admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:37:26 +00:00
parent 776e24e8e4
commit edffd73e71
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
50 changed files with 4025 additions and 4025 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
2006/1xxx/CVE-2006-1591.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1591",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060413 Windows Help Heap Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/430871/100/0/threaded"
},
{
"name" : "20060331 Windows Help Heap Overflow",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044748.html"
},
{
"name" : "http://www.open-security.org/advisories/15",
"refsource" : "MISC",
"url" : "http://www.open-security.org/advisories/15"
},
{
"name" : "17325",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17325"
},
{
"name" : "700",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/700"
},
{
"name" : "win-winhlp32-hlp-bo(25573)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25573"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "win-winhlp32-hlp-bo(25573)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25573"
},
{
"name": "http://www.open-security.org/advisories/15",
"refsource": "MISC",
"url": "http://www.open-security.org/advisories/15"
},
{
"name": "20060413 Windows Help Heap Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430871/100/0/threaded"
},
{
"name": "700",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/700"
},
{
"name": "20060331 Windows Help Heap Overflow",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044748.html"
},
{
"name": "17325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17325"
}
]
}
}

150
2006/5xxx/CVE-2006-5242.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5242",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Etomite Content Management System (CMS) before 0.6.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.etomite.org/forums/index.php?showtopic=6095",
"refsource" : "CONFIRM",
"url" : "http://www.etomite.org/forums/index.php?showtopic=6095"
},
{
"name" : "20449",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20449"
},
{
"name" : "ADV-2006-3975",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3975"
},
{
"name" : "22217",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22217"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Etomite Content Management System (CMS) before 0.6.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22217",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22217"
},
{
"name": "ADV-2006-3975",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3975"
},
{
"name": "http://www.etomite.org/forums/index.php?showtopic=6095",
"refsource": "CONFIRM",
"url": "http://www.etomite.org/forums/index.php?showtopic=6095"
},
{
"name": "20449",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20449"
}
]
}
}

180
2006/5xxx/CVE-2006-5246.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5246",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Eazy Cart allows remote attackers to change prices and other critical fields via unspecified vectors to easycart.php, probably including the price parameter. NOTE: some details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061010 MHL-2006-001 Public Advisory: \"Eazy Cart\" Multiple Security Issues",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/448094/100/0/threaded"
},
{
"name" : "http://www.mayhemiclabs.com/advisories/MHL-2006-01.txt",
"refsource" : "MISC",
"url" : "http://www.mayhemiclabs.com/advisories/MHL-2006-01.txt"
},
{
"name" : "http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006001",
"refsource" : "MISC",
"url" : "http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006001"
},
{
"name" : "1017041",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017041"
},
{
"name" : "22286",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22286"
},
{
"name" : "1717",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1717"
},
{
"name" : "eazycart-easycart-data-manipulation(29420)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29420"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eazy Cart allows remote attackers to change prices and other critical fields via unspecified vectors to easycart.php, probably including the price parameter. NOTE: some details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1717",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1717"
},
{
"name": "20061010 MHL-2006-001 Public Advisory: \"Eazy Cart\" Multiple Security Issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448094/100/0/threaded"
},
{
"name": "http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006001",
"refsource": "MISC",
"url": "http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006001"
},
{
"name": "1017041",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017041"
},
{
"name": "22286",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22286"
},
{
"name": "http://www.mayhemiclabs.com/advisories/MHL-2006-01.txt",
"refsource": "MISC",
"url": "http://www.mayhemiclabs.com/advisories/MHL-2006-01.txt"
},
{
"name": "eazycart-easycart-data-manipulation(29420)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29420"
}
]
}
}

250
2006/5xxx/CVE-2006-5506.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5506",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in WiClear 0.10 allow remote attackers to execute arbitrary PHP code via the path parameter in (1) inc/prepend.inc.php, (2) inc/lib/boxes.lib.php, (3) inc/lib/tools.lib.php, (4) tools/trackback/index.php, and (5) tools/utf8conversion/index.php in admin/; and (6) prepend.inc.php, (7) lib/boxes.lib.php, and (8) lib/history.lib.php in inc/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2624",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2624"
},
{
"name" : "http://wiclear.free.fr/",
"refsource" : "CONFIRM",
"url" : "http://wiclear.free.fr/"
},
{
"name" : "http://wiclear.free.fr/?Download",
"refsource" : "CONFIRM",
"url" : "http://wiclear.free.fr/?Download"
},
{
"name" : "ADV-2006-4166",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4166"
},
{
"name" : "29942",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29942"
},
{
"name" : "29943",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29943"
},
{
"name" : "29944",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29944"
},
{
"name" : "29945",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29945"
},
{
"name" : "29946",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29946"
},
{
"name" : "29947",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29947"
},
{
"name" : "29948",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29948"
},
{
"name" : "29949",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29949"
},
{
"name" : "22547",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22547"
},
{
"name" : "wiclear-path-file-include(29720)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29720"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in WiClear 0.10 allow remote attackers to execute arbitrary PHP code via the path parameter in (1) inc/prepend.inc.php, (2) inc/lib/boxes.lib.php, (3) inc/lib/tools.lib.php, (4) tools/trackback/index.php, and (5) tools/utf8conversion/index.php in admin/; and (6) prepend.inc.php, (7) lib/boxes.lib.php, and (8) lib/history.lib.php in inc/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiclear.free.fr/?Download",
"refsource": "CONFIRM",
"url": "http://wiclear.free.fr/?Download"
},
{
"name": "29944",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29944"
},
{
"name": "ADV-2006-4166",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4166"
},
{
"name": "wiclear-path-file-include(29720)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29720"
},
{
"name": "29948",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29948"
},
{
"name": "29943",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29943"
},
{
"name": "29947",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29947"
},
{
"name": "29945",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29945"
},
{
"name": "22547",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22547"
},
{
"name": "29946",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29946"
},
{
"name": "2624",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2624"
},
{
"name": "29949",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29949"
},
{
"name": "http://wiclear.free.fr/",
"refsource": "CONFIRM",
"url": "http://wiclear.free.fr/"
},
{
"name": "29942",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29942"
}
]
}
}

180
2006/5xxx/CVE-2006-5946.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5946",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in demo/glossary/glossary.asp in FunkyASP Glossary 1.0 allows remote attackers to execute arbitrary SQL commands via the alpha parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061114 FunkyASP Glossary v1.0 [injection sql]",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/451562/100/0/threaded"
},
{
"name" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=19",
"refsource" : "MISC",
"url" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=19"
},
{
"name" : "21055",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21055"
},
{
"name" : "ADV-2006-4516",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4516"
},
{
"name" : "22911",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22911"
},
{
"name" : "1877",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1877"
},
{
"name" : "funkyasp-glossary-sql-injection(30271)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30271"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in demo/glossary/glossary.asp in FunkyASP Glossary 1.0 allows remote attackers to execute arbitrary SQL commands via the alpha parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "funkyasp-glossary-sql-injection(30271)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30271"
},
{
"name": "ADV-2006-4516",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4516"
},
{
"name": "http://s-a-p.ca/index.php?page=OurAdvisories&id=19",
"refsource": "MISC",
"url": "http://s-a-p.ca/index.php?page=OurAdvisories&id=19"
},
{
"name": "1877",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1877"
},
{
"name": "22911",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22911"
},
{
"name": "20061114 FunkyASP Glossary v1.0 [injection sql]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451562/100/0/threaded"
},
{
"name": "21055",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21055"
}
]
}
}

290
2007/2xxx/CVE-2007-2199.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2199",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcltar.php) in the PclTar module 1.3 and 1.3.1 for Vincent Blavet PhpConcept Library, as used in multiple products including (1) Joomla! 1.5.0 Beta, (2) N/X Web Content Management System (WCMS) 4.5, (3) CJG EXPLORER PRO 3.3, and (4) phpSiteBackup 0.1, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070423 Remote file inclusion in Joomla 1.5.0 Beta",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/466687/100/0/threaded"
},
{
"name" : "20070904 Re: Multiple vulnerabilities in Joomla 1.5 RC 1",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/478503/100/0/threaded"
},
{
"name" : "3781",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3781"
},
{
"name" : "3915",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3915"
},
{
"name" : "4111",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4111"
},
{
"name" : "http://www.hackers.ir/advisories/joomla.html",
"refsource" : "MISC",
"url" : "http://www.hackers.ir/advisories/joomla.html"
},
{
"name" : "20070514 shared code incolving pcltar.lib.php/g_pcltar_lib_dir RFI",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2007-May/001618.html"
},
{
"name" : "23613",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23613"
},
{
"name" : "23708",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23708"
},
{
"name" : "24660",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24660"
},
{
"name" : "25528",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25528"
},
{
"name" : "ADV-2007-1511",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1511"
},
{
"name" : "34803",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/34803"
},
{
"name" : "36009",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36009"
},
{
"name" : "25230",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25230"
},
{
"name" : "joomla-pcltar-file-include(33837)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33837"
},
{
"name" : "cjgexplorerpro-pcltarpcltrace-file-include(34273)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34273"
},
{
"name" : "phpsitebackup-pcltarlib-file-include(35092)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35092"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcltar.php) in the PclTar module 1.3 and 1.3.1 for Vincent Blavet PhpConcept Library, as used in multiple products including (1) Joomla! 1.5.0 Beta, (2) N/X Web Content Management System (WCMS) 4.5, (3) CJG EXPLORER PRO 3.3, and (4) phpSiteBackup 0.1, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25230",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25230"
},
{
"name": "23613",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23613"
},
{
"name": "23708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23708"
},
{
"name": "http://www.hackers.ir/advisories/joomla.html",
"refsource": "MISC",
"url": "http://www.hackers.ir/advisories/joomla.html"
},
{
"name": "3781",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3781"
},
{
"name": "phpsitebackup-pcltarlib-file-include(35092)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35092"
},
{
"name": "4111",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4111"
},
{
"name": "20070514 shared code incolving pcltar.lib.php/g_pcltar_lib_dir RFI",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-May/001618.html"
},
{
"name": "ADV-2007-1511",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1511"
},
{
"name": "25528",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25528"
},
{
"name": "20070904 Re: Multiple vulnerabilities in Joomla 1.5 RC 1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/478503/100/0/threaded"
},
{
"name": "36009",
"refsource": "OSVDB",
"url": "http://osvdb.org/36009"
},
{
"name": "cjgexplorerpro-pcltarpcltrace-file-include(34273)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34273"
},
{
"name": "3915",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3915"
},
{
"name": "joomla-pcltar-file-include(33837)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33837"
},
{
"name": "24660",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24660"
},
{
"name": "34803",
"refsource": "OSVDB",
"url": "http://osvdb.org/34803"
},
{
"name": "20070423 Remote file inclusion in Joomla 1.5.0 Beta",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466687/100/0/threaded"
}
]
}
}

230
2007/2xxx/CVE-2007-2339.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2339",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary SQL commands via (1) a modified recipients parameter name in (a) pm.php; (2) the curr parameter to the (b) badwords (aka censorlist) or (c) banlist module in admin.php; or (3) the \"Edit groups / Add group\" field in the (d) groups module in admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070419 [waraxe-2007-SA#049] - Multiple vulnerabilities in Phorum 5.1.20",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/466286/100/0/threaded"
},
{
"name" : "http://www.waraxe.us/advisory-49.html",
"refsource" : "MISC",
"url" : "http://www.waraxe.us/advisory-49.html"
},
{
"name" : "http://www.phorum.org/story.php?76",
"refsource" : "CONFIRM",
"url" : "http://www.phorum.org/story.php?76"
},
{
"name" : "23616",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23616"
},
{
"name" : "ADV-2007-1479",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1479"
},
{
"name" : "35062",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35062"
},
{
"name" : "35063",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35063"
},
{
"name" : "35064",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35064"
},
{
"name" : "1017936",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017936"
},
{
"name" : "24932",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24932"
},
{
"name" : "2617",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2617"
},
{
"name" : "phorum-multiple-scripts-sql-injection(34081)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34081"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary SQL commands via (1) a modified recipients parameter name in (a) pm.php; (2) the curr parameter to the (b) badwords (aka censorlist) or (c) banlist module in admin.php; or (3) the \"Edit groups / Add group\" field in the (d) groups module in admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.waraxe.us/advisory-49.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-49.html"
},
{
"name": "http://www.phorum.org/story.php?76",
"refsource": "CONFIRM",
"url": "http://www.phorum.org/story.php?76"
},
{
"name": "1017936",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017936"
},
{
"name": "35062",
"refsource": "OSVDB",
"url": "http://osvdb.org/35062"
},
{
"name": "ADV-2007-1479",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1479"
},
{
"name": "24932",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24932"
},
{
"name": "20070419 [waraxe-2007-SA#049] - Multiple vulnerabilities in Phorum 5.1.20",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466286/100/0/threaded"
},
{
"name": "2617",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2617"
},
{
"name": "23616",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23616"
},
{
"name": "phorum-multiple-scripts-sql-injection(34081)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34081"
},
{
"name": "35064",
"refsource": "OSVDB",
"url": "http://osvdb.org/35064"
},
{
"name": "35063",
"refsource": "OSVDB",
"url": "http://osvdb.org/35063"
}
]
}
}

170
2007/2xxx/CVE-2007-2366.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2366",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3812",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3812"
},
{
"name" : "23698",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23698"
},
{
"name" : "ADV-2007-1576",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1576"
},
{
"name" : "35467",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35467"
},
{
"name" : "25034",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25034"
},
{
"name" : "adobe-pngfile-bo(33956)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33956"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1576",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1576"
},
{
"name": "adobe-pngfile-bo(33956)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33956"
},
{
"name": "25034",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25034"
},
{
"name": "3812",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3812"
},
{
"name": "23698",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23698"
},
{
"name": "35467",
"refsource": "OSVDB",
"url": "http://osvdb.org/35467"
}
]
}
}

160
2007/2xxx/CVE-2007-2605.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2605",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the GetPropertyById function in ISoftomateObj in SoftomateLib in BRUJULA4.NET.DLL in the Brujula Toolbar (Brujula.net toolbar) allows attackers to cause a denial of service (NULL dereference and browser crash) via certain arguments."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070509 Multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/468070/100/0/threaded"
},
{
"name" : "23901",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23901"
},
{
"name" : "34773",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/34773"
},
{
"name" : "2708",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2708"
},
{
"name" : "brujula-Brujula4net-dos(34213)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34213"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the GetPropertyById function in ISoftomateObj in SoftomateLib in BRUJULA4.NET.DLL in the Brujula Toolbar (Brujula.net toolbar) allows attackers to cause a denial of service (NULL dereference and browser crash) via certain arguments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070509 Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/468070/100/0/threaded"
},
{
"name": "34773",
"refsource": "OSVDB",
"url": "http://osvdb.org/34773"
},
{
"name": "brujula-Brujula4net-dos(34213)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34213"
},
{
"name": "2708",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2708"
},
{
"name": "23901",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23901"
}
]
}
}

170
2007/2xxx/CVE-2007-2671.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2671",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of service (application crash) via a long hostname in an HREF attribute in an A element, which triggers an out-of-bounds memory access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070501 Firefox 2.0.0.3 Out-of-bounds memory access via specialy crafted html file",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/062773.html"
},
{
"name" : "http://www.critical.lt/research/opera_die_happy.html",
"refsource" : "MISC",
"url" : "http://www.critical.lt/research/opera_die_happy.html"
},
{
"name" : "23747",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23747"
},
{
"name" : "35700",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35700"
},
{
"name" : "2704",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2704"
},
{
"name" : "firefox-href-dos(33982)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33982"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of service (application crash) via a long hostname in an HREF attribute in an A element, which triggers an out-of-bounds memory access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2704",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2704"
},
{
"name": "firefox-href-dos(33982)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33982"
},
{
"name": "20070501 Firefox 2.0.0.3 Out-of-bounds memory access via specialy crafted html file",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/062773.html"
},
{
"name": "23747",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23747"
},
{
"name": "35700",
"refsource": "OSVDB",
"url": "http://osvdb.org/35700"
},
{
"name": "http://www.critical.lt/research/opera_die_happy.html",
"refsource": "MISC",
"url": "http://www.critical.lt/research/opera_die_happy.html"
}
]
}
}

170
2007/6xxx/CVE-2007-6179.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6179",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Charray's CMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the ccms_library_path parameter to (1) markdown.php and (2) gallery.php in decoder/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4672",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4672"
},
{
"name" : "26619",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26619"
},
{
"name" : "38912",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38912"
},
{
"name" : "38913",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38913"
},
{
"name" : "27854",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27854"
},
{
"name" : "charraycms-ccmslibrarypath-file-include(38678)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38678"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Charray's CMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the ccms_library_path parameter to (1) markdown.php and (2) gallery.php in decoder/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "charraycms-ccmslibrarypath-file-include(38678)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38678"
},
{
"name": "4672",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4672"
},
{
"name": "38913",
"refsource": "OSVDB",
"url": "http://osvdb.org/38913"
},
{
"name": "26619",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26619"
},
{
"name": "27854",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27854"
},
{
"name": "38912",
"refsource": "OSVDB",
"url": "http://osvdb.org/38912"
}
]
}
}

180
2007/6xxx/CVE-2007-6225.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6225",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Sun Solaris 10, when 64bit mode is used on the x86 platform, allows local users in a Linux (lx) branded zone to cause a denial of service (panic) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "103153",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103153-1"
},
{
"name" : "26672",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26672"
},
{
"name" : "ADV-2007-4058",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4058"
},
{
"name" : "40828",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/40828"
},
{
"name" : "1019034",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019034"
},
{
"name" : "27877",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27877"
},
{
"name" : "solaris-branded-zones-dos(38799)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38799"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Sun Solaris 10, when 64bit mode is used on the x86 platform, allows local users in a Linux (lx) branded zone to cause a denial of service (panic) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40828",
"refsource": "OSVDB",
"url": "http://osvdb.org/40828"
},
{
"name": "solaris-branded-zones-dos(38799)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38799"
},
{
"name": "ADV-2007-4058",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4058"
},
{
"name": "1019034",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019034"
},
{
"name": "27877",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27877"
},
{
"name": "103153",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103153-1"
},
{
"name": "26672",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26672"
}
]
}
}

150
2010/0xxx/CVE-2010-0025.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0025",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka \"SMTP Memory Allocation Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-0025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS10-024",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-024"
},
{
"name" : "TA10-103A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-103A.html"
},
{
"name" : "oval:org.mitre.oval:def:12175",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12175"
},
{
"name" : "39253",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39253"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka \"SMTP Memory Allocation Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39253"
},
{
"name": "MS10-024",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-024"
},
{
"name": "oval:org.mitre.oval:def:12175",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12175"
},
{
"name": "TA10-103A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-103A.html"
}
]
}
}

140
2010/0xxx/CVE-2010-0486.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0486",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka \"WinVerifyTrust Signature Validation Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-0486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS10-019",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-019"
},
{
"name" : "TA10-103A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-103A.html"
},
{
"name" : "oval:org.mitre.oval:def:6787",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6787"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka \"WinVerifyTrust Signature Validation Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS10-019",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-019"
},
{
"name": "oval:org.mitre.oval:def:6787",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6787"
},
{
"name": "TA10-103A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-103A.html"
}
]
}
}

460
2010/0xxx/CVE-2010-0734.json
View File

@ -1,232 +1,232 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0734",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101027 rPSA-2010-0072-1 curl",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/514490/100/0/threaded"
},
{
"name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name" : "[oss-security] 20100209 CVE Request -- cURL/libCURL 7.20.0",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/02/09/5"
},
{
"name" : "[oss-security] 20100309 Re: CVE Request -- cURL/libCURL 7.20.0",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/03/09/1"
},
{
"name" : "[oss-security] 20100316 Re: CVE Request -- cURL/libCURL 7.20.0",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/03/16/11"
},
{
"name" : "http://curl.haxx.se/docs/adv_20100209.html",
"refsource" : "CONFIRM",
"url" : "http://curl.haxx.se/docs/adv_20100209.html"
},
{
"name" : "http://curl.haxx.se/docs/security.html#20100209",
"refsource" : "CONFIRM",
"url" : "http://curl.haxx.se/docs/security.html#20100209"
},
{
"name" : "http://curl.haxx.se/libcurl-contentencoding.patch",
"refsource" : "CONFIRM",
"url" : "http://curl.haxx.se/libcurl-contentencoding.patch"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=563220",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=563220"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100081819",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100081819"
},
{
"name" : "http://support.apple.com/kb/HT4188",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4188"
},
{
"name" : "http://wiki.rpath.com/Advisories:rPSA-2010-0072",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/Advisories:rPSA-2010-0072"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name" : "APPLE-SA-2010-06-15-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"name" : "DSA-2023",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2023"
},
{
"name" : "FEDORA-2010-2720",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html"
},
{
"name" : "FEDORA-2010-2762",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html"
},
{
"name" : "GLSA-201203-02",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201203-02.xml"
},
{
"name" : "MDVSA-2010:062",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:062"
},
{
"name" : "RHSA-2010:0329",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0329.html"
},
{
"name" : "USN-1158-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1158-1"
},
{
"name" : "oval:org.mitre.oval:def:10760",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10760"
},
{
"name" : "oval:org.mitre.oval:def:6756",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6756"
},
{
"name" : "38843",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38843"
},
{
"name" : "38981",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38981"
},
{
"name" : "39087",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39087"
},
{
"name" : "39734",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39734"
},
{
"name" : "40220",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40220"
},
{
"name" : "45047",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45047"
},
{
"name" : "48256",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48256"
},
{
"name" : "ADV-2010-0571",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0571"
},
{
"name" : "ADV-2010-0602",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0602"
},
{
"name" : "ADV-2010-0660",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0660"
},
{
"name" : "ADV-2010-0725",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0725"
},
{
"name" : "ADV-2010-1481",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1481"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-06-15-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"name": "ADV-2010-0571",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0571"
},
{
"name": "ADV-2010-0602",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0602"
},
{
"name": "20101027 rPSA-2010-0072-1 curl",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514490/100/0/threaded"
},
{
"name": "38843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38843"
},
{
"name": "[oss-security] 20100309 Re: CVE Request -- cURL/libCURL 7.20.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/03/09/1"
},
{
"name": "38981",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38981"
},
{
"name": "ADV-2010-1481",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"name": "USN-1158-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1158-1"
},
{
"name": "http://curl.haxx.se/docs/adv_20100209.html",
"refsource": "CONFIRM",
"url": "http://curl.haxx.se/docs/adv_20100209.html"
},
{
"name": "ADV-2010-0725",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0725"
},
{
"name": "DSA-2023",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2023"
},
{
"name": "RHSA-2010:0329",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0329.html"
},
{
"name": "oval:org.mitre.oval:def:10760",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10760"
},
{
"name": "http://support.apple.com/kb/HT4188",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4188"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=563220",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=563220"
},
{
"name": "MDVSA-2010:062",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:062"
},
{
"name": "40220",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40220"
},
{
"name": "GLSA-201203-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
},
{
"name": "FEDORA-2010-2720",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html"
},
{
"name": "FEDORA-2010-2762",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html"
},
{
"name": "48256",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48256"
},
{
"name": "http://support.avaya.com/css/P8/documents/100081819",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100081819"
},
{
"name": "[oss-security] 20100316 Re: CVE Request -- cURL/libCURL 7.20.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/03/16/11"
},
{
"name": "39087",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39087"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "45047",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45047"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2010-0072",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2010-0072"
},
{
"name": "http://curl.haxx.se/libcurl-contentencoding.patch",
"refsource": "CONFIRM",
"url": "http://curl.haxx.se/libcurl-contentencoding.patch"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:6756",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6756"
},
{
"name": "39734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39734"
},
{
"name": "http://curl.haxx.se/docs/security.html#20100209",
"refsource": "CONFIRM",
"url": "http://curl.haxx.se/docs/security.html#20100209"
},
{
"name": "ADV-2010-0660",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0660"
},
{
"name": "[oss-security] 20100209 CVE Request -- cURL/libCURL 7.20.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/02/09/5"
}
]
}
}

140
2010/0xxx/CVE-2010-0851.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0851",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-0851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html"
},
{
"name" : "TA10-103B",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-103B.html"
},
{
"name" : "39438",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39438"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA10-103B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html"
},
{
"name": "39438",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39438"
}
]
}
}

150
2010/1xxx/CVE-2010-1317.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1317",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the NTLM authentication functionality in RealNetworks Helix Server and Helix Mobile Server 11.x, 12.x, and 13.x allows remote attackers to have an unspecified impact via invalid base64-encoded data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf"
},
{
"name" : "39490",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39490"
},
{
"name" : "39279",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39279"
},
{
"name" : "ADV-2010-0889",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0889"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the NTLM authentication functionality in RealNetworks Helix Server and Helix Mobile Server 11.x, 12.x, and 13.x allows remote attackers to have an unspecified impact via invalid base64-encoded data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39490"
},
{
"name": "http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf",
"refsource": "CONFIRM",
"url": "http://www.realnetworks.com/uploadedFiles/Support/helix-support/SecurityUpdate041410HS.pdf"
},
{
"name": "39279",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39279"
},
{
"name": "ADV-2010-0889",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0889"
}
]
}
}

170
2010/1xxx/CVE-2010-1576.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1576",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to bypass intended header insertions or conduct HTTP request smuggling attacks via crafted header data, as demonstrated by LF characters preceding ClientCert-Subject and ClientCert-Subject-CN headers, aka Bug ID CSCta04885."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-1576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100702 VSR Advisory: Multiple Cisco CSS / ACE Client Certificate and HTTP Header Manipulation Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/512144/100/0/threaded"
},
{
"name" : "http://www.vsecurity.com/resources/advisory/20100702-1/",
"refsource" : "MISC",
"url" : "http://www.vsecurity.com/resources/advisory/20100702-1/"
},
{
"name" : "41315",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41315"
},
{
"name" : "66092",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/66092"
},
{
"name" : "1024167",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024167"
},
{
"name" : "1024168",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024168"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to bypass intended header insertions or conduct HTTP request smuggling attacks via crafted header data, as demonstrated by LF characters preceding ClientCert-Subject and ClientCert-Subject-CN headers, aka Bug ID CSCta04885."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100702 VSR Advisory: Multiple Cisco CSS / ACE Client Certificate and HTTP Header Manipulation Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/512144/100/0/threaded"
},
{
"name": "1024167",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024167"
},
{
"name": "41315",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41315"
},
{
"name": "http://www.vsecurity.com/resources/advisory/20100702-1/",
"refsource": "MISC",
"url": "http://www.vsecurity.com/resources/advisory/20100702-1/"
},
{
"name": "66092",
"refsource": "OSVDB",
"url": "http://osvdb.org/66092"
},
{
"name": "1024168",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024168"
}
]
}
}

34
2010/4xxx/CVE-2010-4125.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4125",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2010-4125",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}

120
2010/4xxx/CVE-2010-4969.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4969",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in articlesdetails.php in BrotherScripts (BS) Business Directory allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14241",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14241"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in articlesdetails.php in BrotherScripts (BS) Business Directory allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14241",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14241"
}
]
}
}

370
2014/0xxx/CVE-2014-0092.json
View File

@ -1,187 +1,187 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0092",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://gnutls.org/security.html#GNUTLS-SA-2014-2",
"refsource" : "CONFIRM",
"url" : "http://gnutls.org/security.html#GNUTLS-SA-2014-2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1069865",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1069865"
},
{
"name" : "DSA-2869",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2869"
},
{
"name" : "RHSA-2014:0246",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0246.html"
},
{
"name" : "RHSA-2014:0247",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0247.html"
},
{
"name" : "RHSA-2014:0288",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0288.html"
},
{
"name" : "RHSA-2014:0339",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0339.html"
},
{
"name" : "SUSE-SU-2014:0319",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html"
},
{
"name" : "SUSE-SU-2014:0321",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00002.html"
},
{
"name" : "SUSE-SU-2014:0323",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00004.html"
},
{
"name" : "SUSE-SU-2014:0320",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name" : "SUSE-SU-2014:0322",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html"
},
{
"name" : "SUSE-SU-2014:0324",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00005.html"
},
{
"name" : "openSUSE-SU-2014:0325",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00006.html"
},
{
"name" : "openSUSE-SU-2014:0328",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00007.html"
},
{
"name" : "openSUSE-SU-2014:0346",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html"
},
{
"name" : "SUSE-SU-2014:0445",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html"
},
{
"name" : "USN-2127-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2127-1"
},
{
"name" : "65919",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65919"
},
{
"name" : "56933",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56933"
},
{
"name" : "57103",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57103"
},
{
"name" : "57204",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57204"
},
{
"name" : "57254",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57254"
},
{
"name" : "57260",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57260"
},
{
"name" : "57274",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57274"
},
{
"name" : "57321",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57321"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57321",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57321"
},
{
"name": "57260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57260"
},
{
"name": "RHSA-2014:0288",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0288.html"
},
{
"name": "http://gnutls.org/security.html#GNUTLS-SA-2014-2",
"refsource": "CONFIRM",
"url": "http://gnutls.org/security.html#GNUTLS-SA-2014-2"
},
{
"name": "SUSE-SU-2014:0445",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html"
},
{
"name": "57274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57274"
},
{
"name": "SUSE-SU-2014:0319",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html"
},
{
"name": "RHSA-2014:0247",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0247.html"
},
{
"name": "65919",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65919"
},
{
"name": "SUSE-SU-2014:0320",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name": "SUSE-SU-2014:0322",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html"
},
{
"name": "SUSE-SU-2014:0324",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00005.html"
},
{
"name": "57254",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57254"
},
{
"name": "RHSA-2014:0339",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0339.html"
},
{
"name": "56933",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56933"
},
{
"name": "SUSE-SU-2014:0323",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00004.html"
},
{
"name": "RHSA-2014:0246",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0246.html"
},
{
"name": "SUSE-SU-2014:0321",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00002.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1069865",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069865"
},
{
"name": "USN-2127-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2127-1"
},
{
"name": "57204",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57204"
},
{
"name": "openSUSE-SU-2014:0346",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html"
},
{
"name": "57103",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57103"
},
{
"name": "openSUSE-SU-2014:0328",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00007.html"
},
{
"name": "openSUSE-SU-2014:0325",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00006.html"
},
{
"name": "DSA-2869",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2869"
}
]
}
}

150
2014/0xxx/CVE-2014-0957.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0957",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM Business Process Manager 7.5 through 8.5.5, and WebSphere Lombardi Edition 7.2, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a service failure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21679064",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21679064"
},
{
"name" : "JR49990",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR49990"
},
{
"name" : "59557",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59557"
},
{
"name" : "ibm-bpm-cve20140957-xss(92738)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92738"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Business Process Manager 7.5 through 8.5.5, and WebSphere Lombardi Edition 7.2, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a service failure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JR49990",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR49990"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21679064",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679064"
},
{
"name": "59557",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59557"
},
{
"name": "ibm-bpm-cve20140957-xss(92738)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92738"
}
]
}
}

220
2014/1xxx/CVE-2014-1263.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1263",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-1263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://twitter.com/agl__/statuses/437029812046422016",
"refsource" : "MISC",
"url" : "http://twitter.com/agl__/statuses/437029812046422016"
},
{
"name" : "http://twitter.com/okoeroo/statuses/437272014043496449",
"refsource" : "MISC",
"url" : "http://twitter.com/okoeroo/statuses/437272014043496449"
},
{
"name" : "https://gist.github.com/rmoriz/fb2b0a6a0ce10550ab73",
"refsource" : "MISC",
"url" : "https://gist.github.com/rmoriz/fb2b0a6a0ce10550ab73"
},
{
"name" : "http://support.apple.com/kb/HT6150",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT6150"
},
{
"name" : "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/",
"refsource" : "CONFIRM",
"url" : "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
},
{
"name" : "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/",
"refsource" : "CONFIRM",
"url" : "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
},
{
"name" : "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/",
"refsource" : "CONFIRM",
"url" : "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
},
{
"name" : "http://curl.haxx.se/docs/adv_20140326C.html",
"refsource" : "CONFIRM",
"url" : "http://curl.haxx.se/docs/adv_20140326C.html"
},
{
"name" : "57836",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57836"
},
{
"name" : "57966",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57966"
},
{
"name" : "57968",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57968"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/rmoriz/fb2b0a6a0ce10550ab73",
"refsource": "MISC",
"url": "https://gist.github.com/rmoriz/fb2b0a6a0ce10550ab73"
},
{
"name": "57836",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57836"
},
{
"name": "http://support.apple.com/kb/HT6150",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6150"
},
{
"name": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/",
"refsource": "CONFIRM",
"url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
},
{
"name": "http://twitter.com/agl__/statuses/437029812046422016",
"refsource": "MISC",
"url": "http://twitter.com/agl__/statuses/437029812046422016"
},
{
"name": "http://curl.haxx.se/docs/adv_20140326C.html",
"refsource": "CONFIRM",
"url": "http://curl.haxx.se/docs/adv_20140326C.html"
},
{
"name": "57968",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57968"
},
{
"name": "http://twitter.com/okoeroo/statuses/437272014043496449",
"refsource": "MISC",
"url": "http://twitter.com/okoeroo/statuses/437272014043496449"
},
{
"name": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/",
"refsource": "CONFIRM",
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
},
{
"name": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/",
"refsource": "CONFIRM",
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
},
{
"name": "57966",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57966"
}
]
}
}

120
2014/1xxx/CVE-2014-1321.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1321",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Power Management in Apple OS X 10.9.x through 10.9.2 allows physically proximate attackers to bypass an intended transition into the locked-screen state by touching (1) a key or (2) the trackpad during a lid-close action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-1321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2014-04-22-1",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Power Management in Apple OS X 10.9.x through 10.9.2 allows physically proximate attackers to bypass an intended transition into the locked-screen state by touching (1) a key or (2) the trackpad during a lid-close action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2014-04-22-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"
}
]
}
}

200
2014/1xxx/CVE-2014-1745.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1745",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object, related to core/svg/SVGFontFaceElement.cpp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-1745",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=346192",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=346192"
},
{
"name" : "https://src.chromium.org/viewvc/blink?revision=167993&view=revision",
"refsource" : "CONFIRM",
"url" : "https://src.chromium.org/viewvc/blink?revision=167993&view=revision"
},
{
"name" : "DSA-2939",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2939"
},
{
"name" : "GLSA-201408-16",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201408-16.xml"
},
{
"name" : "openSUSE-SU-2014:0783",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html"
},
{
"name" : "1030270",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030270"
},
{
"name" : "58920",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58920"
},
{
"name" : "59155",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59155"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object, related to core/svg/SVGFontFaceElement.cpp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2939",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2939"
},
{
"name": "http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html"
},
{
"name": "GLSA-201408-16",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201408-16.xml"
},
{
"name": "openSUSE-SU-2014:0783",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html"
},
{
"name": "59155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59155"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=346192",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=346192"
},
{
"name": "https://src.chromium.org/viewvc/blink?revision=167993&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/blink?revision=167993&view=revision"
},
{
"name": "58920",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58920"
},
{
"name": "1030270",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030270"
}
]
}
}

180
2014/1xxx/CVE-2014-1921.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1921",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "parcimonie before 0.8.1, when using a large keyring, sleeps for the same amount of time between fetches, which allows attackers to correlate key fetches via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140210 CVE request: parcimonie (0.6 to 0.8, included) possible correlation between key fetches",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q1/305"
},
{
"name" : "[oss-security] 20140210 Re: CVE request: parcimonie (0.6 to 0.8, included) possible correlation between key fetches",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q1/308"
},
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738134",
"refsource" : "CONFIRM",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738134"
},
{
"name" : "https://gaffer.ptitcanardnoir.org/intrigeri/files/parcimonie/App-Parcimonie-0.8.1.tar.gz",
"refsource" : "CONFIRM",
"url" : "https://gaffer.ptitcanardnoir.org/intrigeri/files/parcimonie/App-Parcimonie-0.8.1.tar.gz"
},
{
"name" : "DSA-2860",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2860"
},
{
"name" : "65505",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65505"
},
{
"name" : "parcimonie-cve20141921-info-disc(91118)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91118"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "parcimonie before 0.8.1, when using a large keyring, sleeps for the same amount of time between fetches, which allows attackers to correlate key fetches via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gaffer.ptitcanardnoir.org/intrigeri/files/parcimonie/App-Parcimonie-0.8.1.tar.gz",
"refsource": "CONFIRM",
"url": "https://gaffer.ptitcanardnoir.org/intrigeri/files/parcimonie/App-Parcimonie-0.8.1.tar.gz"
},
{
"name": "[oss-security] 20140210 Re: CVE request: parcimonie (0.6 to 0.8, included) possible correlation between key fetches",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q1/308"
},
{
"name": "DSA-2860",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2860"
},
{
"name": "parcimonie-cve20141921-info-disc(91118)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91118"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738134",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738134"
},
{
"name": "65505",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65505"
},
{
"name": "[oss-security] 20140210 CVE request: parcimonie (0.6 to 0.8, included) possible correlation between key fetches",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q1/305"
}
]
}
}

140
2014/1xxx/CVE-2014-1980.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1980",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in include/functions_metadata.inc.php in Piwigo before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the Make field in IPTC Exif metadata within an image uploaded to the Community plugin."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-1980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://piwigo.org/bugs/view.php?id=2805",
"refsource" : "CONFIRM",
"url" : "http://piwigo.org/bugs/view.php?id=2805"
},
{
"name" : "JVN#80310172",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN80310172/index.html"
},
{
"name" : "JVNDB-2014-000092",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000092"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in include/functions_metadata.inc.php in Piwigo before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the Make field in IPTC Exif metadata within an image uploaded to the Community plugin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#80310172",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN80310172/index.html"
},
{
"name": "JVNDB-2014-000092",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000092"
},
{
"name": "http://piwigo.org/bugs/view.php?id=2805",
"refsource": "CONFIRM",
"url": "http://piwigo.org/bugs/view.php?id=2805"
}
]
}
}

170
2014/4xxx/CVE-2014-4242.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4242",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect integrity via unknown vectors related to Console."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-4242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name" : "68641",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68641"
},
{
"name" : "oracle-cpujul2014-cve20144242(94557)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94557"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect integrity via unknown vectors related to Console."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "oracle-cpujul2014-cve20144242(94557)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94557"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "68641",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68641"
}
]
}
}

150
2014/4xxx/CVE-2014-4498.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4498",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CPU Software in Apple OS X before 10.10.2 allows physically proximate attackers to modify firmware during the EFI update process by inserting a Thunderbolt device with crafted code in an Option ROM, aka the \"Thunderstrike\" issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://trmm.net/Thunderstrike",
"refsource" : "MISC",
"url" : "https://trmm.net/Thunderstrike"
},
{
"name" : "http://support.apple.com/HT204244",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/HT204244"
},
{
"name" : "APPLE-SA-2015-01-27-4",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
},
{
"name" : "1031650",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031650"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CPU Software in Apple OS X before 10.10.2 allows physically proximate attackers to modify firmware during the EFI update process by inserting a Thunderbolt device with crafted code in an Option ROM, aka the \"Thunderstrike\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://trmm.net/Thunderstrike",
"refsource": "MISC",
"url": "https://trmm.net/Thunderstrike"
},
{
"name": "1031650",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031650"
},
{
"name": "http://support.apple.com/HT204244",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204244"
},
{
"name": "APPLE-SA-2015-01-27-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
]
}
}

140
2014/4xxx/CVE-2014-4776.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4776",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM License Metric Tool 9 before 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21713641",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21713641"
},
{
"name" : "74437",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74437"
},
{
"name" : "1032256",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032256"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM License Metric Tool 9 before 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74437",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74437"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21713641",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21713641"
},
{
"name": "1032256",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032256"
}
]
}
}

34
2014/9xxx/CVE-2014-9012.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9012",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9012",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/9xxx/CVE-2014-9210.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9210",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-9210",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

34
2014/9xxx/CVE-2014-9918.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9918",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9918",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

142
2014/9xxx/CVE-2014-9972.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00",
"ID" : "CVE-2014-9972",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Mobile",
"version" : {
"version_data" : [
{
"version_value" : "SD 400, SD 410/12, SD 615/16/SD 415, SD 800, MDM9615, MDM9625, MDM9635M"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts can potentially cause a NULL pointer dereference during an out-of-memory condition."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "NULL Pointer Dereference in MMCP"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-04-02T00:00:00",
"ID": "CVE-2014-9972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "SD 400, SD 410/12, SD 615/16/SD 415, SD 800, MDM9615, MDM9625, MDM9635M"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-07-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name" : "https://source.android.com/security/bulletin/2018-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name" : "103671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103671"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts can potentially cause a NULL pointer dereference during an out-of-memory condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference in MMCP"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-07-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
}

220
2016/3xxx/CVE-2016-3024.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-3024",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Access Manager",
"version" : {
"version_data" : [
{
"version_value" : "9.0"
},
{
"version_value" : "9.0.0.1"
},
{
"version_value" : "9.0.1"
},
{
"version_value" : "7.0.0"
},
{
"version_value" : "8.0.0"
},
{
"version_value" : "8.0.0.1"
},
{
"version_value" : "8.0.0.2"
},
{
"version_value" : "8.0.0.3"
},
{
"version_value" : "8.0.0.4"
},
{
"version_value" : "8.0.0.5"
},
{
"version_value" : "8.0.1"
},
{
"version_value" : "8.0.1.2"
},
{
"version_value" : "8.0.1.3"
},
{
"version_value" : "8.0.1.4"
},
{
"version_value" : "9.0.0"
},
{
"version_value" : "9.0.1.0"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Access Manager for Web allows web pages to be stored locally which can be read by another user on the system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-3024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0"
},
{
"version_value": "9.0.0.1"
},
{
"version_value": "9.0.1"
},
{
"version_value": "7.0.0"
},
{
"version_value": "8.0.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "9.0.0"
},
{
"version_value": "9.0.1.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21995340",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21995340"
},
{
"name" : "96132",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96132"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager for Web allows web pages to be stored locally which can be read by another user on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21995340",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995340"
},
{
"name": "96132",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96132"
}
]
}
}

140
2016/3xxx/CVE-2016-3128.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@blackberry.com",
"ID" : "CVE-2016-3128",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BES12 versions through 12.5.2",
"version" : {
"version_data" : [
{
"version_value" : "BES12 versions through 12.5.2"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to enroll an illegitimate device to the BES, gain access to device parameters for the BES, or send false information to the BES by gaining access to specific information about a device that was legitimately enrolled on the BES."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "spoofing"
}
"CVE_data_meta": {
"ASSIGNER": "secure@blackberry.com",
"ID": "CVE-2016-3128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BES12 versions through 12.5.2",
"version": {
"version_data": [
{
"version_value": "BES12 versions through 12.5.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000038913",
"refsource" : "CONFIRM",
"url" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000038913"
},
{
"name" : "95624",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95624"
},
{
"name" : "1037585",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037585"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to enroll an illegitimate device to the BES, gain access to device parameters for the BES, or send false information to the BES by gaining access to specific information about a device that was legitimately enrolled on the BES."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038913",
"refsource": "CONFIRM",
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038913"
},
{
"name": "95624",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95624"
},
{
"name": "1037585",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037585"
}
]
}
}

150
2016/3xxx/CVE-2016-3370.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3370",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka \"PDF Library Information Disclosure Vulnerability,\" a different vulnerability than CVE-2016-3374."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-105",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105"
},
{
"name" : "MS16-115",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-115"
},
{
"name" : "92839",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92839"
},
{
"name" : "1036789",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036789"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka \"PDF Library Information Disclosure Vulnerability,\" a different vulnerability than CVE-2016-3374."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036789",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036789"
},
{
"name": "MS16-115",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-115"
},
{
"name": "92839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92839"
},
{
"name": "MS16-105",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105"
}
]
}
}

150
2016/3xxx/CVE-2016-3525.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3525",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality via vectors related to Cookie Management."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name" : "91787",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91787"
},
{
"name" : "91878",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91878"
},
{
"name" : "1036403",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036403"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality via vectors related to Cookie Management."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "91878",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91878"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "1036403",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036403"
}
]
}
}

140
2016/3xxx/CVE-2016-3843.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3843",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 and Qualcomm internal bug CR1011071."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name" : "92237",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92237"
},
{
"name" : "92250",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92250"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 and Qualcomm internal bug CR1011071."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name": "92237",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92237"
},
{
"name": "92250",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92250"
}
]
}
}

210
2016/7xxx/CVE-2016-7046.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7046",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1376646",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1376646"
},
{
"name" : "RHSA-2016:2640",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2640.html"
},
{
"name" : "RHSA-2016:2641",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2641.html"
},
{
"name" : "RHSA-2016:2642",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2642.html"
},
{
"name" : "RHSA-2016:2657",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2657.html"
},
{
"name" : "RHSA-2017:3454",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
"name" : "RHSA-2017:3455",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"name" : "RHSA-2017:3456",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
"name" : "RHSA-2017:3458",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"name" : "93173",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93173"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:2640",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2640.html"
},
{
"name": "RHSA-2017:3458",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"name": "RHSA-2016:2642",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2642.html"
},
{
"name": "RHSA-2017:3455",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"name": "RHSA-2016:2657",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2657.html"
},
{
"name": "RHSA-2017:3456",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1376646",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376646"
},
{
"name": "RHSA-2017:3454",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
"name": "RHSA-2016:2641",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2641.html"
},
{
"name": "93173",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93173"
}
]
}
}

190
2016/7xxx/CVE-2016-7156.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7156",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging an incorrect cast."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160906 CVE request: Qemu: scsi: pvscsi: infintie loop when building SG list",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/09/06/3"
},
{
"name" : "[oss-security] 20160906 Re: CVE request: Qemu: scsi: pvscsi: infintie loop when building SG list",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/09/07/2"
},
{
"name" : "[qemu-devel] 20160906 [PATCH v2] scsi: pvscsi: check request descriptor SG element count",
"refsource" : "MLIST",
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00772.html"
},
{
"name" : "[qemu-devel] 20160906 [PATCH v3] scsi: pvscsi: avoid infinite loop while building SG list",
"refsource" : "MLIST",
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg01246.html"
},
{
"name" : "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=49adc5d3f8c6bb75e55ebfeab109c5c37dea65e8",
"refsource" : "CONFIRM",
"url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=49adc5d3f8c6bb75e55ebfeab109c5c37dea65e8"
},
{
"name" : "GLSA-201609-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201609-01"
},
{
"name" : "92774",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92774"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging an incorrect cast."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[qemu-devel] 20160906 [PATCH v3] scsi: pvscsi: avoid infinite loop while building SG list",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg01246.html"
},
{
"name": "[oss-security] 20160906 CVE request: Qemu: scsi: pvscsi: infintie loop when building SG list",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/06/3"
},
{
"name": "[qemu-devel] 20160906 [PATCH v2] scsi: pvscsi: check request descriptor SG element count",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00772.html"
},
{
"name": "[oss-security] 20160906 Re: CVE request: Qemu: scsi: pvscsi: infintie loop when building SG list",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/07/2"
},
{
"name": "GLSA-201609-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201609-01"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=49adc5d3f8c6bb75e55ebfeab109c5c37dea65e8",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=49adc5d3f8c6bb75e55ebfeab109c5c37dea65e8"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "92774",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92774"
}
]
}
}

210
2016/7xxx/CVE-2016-7412.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7412",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7412",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/09/15/10"
},
{
"name" : "http://www.php.net/ChangeLog-5.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/ChangeLog-5.php"
},
{
"name" : "http://www.php.net/ChangeLog-7.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/ChangeLog-7.php"
},
{
"name" : "https://bugs.php.net/bug.php?id=72293",
"refsource" : "CONFIRM",
"url" : "https://bugs.php.net/bug.php?id=72293"
},
{
"name" : "https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1",
"refsource" : "CONFIRM",
"url" : "https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1"
},
{
"name" : "https://www.tenable.com/security/tns-2016-19",
"refsource" : "CONFIRM",
"url" : "https://www.tenable.com/security/tns-2016-19"
},
{
"name" : "GLSA-201611-22",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201611-22"
},
{
"name" : "RHSA-2018:1296",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1296"
},
{
"name" : "93005",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93005"
},
{
"name" : "1036836",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036836"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1",
"refsource": "CONFIRM",
"url": "https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1"
},
{
"name": "http://www.php.net/ChangeLog-7.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-7.php"
},
{
"name": "GLSA-201611-22",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"name": "1036836",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036836"
},
{
"name": "https://bugs.php.net/bug.php?id=72293",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=72293"
},
{
"name": "[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/10"
},
{
"name": "RHSA-2018:1296",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1296"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "https://www.tenable.com/security/tns-2016-19",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-19"
},
{
"name": "93005",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93005"
}
]
}
}

140
2016/8xxx/CVE-2016-8561.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8561",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Siemens SIMATIC CP 1543-1 before 2.0.28 allows remote authenticated users to gain privileges by leveraging certain TIA-Portal access and project-data access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01"
},
{
"name" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf"
},
{
"name" : "94436",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94436"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Siemens SIMATIC CP 1543-1 before 2.0.28 allows remote authenticated users to gain privileges by leveraging certain TIA-Portal access and project-data access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94436"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-01"
},
{
"name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf"
}
]
}
}

120
2016/8xxx/CVE-2016-8589.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8589",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/142219/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-log_query_dae.cgi-Remote-Code-Execution.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/142219/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-log_query_dae.cgi-Remote-Code-Execution.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/142219/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-log_query_dae.cgi-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/142219/Trend-Micro-Threat-Discovery-Appliance-2.6.1062r1-log_query_dae.cgi-Remote-Code-Execution.html"
}
]
}
}

132
2016/8xxx/CVE-2016-8744.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2017-02-10T00:00:00",
"ID" : "CVE-2016-8744",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Brooklyn",
"version" : {
"version_data" : [
{
"version_value" : "0.9.0 and all prior versions"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration in Brooklyn before 0.10.0, SnakeYAML will allow unmarshalling to any Java type available on the classpath. This could provide an authenticated user with a means to cause the JVM running Brooklyn to load and run Java code without detection by Brooklyn. Such code would have the privileges of the Java process running Brooklyn, including the ability to open files and network connections, and execute system commands. There is known to be a proof-of-concept exploit using this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-02-10T00:00:00",
"ID": "CVE-2016-8744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Brooklyn",
"version": {
"version_data": [
{
"version_value": "0.9.0 and all prior versions"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[dev] 20170210 [SECURITY] CVE-2016-8744: Apache Brooklyn, SnakeYAML configuration potentially allows remote code execution",
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/3f4d09c1c1a3cdfd1da0a05c8362769b917c078eed5b6c2f8e37a761@%3Cdev.brooklyn.apache.org%3E"
},
{
"name" : "https://brooklyn.apache.org/community/security/CVE-2016-8744.html",
"refsource" : "CONFIRM",
"url" : "https://brooklyn.apache.org/community/security/CVE-2016-8744.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration in Brooklyn before 0.10.0, SnakeYAML will allow unmarshalling to any Java type available on the classpath. This could provide an authenticated user with a means to cause the JVM running Brooklyn to load and run Java code without detection by Brooklyn. Such code would have the privileges of the Java process running Brooklyn, including the ability to open files and network connections, and execute system commands. There is known to be a proof-of-concept exploit using this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://brooklyn.apache.org/community/security/CVE-2016-8744.html",
"refsource": "CONFIRM",
"url": "https://brooklyn.apache.org/community/security/CVE-2016-8744.html"
},
{
"name": "[dev] 20170210 [SECURITY] CVE-2016-8744: Apache Brooklyn, SnakeYAML configuration potentially allows remote code execution",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/3f4d09c1c1a3cdfd1da0a05c8362769b917c078eed5b6c2f8e37a761@%3Cdev.brooklyn.apache.org%3E"
}
]
}
}

140
2016/8xxx/CVE-2016-8889.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8889",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 (fixed in v0.13.1.knots20161027), the debug console stores sensitive information including private keys and the wallet passphrase in its persistent command history."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bitcointalk.org/index.php?topic=1618462.0",
"refsource" : "CONFIRM",
"url" : "https://bitcointalk.org/index.php?topic=1618462.0"
},
{
"name" : "https://github.com/bitcoinknots/bitcoin/blob/v0.13.1.knots20161027/doc/release-notes.md",
"refsource" : "CONFIRM",
"url" : "https://github.com/bitcoinknots/bitcoin/blob/v0.13.1.knots20161027/doc/release-notes.md"
},
{
"name" : "94235",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94235"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 (fixed in v0.13.1.knots20161027), the debug console stores sensitive information including private keys and the wallet passphrase in its persistent command history."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94235",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94235"
},
{
"name": "https://bitcointalk.org/index.php?topic=1618462.0",
"refsource": "CONFIRM",
"url": "https://bitcointalk.org/index.php?topic=1618462.0"
},
{
"name": "https://github.com/bitcoinknots/bitcoin/blob/v0.13.1.knots20161027/doc/release-notes.md",
"refsource": "CONFIRM",
"url": "https://github.com/bitcoinknots/bitcoin/blob/v0.13.1.knots20161027/doc/release-notes.md"
}
]
}
}

152
2016/8xxx/CVE-2016-8964.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-07-12T00:00:00",
"ID" : "CVE-2016-8964",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BigFix Inventory",
"version" : {
"version_data" : [
{
"version_value" : "9.2"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 118853."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-07-12T00:00:00",
"ID": "CVE-2016-8964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BigFix Inventory",
"version": {
"version_data": [
{
"version_value": "9.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/118853",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/118853"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21995024",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21995024"
},
{
"name" : "99548",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99548"
},
{
"name" : "1038919",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038919"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 118853."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21995024",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995024"
},
{
"name": "1038919",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038919"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118853",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118853"
},
{
"name": "99548",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99548"
}
]
}
}

140
2016/9xxx/CVE-2016-9314.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9314",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to backup the system configuration and download it onto their local machine. This backup file contains sensitive information like passwd/shadow files, RSA certificates, Private Keys and Default Passphrase, etc. This was resolved in Version 6.5 CP 1737."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://success.trendmicro.com/solution/1116672",
"refsource" : "CONFIRM",
"url" : "https://success.trendmicro.com/solution/1116672"
},
{
"name" : "96252",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96252"
},
{
"name" : "1037849",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037849"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to backup the system configuration and download it onto their local machine. This backup file contains sensitive information like passwd/shadow files, RSA certificates, Private Keys and Default Passphrase, etc. This was resolved in Version 6.5 CP 1737."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96252",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96252"
},
{
"name": "https://success.trendmicro.com/solution/1116672",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1116672"
},
{
"name": "1037849",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037849"
}
]
}
}

34
2016/9xxx/CVE-2016-9328.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9328",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-9328",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2019/2xxx/CVE-2019-2910.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2910",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2910",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}