
}
]
}
} }

168
2014/4xxx/CVE-2014-4361.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2014-4361", "ID": "CVE-2014-4361",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT6441", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT6441" "lang": "eng",
}, "value": "The Home & Lock Screen subsystem in Apple iOS before 8 does not properly restrict the private API for app prominence, which allows attackers to determine the frontmost app by leveraging access to a crafted background app."
{ }
"name" : "APPLE-SA-2014-09-17-1", ]
"refsource" : "APPLE", },
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "69882", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/69882" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "69949", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/69949" ]
}, },
{ "references": {
"name" : "1030866", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1030866" "name": "69949",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/69949"
"name" : "appleios-cve20144361-sec-bypass(96094)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96094" "name": "http://support.apple.com/kb/HT6441",
} "refsource": "CONFIRM",
] "url": "http://support.apple.com/kb/HT6441"
} },
{
"name": "1030866",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030866"
},
{
"name": "69882",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69882"
},
{
"name": "APPLE-SA-2014-09-17-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html"
},
{
"name": "appleios-cve20144361-sec-bypass(96094)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96094"
}
]
}
} }

168
2014/4xxx/CVE-2014-4728.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-4728", "ID": "CVE-2014-4728",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web server in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to cause a denial of service (crash) via a long header in a GET request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20140921 TP-LINK WDR4300 - Stored XSS & DoS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/533499/100/0/threaded" "lang": "eng",
}, "value": "The web server in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to cause a denial of service (crash) via a long header in a GET request."
{ }
"name" : "20140922 Re: TP-LINK WDR4300 - Stored XSS & DoS", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/533501/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20140923 TP-LINK WDR4300 - Stored XSS & DoS", "description": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2014/Sep/80" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.com/files/128343/TP-LINK-WDR4300-XSS-Denial-Of-Service.html", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.com/files/128343/TP-LINK-WDR4300-XSS-Denial-Of-Service.html" ]
}, },
{ "references": {
"name" : "70037", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/70037" "name": "tplink-wdr4300-cve20144728-dos(96140)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96140"
"name" : "tplink-wdr4300-cve20144728-dos(96140)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96140" "name": "20140922 Re: TP-LINK WDR4300 - Stored XSS & DoS",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/533501/100/0/threaded"
} },
{
"name": "20140923 TP-LINK WDR4300 - Stored XSS & DoS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Sep/80"
},
{
"name": "70037",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70037"
},
{
"name": "20140921 TP-LINK WDR4300 - Stored XSS & DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533499/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/128343/TP-LINK-WDR4300-XSS-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128343/TP-LINK-WDR4300-XSS-Denial-Of-Service.html"
}
]
}
} }

128
2014/4xxx/CVE-2014-4871.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-4871", "ID": "CVE-2014-4871",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script or HTML via the wlWpaPsk parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#941108", "description_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/941108" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script or HTML via the wlWpaPsk parameter."
{ }
"name" : "70253", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/70253" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70253",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70253"
},
{
"name": "VU#941108",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/941108"
}
]
}
} }

138
2014/4xxx/CVE-2014-4901.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-4901", "ID": "CVE-2014-4901",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Bond Trading (aka com.appmakr.app613309) application 197705 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Bond Trading (aka com.appmakr.app613309) application 197705 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#560497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/560497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#560497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/560497"
}
]
}
} }

128
2014/4xxx/CVE-2014-4936.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-4936", "ID": "CVE-2014-4936",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://blog.0x3a.com/post/104954032239/cve-2014-4936-malwarebytes-anti-malware-and", "description_data": [
"refsource" : "MISC", {
"url" : "http://blog.0x3a.com/post/104954032239/cve-2014-4936-malwarebytes-anti-malware-and" "lang": "eng",
}, "value": "The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable."
{ }
"name" : "http://packetstormsecurity.com/files/130244/Malwarebytes-Anti-Malware-Anti-Exploit-Update-Remote-Code-Execution.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/130244/Malwarebytes-Anti-Malware-Anti-Exploit-Update-Remote-Code-Execution.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.0x3a.com/post/104954032239/cve-2014-4936-malwarebytes-anti-malware-and",
"refsource": "MISC",
"url": "http://blog.0x3a.com/post/104954032239/cve-2014-4936-malwarebytes-anti-malware-and"
},
{
"name": "http://packetstormsecurity.com/files/130244/Malwarebytes-Anti-Malware-Anti-Exploit-Update-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130244/Malwarebytes-Anti-Malware-Anti-Exploit-Update-Remote-Code-Execution.html"
}
]
}
} }

138
2014/8xxx/CVE-2014-8017.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2014-8017", "ID": "CVE-2014-8017",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20141222 Cisco Identity Services Engine Periodic Backup Password Disclosure Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8017" "lang": "eng",
}, "value": "The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673."
{ }
"name" : "71767", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/71767" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1031425", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031425" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "71767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71767"
},
{
"name": "20141222 Cisco Identity Services Engine Periodic Backup Password Disclosure Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8017"
},
{
"name": "1031425",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031425"
}
]
}
} }

32
2014/8xxx/CVE-2014-8338.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8338", "ID": "CVE-2014-8338",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

198
2014/8xxx/CVE-2014-8499.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8499", "ID": "CVE-2014-8499",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter to (1) SQLAdvancedALSearchResult.cc or (2) AdvancedSearchResult.cc."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "35210", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/35210" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter to (1) SQLAdvancedALSearchResult.cc or (2) AdvancedSearchResult.cc."
{ }
"name" : "20141109 [The ManageOwnage Series, part VII]: Super admin privesc + password DB dump in Password Manager Pro", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2014/Nov/18" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://packetstormsecurity.com/files/129036/Password-Manager-Pro-SQL-Injection.html", "description": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/129036/Password-Manager-Pro-SQL-Injection.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_pmp_privesc.txt", ]
"refsource" : "MISC", }
"url" : "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_pmp_privesc.txt" ]
}, },
{ "references": {
"name" : "71018", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/71018" "name": "pmp-cve20148499-sql-injection(98595)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98595"
"name" : "114484", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/show/osvdb/114484" "name": "114485",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/show/osvdb/114485"
"name" : "114485", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/show/osvdb/114485" "name": "114484",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/show/osvdb/114484"
"name" : "passwordmanager-cve20148499-sql-injection(98597)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98597" "name": "71018",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/71018"
"name" : "pmp-cve20148499-sql-injection(98595)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98595" "name": "passwordmanager-cve20148499-sql-injection(98597)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98597"
} },
{
"name": "http://packetstormsecurity.com/files/129036/Password-Manager-Pro-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129036/Password-Manager-Pro-SQL-Injection.html"
},
{
"name": "20141109 [The ManageOwnage Series, part VII]: Super admin privesc + password DB dump in Password Manager Pro",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/18"
},
{
"name": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_pmp_privesc.txt",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_pmp_privesc.txt"
},
{
"name": "35210",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35210"
}
]
}
} }

32
2014/8xxx/CVE-2014-8550.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8550", "ID": "CVE-2014-8550",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

148
2014/8xxx/CVE-2014-8628.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@suse.com",
"ID" : "CVE-2014-8628", "ID": "CVE-2014-8628",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014-9744 for the ClientHello message issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://polarssl.org/tech-updates/releases/polarssl-1.2.12-released", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://polarssl.org/tech-updates/releases/polarssl-1.2.12-released" "lang": "eng",
}, "value": "Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014-9744 for the ClientHello message issue."
{ }
"name" : "https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released", ]
"refsource" : "CONFIRM", },
"url" : "https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-3116", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2014/dsa-3116" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "openSUSE-SU-2014:1457", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html" ]
} },
] "references": {
} "reference_data": [
{
"name": "openSUSE-SU-2014:1457",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00079.html"
},
{
"name": "DSA-3116",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3116"
},
{
"name": "https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released",
"refsource": "CONFIRM",
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released"
},
{
"name": "https://polarssl.org/tech-updates/releases/polarssl-1.2.12-released",
"refsource": "CONFIRM",
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.12-released"
}
]
}
} }

158
2014/8xxx/CVE-2014-8886.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8886", "ID": "CVE-2014-8886",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AVM FRITZ!OS before 6.30 extracts the contents of firmware updates before verifying their cryptographic signature, which allows remote attackers to create symlinks or overwrite critical files, and consequently execute arbitrary code, via a crafted firmware image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20160107 [RT-SA-2014-014] AVM FRITZ!Box: Arbitrary Code Execution Through Manipulated Firmware Images", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/537246/100/0/threaded" "lang": "eng",
}, "value": "AVM FRITZ!OS before 6.30 extracts the contents of firmware updates before verifying their cryptographic signature, which allows remote attackers to create symlinks or overwrite critical files, and consequently execute arbitrary code, via a crafted firmware image."
{ }
"name" : "20160107 [RT-SA-2014-014] AVM FRITZ!Box: Arbitrary Code Execution Through Manipulated Firmware Images", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2016/Jan/12" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.redteam-pentesting.de/advisories/rt-sa-2014-014", "description": [
"refsource" : "MISC", {
"url" : "https://www.redteam-pentesting.de/advisories/rt-sa-2014-014" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.com/files/135161/AVM-FRITZ-Box-Arbitrary-Code-Execution-Via-Firmware-Images.html", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.com/files/135161/AVM-FRITZ-Box-Arbitrary-Code-Execution-Via-Firmware-Images.html" ]
}, },
{ "references": {
"name" : "https://avm.de/service/sicherheitsinfos-zu-updates/", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://avm.de/service/sicherheitsinfos-zu-updates/" "name": "20160107 [RT-SA-2014-014] AVM FRITZ!Box: Arbitrary Code Execution Through Manipulated Firmware Images",
} "refsource": "FULLDISC",
] "url": "http://seclists.org/fulldisclosure/2016/Jan/12"
} },
{
"name": "20160107 [RT-SA-2014-014] AVM FRITZ!Box: Arbitrary Code Execution Through Manipulated Firmware Images",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537246/100/0/threaded"
},
{
"name": "https://www.redteam-pentesting.de/advisories/rt-sa-2014-014",
"refsource": "MISC",
"url": "https://www.redteam-pentesting.de/advisories/rt-sa-2014-014"
},
{
"name": "http://packetstormsecurity.com/files/135161/AVM-FRITZ-Box-Arbitrary-Code-Execution-Via-Firmware-Images.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135161/AVM-FRITZ-Box-Arbitrary-Code-Execution-Via-Firmware-Images.html"
},
{
"name": "https://avm.de/service/sicherheitsinfos-zu-updates/",
"refsource": "CONFIRM",
"url": "https://avm.de/service/sicherheitsinfos-zu-updates/"
}
]
}
} }

32
2014/9xxx/CVE-2014-9085.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9085", "ID": "CVE-2014-9085",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2014/9xxx/CVE-2014-9133.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9133", "ID": "CVE-2014-9133",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

128
2014/9xxx/CVE-2014-9464.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9464", "ID": "CVE-2014-9464",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.youtube.com/watch?v=SSE8Xj_-QaQ", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.youtube.com/watch?v=SSE8Xj_-QaQ" "lang": "eng",
}, "value": "SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable."
{ }
"name" : "https://github.com/microweber/microweber/commit/4ee09f9dda35cd1b15daa351f335c2a4a0538d29", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/microweber/microweber/commit/4ee09f9dda35cd1b15daa351f335c2a4a0538d29" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/microweber/microweber/commit/4ee09f9dda35cd1b15daa351f335c2a4a0538d29",
"refsource": "CONFIRM",
"url": "https://github.com/microweber/microweber/commit/4ee09f9dda35cd1b15daa351f335c2a4a0538d29"
},
{
"name": "https://www.youtube.com/watch?v=SSE8Xj_-QaQ",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=SSE8Xj_-QaQ"
}
]
}
} }

128
2014/9xxx/CVE-2014-9834.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9834", "ID": "CVE-2014-9834",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20141224 Imagemagick fuzzing bug", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2014/12/24/1" "lang": "eng",
}, "value": "Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file."
{ }
"name" : "[oss-security] 20160602 Re: ImageMagick CVEs", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160602 Re: ImageMagick CVEs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name": "[oss-security] 20141224 Imagemagick fuzzing bug",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/12/24/1"
}
]
}
} }

140
2014/9xxx/CVE-2014-9981.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00", "DATE_PUBLIC": "2018-04-02T00:00:00",
"ID" : "CVE-2014-9981", "ID": "CVE-2014-9981",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Snapdragon Mobile", "product_name": "Snapdragon Mobile",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "MDM9625, MDM9635M, SD 400, SD 410/12, SD 615/16/SD 415" "version_value": "MDM9625, MDM9635M, SD 400, SD 410/12, SD 615/16/SD 415"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check in the USB interface was insufficient during boot."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Validation of Array Index in Boot"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-07-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-07-01" "lang": "eng",
}, "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check in the USB interface was insufficient during boot."
{ }
"name" : "https://source.android.com/security/bulletin/2018-04-01", ]
"refsource" : "CONFIRM", },
"url" : "https://source.android.com/security/bulletin/2018-04-01" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "103671", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/103671" "lang": "eng",
} "value": "Improper Validation of Array Index in Boot"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-07-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
} }

198
2016/2xxx/CVE-2016-2530.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-2530", "ID": "CVE-2016-2530",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 mishandles the case of an unrecognized TLV type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet, a different vulnerability than CVE-2016-2531."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.wireshark.org/security/wnpa-sec-2016-10.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.wireshark.org/security/wnpa-sec-2016-10.html" "lang": "eng",
}, "value": "The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 mishandles the case of an unrecognized TLV type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet, a different vulnerability than CVE-2016-2531."
{ }
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11829", ]
"refsource" : "CONFIRM", },
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11829" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2930d3105c3ff2bfb1278b34ad10e2e71c3b8fb0", "description": [
"refsource" : "CONFIRM", {
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2930d3105c3ff2bfb1278b34ad10e2e71c3b8fb0" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" ]
}, },
{ "references": {
"name" : "DSA-3516", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2016/dsa-3516" "name": "openSUSE-SU-2016:0661",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00016.html"
"name" : "GLSA-201604-05", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201604-05" "name": "openSUSE-SU-2016:0660",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00015.html"
"name" : "openSUSE-SU-2016:0660", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00015.html" "name": "DSA-3516",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2016/dsa-3516"
"name" : "openSUSE-SU-2016:0661", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00016.html" "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2930d3105c3ff2bfb1278b34ad10e2e71c3b8fb0",
}, "refsource": "CONFIRM",
{ "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2930d3105c3ff2bfb1278b34ad10e2e71c3b8fb0"
"name" : "1035118", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1035118" "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
} "refsource": "CONFIRM",
] "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
} },
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11829",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11829"
},
{
"name": "GLSA-201604-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201604-05"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2016-10.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2016-10.html"
},
{
"name": "1035118",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035118"
}
]
}
} }

32
2016/2xxx/CVE-2016-2608.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-2608", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-2608",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

238
2016/3xxx/CVE-2016-3191.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2016-3191", "ID": "CVE-2016-3191",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://vcs.pcre.org/pcre2?view=revision&revision=489", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://vcs.pcre.org/pcre2?view=revision&revision=489" "lang": "eng",
}, "value": "The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542."
{ }
"name" : "http://vcs.pcre.org/pcre?view=revision&revision=1631", ]
"refsource" : "CONFIRM", },
"url" : "http://vcs.pcre.org/pcre?view=revision&revision=1631" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugs.debian.org/815920", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.debian.org/815920" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugs.debian.org/815921", ]
"refsource" : "CONFIRM", }
"url" : "https://bugs.debian.org/815921" ]
}, },
{ "references": {
"name" : "https://bugs.exim.org/show_bug.cgi?id=1791", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.exim.org/show_bug.cgi?id=1791" "name": "84810",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/84810"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1311503", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1311503" "name": "http://vcs.pcre.org/pcre2?view=revision&revision=489",
}, "refsource": "CONFIRM",
{ "url": "http://vcs.pcre.org/pcre2?view=revision&revision=489"
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" "name": "RHSA-2016:1132",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2016:1132"
"name" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886", },
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886" "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
"name" : "https://bto.bluecoat.com/security-advisory/sa128", },
"refsource" : "CONFIRM", {
"url" : "https://bto.bluecoat.com/security-advisory/sa128" "name": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1023886"
"name" : "https://www.tenable.com/security/tns-2016-18", },
"refsource" : "CONFIRM", {
"url" : "https://www.tenable.com/security/tns-2016-18" "name": "RHSA-2016:1025",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2016-1025.html"
"name" : "RHSA-2016:1025", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1025.html" "name": "https://bugs.debian.org/815921",
}, "refsource": "CONFIRM",
{ "url": "https://bugs.debian.org/815921"
"name" : "RHSA-2016:1132", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2016:1132" "name": "https://bugs.debian.org/815920",
}, "refsource": "CONFIRM",
{ "url": "https://bugs.debian.org/815920"
"name" : "84810", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/84810" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1311503",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311503"
} },
{
"name": "https://bugs.exim.org/show_bug.cgi?id=1791",
"refsource": "CONFIRM",
"url": "https://bugs.exim.org/show_bug.cgi?id=1791"
},
{
"name": "https://www.tenable.com/security/tns-2016-18",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-18"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa128",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa128"
},
{
"name": "http://vcs.pcre.org/pcre?view=revision&revision=1631",
"refsource": "CONFIRM",
"url": "http://vcs.pcre.org/pcre?view=revision&revision=1631"
}
]
}
} }

148
2016/3xxx/CVE-2016-3400.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-3400", "ID": "CVE-2016-3400",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113589", "description_data": [
"refsource" : "MISC", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113589" "lang": "eng",
}, "value": "NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol."
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1006063", ]
"refsource" : "CONFIRM", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1006063" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products", "description": [
"refsource" : "CONFIRM", {
"url" : "https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "99101", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/99101" ]
} },
] "references": {
} "reference_data": [
{
"name": "99101",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99101"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113589",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113589"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1006063",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1006063"
},
{
"name": "https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products",
"refsource": "CONFIRM",
"url": "https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products"
}
]
}
} }

32
2016/3xxx/CVE-2016-3667.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-3667", "ID": "CVE-2016-3667",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

138
2016/3xxx/CVE-2016-3860.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-3860", "ID": "CVE-2016-3860",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "sound/soc/msm/qdsp6v2/audio_calibration.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29323142 and Qualcomm internal bug CR 1038127."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://source.android.com/security/bulletin/2016-10-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://source.android.com/security/bulletin/2016-10-01.html" "lang": "eng",
}, "value": "sound/soc/msm/qdsp6v2/audio_calibration.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29323142 and Qualcomm internal bug CR 1038127."
{ }
"name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/sound/soc/msm/qdsp6v2/?id=528976f54be246ec93a71ac53aa4faf3e3791c48", ]
"refsource" : "CONFIRM", },
"url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/sound/soc/msm/qdsp6v2/?id=528976f54be246ec93a71ac53aa4faf3e3791c48" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "93320", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/93320" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/sound/soc/msm/qdsp6v2/?id=528976f54be246ec93a71ac53aa4faf3e3791c48",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/sound/soc/msm/qdsp6v2/?id=528976f54be246ec93a71ac53aa4faf3e3791c48"
},
{
"name": "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-10-01.html"
},
{
"name": "93320",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93320"
}
]
}
} }

374
2016/6xxx/CVE-2016-6068.json
View File

@ -1,190 +1,190 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2016-6068", "ID": "CVE-2016-6068",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "UrbanCode Deploy", "product_name": "UrbanCode Deploy",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "6.1.0.2" "version_value": "6.1.0.2"
}, },
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "6.0.1" "version_value": "6.0.1"
}, },
{ {
"version_value" : "6.0.1.1" "version_value": "6.0.1.1"
}, },
{ {
"version_value" : "6.0.1.2" "version_value": "6.0.1.2"
}, },
{ {
"version_value" : "6.0.1.3" "version_value": "6.0.1.3"
}, },
{ {
"version_value" : "6.0.1.4" "version_value": "6.0.1.4"
}, },
{ {
"version_value" : "6.0.1.5" "version_value": "6.0.1.5"
}, },
{ {
"version_value" : "6.0.1.6" "version_value": "6.0.1.6"
}, },
{ {
"version_value" : "6.1" "version_value": "6.1"
}, },
{ {
"version_value" : "6.1.0.1" "version_value": "6.1.0.1"
}, },
{ {
"version_value" : "6.1.0.3" "version_value": "6.1.0.3"
}, },
{ {
"version_value" : "6.0.1.7" "version_value": "6.0.1.7"
}, },
{ {
"version_value" : "6.0.1.8" "version_value": "6.0.1.8"
}, },
{ {
"version_value" : "6.1.0.4" "version_value": "6.1.0.4"
}, },
{ {
"version_value" : "6.1.1" "version_value": "6.1.1"
}, },
{ {
"version_value" : "6.1.1.1" "version_value": "6.1.1.1"
}, },
{ {
"version_value" : "6.1.1.2" "version_value": "6.1.1.2"
}, },
{ {
"version_value" : "6.1.1.3" "version_value": "6.1.1.3"
}, },
{ {
"version_value" : "6.1.1.4" "version_value": "6.1.1.4"
}, },
{ {
"version_value" : "6.1.1.5" "version_value": "6.1.1.5"
}, },
{ {
"version_value" : "6.0.1.9" "version_value": "6.0.1.9"
}, },
{ {
"version_value" : "6.1.1.6" "version_value": "6.1.1.6"
}, },
{ {
"version_value" : "6.1.1.7" "version_value": "6.1.1.7"
}, },
{ {
"version_value" : "6.1.2" "version_value": "6.1.2"
}, },
{ {
"version_value" : "6.0.1.10" "version_value": "6.0.1.10"
}, },
{ {
"version_value" : "6.0.1.11" "version_value": "6.0.1.11"
}, },
{ {
"version_value" : "6.1.1.8" "version_value": "6.1.1.8"
}, },
{ {
"version_value" : "6.1.3" "version_value": "6.1.3"
}, },
{ {
"version_value" : "6.1.3.1" "version_value": "6.1.3.1"
}, },
{ {
"version_value" : "6.2" "version_value": "6.2"
}, },
{ {
"version_value" : "6.2.0.1" "version_value": "6.2.0.1"
}, },
{ {
"version_value" : "6.0.1.12" "version_value": "6.0.1.12"
}, },
{ {
"version_value" : "6.1.3.2" "version_value": "6.1.3.2"
}, },
{ {
"version_value" : "6.2.0.2" "version_value": "6.2.0.2"
}, },
{ {
"version_value" : "6.2.1" "version_value": "6.2.1"
}, },
{ {
"version_value" : "6.0.1.13" "version_value": "6.0.1.13"
}, },
{ {
"version_value" : "6.2.1.1" "version_value": "6.2.1.1"
}, },
{ {
"version_value" : "6.0.1.14" "version_value": "6.0.1.14"
}, },
{ {
"version_value" : "6.1.3.3" "version_value": "6.1.3.3"
}, },
{ {
"version_value" : "6.2.1.2" "version_value": "6.2.1.2"
}, },
{ {
"version_value" : "6.2.2" "version_value": "6.2.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM Corporation" "vendor_name": "IBM Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?uid=swg2C1000229", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=swg2C1000229" "lang": "eng",
}, "value": "IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties."
{ }
"name" : "95290", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95290" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg2C1000229",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000229"
},
{
"name": "95290",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95290"
}
]
}
} }

208
2016/6xxx/CVE-2016-6321.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2016-6321", "ID": "CVE-2016-6321",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20161026 [CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321)", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2016/Oct/96" "lang": "eng",
}, "value": "Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER."
{ }
"name" : "20161030 [CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321) - patch update", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2016/Oct/102" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[bug-tar] 20161029 Re: [Bug-tar] possible fixes for CVE-2016-6321", "description": [
"refsource" : "MLIST", {
"url" : "http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html" ]
}, },
{ "references": {
"name" : "https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt", "reference_data": [
"refsource" : "MISC", {
"url" : "https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt" "name": "20161030 [CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321) - patch update",
}, "refsource": "FULLDISC",
{ "url": "http://seclists.org/fulldisclosure/2016/Oct/102"
"name" : "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d", },
"refsource" : "CONFIRM", {
"url" : "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d" "name": "93937",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/93937"
"name" : "DSA-3702", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2016/dsa-3702" "name": "GLSA-201611-19",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201611-19"
"name" : "GLSA-201611-19", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201611-19" "name": "20161026 [CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321)",
}, "refsource": "FULLDISC",
{ "url": "http://seclists.org/fulldisclosure/2016/Oct/96"
"name" : "USN-3132-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-3132-1" "name": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d",
}, "refsource": "CONFIRM",
{ "url": "http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d"
"name" : "93937", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/93937" "name": "[bug-tar] 20161029 Re: [Bug-tar] possible fixes for CVE-2016-6321",
} "refsource": "MLIST",
] "url": "http://lists.gnu.org/archive/html/bug-tar/2016-10/msg00016.html"
} },
{
"name": "DSA-3702",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3702"
},
{
"name": "https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt",
"refsource": "MISC",
"url": "https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt"
},
{
"name": "http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html"
},
{
"name": "USN-3132-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3132-1"
}
]
}
} }

138
2016/6xxx/CVE-2016-6410.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2016-6410", "ID": "CVE-2016-6410",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuy19856."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20160921 Cisco IOS and IOS XE Software Application-Hosting Framework Unauthorized File Access Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-caf" "lang": "eng",
}, "value": "The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuy19856."
{ }
"name" : "93090", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/93090" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1036873", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036873" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "93090",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93090"
},
{
"name": "1036873",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036873"
},
{
"name": "20160921 Cisco IOS and IOS XE Software Application-Hosting Framework Unauthorized File Access Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-caf"
}
]
}
} }

128
2016/6xxx/CVE-2016-6790.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-6790", "ID": "CVE-2016-6790",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android Kernel-3.18", "product_name": "Android Kernel-3.18",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android Kernel-3.18" "version_value": "Android Kernel-3.18"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the NVIDIA libomx library (libnvomx) could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.18. Android ID: A-31251628. References: N-CVE-2016-6790."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2016-12-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2016-12-01.html" "lang": "eng",
}, "value": "An elevation of privilege vulnerability in the NVIDIA libomx library (libnvomx) could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.18. Android ID: A-31251628. References: N-CVE-2016-6790."
{ }
"name" : "94678", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/94678" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94678",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94678"
},
{
"name": "https://source.android.com/security/bulletin/2016-12-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-12-01.html"
}
]
}
} }

148
2016/7xxx/CVE-2016-7034.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2016-7034", "ID": "CVE-2016-7034",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1373347", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1373347" "lang": "eng",
}, "value": "The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token."
{ }
"name" : "RHSA-2017:0557", ]
"refsource" : "REDHAT", },
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0557.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2018:0296", "description": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:0296" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "92760", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/92760" ]
} },
] "references": {
} "reference_data": [
{
"name": "RHSA-2017:0557",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0557.html"
},
{
"name": "RHSA-2018:0296",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0296"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1373347",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373347"
},
{
"name": "92760",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92760"
}
]
}
} }

178
2016/7xxx/CVE-2016-7526.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2016-7526", "ID": "CVE-2016-7526",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/09/22/2" "lang": "eng",
}, "value": "coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file."
{ }
"name" : "https://bugs.launchpad.net/bugs/1539050", ]
"refsource" : "CONFIRM", },
"url" : "https://bugs.launchpad.net/bugs/1539050" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1378758", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1378758" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/ImageMagick/ImageMagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/ImageMagick/ImageMagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7" ]
}, },
{ "references": {
"name" : "https://github.com/ImageMagick/ImageMagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/ImageMagick/ImageMagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599" "name": "https://github.com/ImageMagick/ImageMagick/issues/102",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/ImageMagick/ImageMagick/issues/102"
"name" : "https://github.com/ImageMagick/ImageMagick/issues/102", },
"refsource" : "CONFIRM", {
"url" : "https://github.com/ImageMagick/ImageMagick/issues/102" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1378758",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378758"
"name" : "93131", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/93131" "name": "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2016/09/22/2"
} },
{
"name": "https://bugs.launchpad.net/bugs/1539050",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/bugs/1539050"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599"
},
{
"name": "93131",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93131"
}
]
}
} }

188
2016/7xxx/CVE-2016-7876.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2016-7876", "ID": "CVE-2016-7876",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier", "product_name": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier" "version_value": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Clipboard class related to data handling functionality. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory Corruption"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html" "lang": "eng",
}, "value": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Clipboard class related to data handling functionality. Successful exploitation could lead to arbitrary code execution."
{ }
"name" : "GLSA-201701-17", ]
"refsource" : "GENTOO", },
"url" : "https://security.gentoo.org/glsa/201701-17" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MS16-154", "description": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154" "lang": "eng",
}, "value": "Memory Corruption"
{ }
"name" : "RHSA-2016:2947", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2947.html" ]
}, },
{ "references": {
"name" : "SUSE-SU-2016:3148", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html" "name": "SUSE-SU-2016:3148",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html"
"name" : "openSUSE-SU-2016:3160", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html" "name": "MS16-154",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154"
"name" : "94866", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/94866" "name": "GLSA-201701-17",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201701-17"
"name" : "1037442", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037442" "name": "1037442",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1037442"
} },
{
"name": "94866",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94866"
},
{
"name": "RHSA-2016:2947",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2947.html"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html"
},
{
"name": "openSUSE-SU-2016:3160",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html"
}
]
}
} }