admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:57:25 +00:00
parent efb7012ad7
commit ef0176afac
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 4210 additions and 4210 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

180
2006/0xxx/CVE-2006-0362.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0362",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TippingPoint Intrusion Prevention System (IPS) TOS before 2.1.4.6324, and TOS 2.2.x before 2.2.1.6506, allow remote attackers to cause a denial of service (CPU consumption) via an unknown vector, probably involving an HTTP request with a negative number in the Content-Length header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://isc.sans.org/diary.php?storyid=1042",
"refsource" : "MISC",
"url" : "http://isc.sans.org/diary.php?storyid=1042"
},
{
"name" : "http://www.eweek.com/article2/0,1759,1912048,00.asp",
"refsource" : "CONFIRM",
"url" : "http://www.eweek.com/article2/0,1759,1912048,00.asp"
},
{
"name" : "16299",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16299"
},
{
"name" : "22504",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22504"
},
{
"name" : "1015511",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015511"
},
{
"name" : "18515",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18515"
},
{
"name" : "tippingpoint-ips-http-traffic-dos(24200)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24200"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TippingPoint Intrusion Prevention System (IPS) TOS before 2.1.4.6324, and TOS 2.2.x before 2.2.1.6506, allow remote attackers to cause a denial of service (CPU consumption) via an unknown vector, probably involving an HTTP request with a negative number in the Content-Length header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015511",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015511"
},
{
"name": "22504",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22504"
},
{
"name": "http://www.eweek.com/article2/0,1759,1912048,00.asp",
"refsource": "CONFIRM",
"url": "http://www.eweek.com/article2/0,1759,1912048,00.asp"
},
{
"name": "18515",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18515"
},
{
"name": "http://isc.sans.org/diary.php?storyid=1042",
"refsource": "MISC",
"url": "http://isc.sans.org/diary.php?storyid=1042"
},
{
"name": "tippingpoint-ips-http-traffic-dos(24200)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24200"
},
{
"name": "16299",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16299"
}
]
}
}

190
2006/1xxx/CVE-2006-1088.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1088",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain potentially sensitive information via a direct request to checktables.php, which lists the database table_prefix."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060304 PHP-Stats <= 0.1.9.1 remote commands execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/426762/100/0/threaded"
},
{
"name" : "http://retrogod.altervista.org/php_stats_0191_adv.html",
"refsource" : "MISC",
"url" : "http://retrogod.altervista.org/php_stats_0191_adv.html"
},
{
"name" : "20060322 Re: PHP-Stats <= 0.1.9.1 remote commands execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/428614/100/0/threaded"
},
{
"name" : "http://www.phpstats.net/forum/viewtopic.php?t=140",
"refsource" : "MISC",
"url" : "http://www.phpstats.net/forum/viewtopic.php?t=140"
},
{
"name" : "20060327 Re: PHP-Stats <= 0.1.9.1 remote commands execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/429145/100/0/threaded"
},
{
"name" : "16963",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16963"
},
{
"name" : "ADV-2006-0822",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0822"
},
{
"name" : "19116",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19116"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain potentially sensitive information via a direct request to checktables.php, which lists the database table_prefix."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0822",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0822"
},
{
"name": "20060322 Re: PHP-Stats <= 0.1.9.1 remote commands execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/428614/100/0/threaded"
},
{
"name": "http://retrogod.altervista.org/php_stats_0191_adv.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/php_stats_0191_adv.html"
},
{
"name": "20060304 PHP-Stats <= 0.1.9.1 remote commands execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426762/100/0/threaded"
},
{
"name": "20060327 Re: PHP-Stats <= 0.1.9.1 remote commands execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/429145/100/0/threaded"
},
{
"name": "19116",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19116"
},
{
"name": "16963",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16963"
},
{
"name": "http://www.phpstats.net/forum/viewtopic.php?t=140",
"refsource": "MISC",
"url": "http://www.phpstats.net/forum/viewtopic.php?t=140"
}
]
}
}

180
2006/1xxx/CVE-2006-1109.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1109",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.asp in Total Ecommerce 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it is not clear whether this report is associated with a specific product. If not, then it should not be included in CVE."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060304 Advisory: TotalECommerce (index.asp id) Remote SQL InjectionVulnerability.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/426765/100/0/threaded"
},
{
"name" : "http://www.nukedx.com/?viewdoc=18",
"refsource" : "MISC",
"url" : "http://www.nukedx.com/?viewdoc=18"
},
{
"name" : "16960",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16960"
},
{
"name" : "ADV-2006-0840",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0840"
},
{
"name" : "19103",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19103"
},
{
"name" : "530",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/530"
},
{
"name" : "totalecommerce-index-sql-injection(25045)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25045"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.asp in Total Ecommerce 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it is not clear whether this report is associated with a specific product. If not, then it should not be included in CVE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16960",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16960"
},
{
"name": "19103",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19103"
},
{
"name": "totalecommerce-index-sql-injection(25045)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25045"
},
{
"name": "20060304 Advisory: TotalECommerce (index.asp id) Remote SQL InjectionVulnerability.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426765/100/0/threaded"
},
{
"name": "530",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/530"
},
{
"name": "ADV-2006-0840",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0840"
},
{
"name": "http://www.nukedx.com/?viewdoc=18",
"refsource": "MISC",
"url": "http://www.nukedx.com/?viewdoc=18"
}
]
}
}

210
2006/1xxx/CVE-2006-1281.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1281",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported to be vulnerable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1281",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060314 [KAPDA::#35] - MyBB1.0.4~member.php~XSS after login",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/427744/100/0/threaded"
},
{
"name" : "http://kapda.ir/advisory-296.html",
"refsource" : "MISC",
"url" : "http://kapda.ir/advisory-296.html"
},
{
"name" : "http://myimei.com/security/2006-03-09/mybb104memberphpxss-after-login.html",
"refsource" : "MISC",
"url" : "http://myimei.com/security/2006-03-09/mybb104memberphpxss-after-login.html"
},
{
"name" : "http://community.mybboard.net/showthread.php?tid=7368",
"refsource" : "CONFIRM",
"url" : "http://community.mybboard.net/showthread.php?tid=7368"
},
{
"name" : "17097",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17097"
},
{
"name" : "17492",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17492"
},
{
"name" : "ADV-2006-0971",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0971"
},
{
"name" : "23935",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23935"
},
{
"name" : "19213",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19213"
},
{
"name" : "mybb-member-url-xss(25266)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25266"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported to be vulnerable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23935",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23935"
},
{
"name": "17097",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17097"
},
{
"name": "17492",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17492"
},
{
"name": "http://myimei.com/security/2006-03-09/mybb104memberphpxss-after-login.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2006-03-09/mybb104memberphpxss-after-login.html"
},
{
"name": "19213",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19213"
},
{
"name": "http://community.mybboard.net/showthread.php?tid=7368",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/showthread.php?tid=7368"
},
{
"name": "mybb-member-url-xss(25266)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25266"
},
{
"name": "ADV-2006-0971",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0971"
},
{
"name": "20060314 [KAPDA::#35] - MyBB1.0.4~member.php~XSS after login",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427744/100/0/threaded"
},
{
"name": "http://kapda.ir/advisory-296.html",
"refsource": "MISC",
"url": "http://kapda.ir/advisory-296.html"
}
]
}
}

400
2006/1xxx/CVE-2006-1942.json
View File

@ -1,202 +1,202 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1942",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an \"alternate web page.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060418 Another flaw in Firefox 1.5.0.2: to open files from remote",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/431267/100/0/threaded"
},
{
"name" : "20060505 Firefox 1.5.0.3 code execution exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/433138/100/0/threaded"
},
{
"name" : "20060602 rPSA-2006-0091-1 firefox thunderbird",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/435795/100/0/threaded"
},
{
"name" : "20060507 Re: Firefox 1.5.0.3 code execution exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/433539/30/5070/threaded"
},
{
"name" : "http://www.gavinsharp.com/tmp/ImageVuln.html",
"refsource" : "MISC",
"url" : "http://www.gavinsharp.com/tmp/ImageVuln.html"
},
{
"name" : "http://www.networksecurity.fi/advisories/netscape-view-image.html",
"refsource" : "MISC",
"url" : "http://www.networksecurity.fi/advisories/netscape-view-image.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=334341",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=334341"
},
{
"name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-39.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-39.html"
},
{
"name" : "DSA-1118",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1118"
},
{
"name" : "DSA-1120",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1120"
},
{
"name" : "DSA-1134",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1134"
},
{
"name" : "HPSBUX02153",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
},
{
"name" : "SSRT061181",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
},
{
"name" : "SUSE-SA:2006:035",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html"
},
{
"name" : "18228",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18228"
},
{
"name" : "ADV-2006-2106",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2106"
},
{
"name" : "ADV-2006-3748",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3748"
},
{
"name" : "ADV-2008-0083",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name" : "24713",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24713"
},
{
"name" : "1016202",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016202"
},
{
"name" : "19698",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19698"
},
{
"name" : "19988",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19988"
},
{
"name" : "20376",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20376"
},
{
"name" : "21183",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21183"
},
{
"name" : "21176",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21176"
},
{
"name" : "21324",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21324"
},
{
"name" : "20063",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20063"
},
{
"name" : "22066",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22066"
},
{
"name" : "firefox-viewimage-security-bypass(25925)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25925"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an \"alternate web page.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21176",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21176"
},
{
"name": "ADV-2006-3748",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3748"
},
{
"name": "24713",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24713"
},
{
"name": "19698",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19698"
},
{
"name": "20060418 Another flaw in Firefox 1.5.0.2: to open files from remote",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431267/100/0/threaded"
},
{
"name": "20063",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20063"
},
{
"name": "http://www.mozilla.org/security/announce/2006/mfsa2006-39.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-39.html"
},
{
"name": "firefox-viewimage-security-bypass(25925)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25925"
},
{
"name": "20060505 Firefox 1.5.0.3 code execution exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433138/100/0/threaded"
},
{
"name": "http://www.networksecurity.fi/advisories/netscape-view-image.html",
"refsource": "MISC",
"url": "http://www.networksecurity.fi/advisories/netscape-view-image.html"
},
{
"name": "20060602 rPSA-2006-0091-1 firefox thunderbird",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435795/100/0/threaded"
},
{
"name": "20376",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20376"
},
{
"name": "1016202",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016202"
},
{
"name": "18228",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18228"
},
{
"name": "ADV-2008-0083",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name": "SSRT061181",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
},
{
"name": "DSA-1118",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1118"
},
{
"name": "HPSBUX02153",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
},
{
"name": "DSA-1120",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1120"
},
{
"name": "19988",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19988"
},
{
"name": "http://www.gavinsharp.com/tmp/ImageVuln.html",
"refsource": "MISC",
"url": "http://www.gavinsharp.com/tmp/ImageVuln.html"
},
{
"name": "DSA-1134",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1134"
},
{
"name": "21324",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21324"
},
{
"name": "21183",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21183"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=334341",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=334341"
},
{
"name": "22066",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22066"
},
{
"name": "SUSE-SA:2006:035",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html"
},
{
"name": "ADV-2006-2106",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2106"
},
{
"name": "20060507 Re: Firefox 1.5.0.3 code execution exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433539/30/5070/threaded"
}
]
}
}

160
2006/1xxx/CVE-2006-1957.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1957",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060418 [KAPDA::#41] - Mambo/Joomla rss component vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/431317/100/0/threaded"
},
{
"name" : "20060419 Re: [KAPDA::#41] - Mambo/Joomla rss component vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-04/0380.html"
},
{
"name" : "http://irannetjob.com/content/view/209/28/",
"refsource" : "MISC",
"url" : "http://irannetjob.com/content/view/209/28/"
},
{
"name" : "http://www.kapda.ir/advisory-313.html",
"refsource" : "MISC",
"url" : "http://www.kapda.ir/advisory-313.html"
},
{
"name" : "mambo-joomla-rss-dos(26131)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26131"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060419 Re: [KAPDA::#41] - Mambo/Joomla rss component vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-04/0380.html"
},
{
"name": "http://www.kapda.ir/advisory-313.html",
"refsource": "MISC",
"url": "http://www.kapda.ir/advisory-313.html"
},
{
"name": "20060418 [KAPDA::#41] - Mambo/Joomla rss component vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431317/100/0/threaded"
},
{
"name": "mambo-joomla-rss-dos(26131)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26131"
},
{
"name": "http://irannetjob.com/content/view/209/28/",
"refsource": "MISC",
"url": "http://irannetjob.com/content/view/209/28/"
}
]
}
}

180
2006/5xxx/CVE-2006-5893.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5893",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in iWonder Designs Storystream 0.4.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) mysql.php and (2) mysqli.php in include/classes/pear/DB/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061116 Storystream => 4.0 Remote File Include Vulnerability Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=116374093504388&w=2"
},
{
"name" : "2767",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2767"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=463892&group_id=95217",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=463892&group_id=95217"
},
{
"name" : "21012",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21012"
},
{
"name" : "ADV-2006-4480",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4480"
},
{
"name" : "1017252",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017252"
},
{
"name" : "storystream-mysql-file-include(30191)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30191"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in iWonder Designs Storystream 0.4.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) mysql.php and (2) mysqli.php in include/classes/pear/DB/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4480",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4480"
},
{
"name": "2767",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2767"
},
{
"name": "1017252",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017252"
},
{
"name": "20061116 Storystream => 4.0 Remote File Include Vulnerability Exploit",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=116374093504388&w=2"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=463892&group_id=95217",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=463892&group_id=95217"
},
{
"name": "storystream-mysql-file-include(30191)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30191"
},
{
"name": "21012",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21012"
}
]
}
}

150
2007/2xxx/CVE-2007-2805.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2805",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in ClientExec (CE) 3.0 beta2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) ticketID, (2) view, and (3) fuse parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels-team.blogspot.com/2007/05/clientexec-xss-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels-team.blogspot.com/2007/05/clientexec-xss-vuln.html"
},
{
"name" : "24061",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24061"
},
{
"name" : "37526",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37526"
},
{
"name" : "clientexec-index-xss(34390)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34390"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in ClientExec (CE) 3.0 beta2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) ticketID, (2) view, and (3) fuse parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37526",
"refsource": "OSVDB",
"url": "http://osvdb.org/37526"
},
{
"name": "clientexec-index-xss(34390)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34390"
},
{
"name": "24061",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24061"
},
{
"name": "http://pridels-team.blogspot.com/2007/05/clientexec-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels-team.blogspot.com/2007/05/clientexec-xss-vuln.html"
}
]
}
}

290
2010/0xxx/CVE-2010-0302.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0302",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=557775",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=557775"
},
{
"name" : "http://support.apple.com/kb/HT4188",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4188"
},
{
"name" : "http://cups.org/str.php?L3490",
"refsource" : "CONFIRM",
"url" : "http://cups.org/str.php?L3490"
},
{
"name" : "http://cups.org/articles.php?L596",
"refsource" : "CONFIRM",
"url" : "http://cups.org/articles.php?L596"
},
{
"name" : "APPLE-SA-2010-06-15-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"name" : "FEDORA-2010-2743",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037174.html"
},
{
"name" : "GLSA-201207-10",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201207-10.xml"
},
{
"name" : "MDVSA-2010:073",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:073"
},
{
"name" : "RHSA-2010:0129",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0129.html"
},
{
"name" : "USN-906-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-906-1"
},
{
"name" : "38510",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38510"
},
{
"name" : "oval:org.mitre.oval:def:11216",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11216"
},
{
"name" : "1024124",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024124"
},
{
"name" : "38927",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38927"
},
{
"name" : "38979",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38979"
},
{
"name" : "38785",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38785"
},
{
"name" : "40220",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40220"
},
{
"name" : "ADV-2010-1481",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1481"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-06-15-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"name": "USN-906-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-906-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=557775",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=557775"
},
{
"name": "oval:org.mitre.oval:def:11216",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11216"
},
{
"name": "ADV-2010-1481",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"name": "http://cups.org/articles.php?L596",
"refsource": "CONFIRM",
"url": "http://cups.org/articles.php?L596"
},
{
"name": "1024124",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024124"
},
{
"name": "http://support.apple.com/kb/HT4188",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4188"
},
{
"name": "GLSA-201207-10",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201207-10.xml"
},
{
"name": "FEDORA-2010-2743",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037174.html"
},
{
"name": "40220",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40220"
},
{
"name": "MDVSA-2010:073",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:073"
},
{
"name": "http://cups.org/str.php?L3490",
"refsource": "CONFIRM",
"url": "http://cups.org/str.php?L3490"
},
{
"name": "38510",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38510"
},
{
"name": "38785",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38785"
},
{
"name": "RHSA-2010:0129",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0129.html"
},
{
"name": "38979",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38979"
},
{
"name": "38927",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38927"
}
]
}
}

160
2010/0xxx/CVE-2010-0444.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0444",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HP Operations Agent 8.51, 8.52, 8.53, and 8.60 on Solaris 10 uses a blank password for the opc_op account, which allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2010-0444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMA02487",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=126566258722040&w=2"
},
{
"name" : "SSRT100024",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=126566258722040&w=2"
},
{
"name" : "38150",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38150"
},
{
"name" : "62213",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/62213"
},
{
"name" : "1023555",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023555"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HP Operations Agent 8.51, 8.52, 8.53, and 8.60 on Solaris 10 uses a blank password for the opc_op account, which allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38150",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38150"
},
{
"name": "HPSBMA02487",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=126566258722040&w=2"
},
{
"name": "62213",
"refsource": "OSVDB",
"url": "http://osvdb.org/62213"
},
{
"name": "1023555",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023555"
},
{
"name": "SSRT100024",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=126566258722040&w=2"
}
]
}
}

150
2010/0xxx/CVE-2010-0724.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0724",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in showimg.php in Arab Cart 1.0.2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1002-exploits/arabcart-sqlxss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1002-exploits/arabcart-sqlxss.txt"
},
{
"name" : "11524",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/11524"
},
{
"name" : "38426",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38426"
},
{
"name" : "ADV-2010-0443",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0443"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in showimg.php in Arab Cart 1.0.2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-0443",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0443"
},
{
"name": "http://packetstormsecurity.org/1002-exploits/arabcart-sqlxss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1002-exploits/arabcart-sqlxss.txt"
},
{
"name": "11524",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11524"
},
{
"name": "38426",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38426"
}
]
}
}

200
2010/1xxx/CVE-2010-1164.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1164",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA 3.12 through 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) element or (2) defaultColor parameter to the Colour Picker page; the (3) formName parameter, (4) element parameter, or (5) full name field to the User Picker page; the (6) formName parameter, (7) element parameter, or (8) group name field to the Group Picker page; the (9) announcement_preview_banner_st parameter to unspecified components, related to the Announcement Banner Preview page; unspecified vectors involving the (10) groupnames.jsp, (11) indexbrowser.jsp, (12) classpath-debug.jsp, (13) viewdocument.jsp, or (14) cleancommentspam.jsp page; the (15) portletKey parameter to runportleterror.jsp; the (16) URI to issuelinksmall.jsp; the (17) afterURL parameter to screenshot-redirecter.jsp; or the (18) HTTP Referrer header to 500page.jsp, as exploited in the wild in April 2010."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-1164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100416 CVE Request: JIRA Issues",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/04/16/3"
},
{
"name" : "[oss-security] 20100416 Re: CVE Request: JIRA Issues",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/04/16/4"
},
{
"name" : "http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2010-04-16",
"refsource" : "CONFIRM",
"url" : "http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2010-04-16"
},
{
"name" : "http://jira.atlassian.com/browse/JRA-20994",
"refsource" : "CONFIRM",
"url" : "http://jira.atlassian.com/browse/JRA-20994"
},
{
"name" : "http://jira.atlassian.com/browse/JRA-21004",
"refsource" : "CONFIRM",
"url" : "http://jira.atlassian.com/browse/JRA-21004"
},
{
"name" : "39485",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39485"
},
{
"name" : "39353",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39353"
},
{
"name" : "jira-element-xss(57827)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57827"
},
{
"name" : "jira-groupnames-xss(57826)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57826"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA 3.12 through 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) element or (2) defaultColor parameter to the Colour Picker page; the (3) formName parameter, (4) element parameter, or (5) full name field to the User Picker page; the (6) formName parameter, (7) element parameter, or (8) group name field to the Group Picker page; the (9) announcement_preview_banner_st parameter to unspecified components, related to the Announcement Banner Preview page; unspecified vectors involving the (10) groupnames.jsp, (11) indexbrowser.jsp, (12) classpath-debug.jsp, (13) viewdocument.jsp, or (14) cleancommentspam.jsp page; the (15) portletKey parameter to runportleterror.jsp; the (16) URI to issuelinksmall.jsp; the (17) afterURL parameter to screenshot-redirecter.jsp; or the (18) HTTP Referrer header to 500page.jsp, as exploited in the wild in April 2010."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "jira-element-xss(57827)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57827"
},
{
"name": "http://jira.atlassian.com/browse/JRA-20994",
"refsource": "CONFIRM",
"url": "http://jira.atlassian.com/browse/JRA-20994"
},
{
"name": "http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2010-04-16",
"refsource": "CONFIRM",
"url": "http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2010-04-16"
},
{
"name": "jira-groupnames-xss(57826)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57826"
},
{
"name": "[oss-security] 20100416 CVE Request: JIRA Issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/04/16/3"
},
{
"name": "[oss-security] 20100416 Re: CVE Request: JIRA Issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/04/16/4"
},
{
"name": "39353",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39353"
},
{
"name": "39485",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39485"
},
{
"name": "http://jira.atlassian.com/browse/JRA-21004",
"refsource": "CONFIRM",
"url": "http://jira.atlassian.com/browse/JRA-21004"
}
]
}
}

180
2010/1xxx/CVE-2010-1330.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1330",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.gentoo.org/show_bug.cgi?id=317435",
"refsource" : "MISC",
"url" : "https://bugs.gentoo.org/show_bug.cgi?id=317435"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=750306",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=750306"
},
{
"name" : "http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html",
"refsource" : "CONFIRM",
"url" : "http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html"
},
{
"name" : "RHSA-2011:1456",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2011-1456.html"
},
{
"name" : "77297",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/77297"
},
{
"name" : "46891",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46891"
},
{
"name" : "jruby-expression-engine-xss(80277)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80277"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=750306",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=750306"
},
{
"name": "RHSA-2011:1456",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2011-1456.html"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=317435",
"refsource": "MISC",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=317435"
},
{
"name": "77297",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77297"
},
{
"name": "46891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46891"
},
{
"name": "http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html",
"refsource": "CONFIRM",
"url": "http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html"
},
{
"name": "jruby-expression-engine-xss(80277)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80277"
}
]
}
}

150
2010/1xxx/CVE-2010-1616.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1616",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tracker.moodle.org/browse/MDL-16658",
"refsource" : "MISC",
"url" : "http://tracker.moodle.org/browse/MDL-16658"
},
{
"name" : "http://moodle.org/security/",
"refsource" : "CONFIRM",
"url" : "http://moodle.org/security/"
},
{
"name" : "SUSE-SR:2010:011",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"name" : "ADV-2010-1107",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1107"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-1107",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"name": "http://moodle.org/security/",
"refsource": "CONFIRM",
"url": "http://moodle.org/security/"
},
{
"name": "SUSE-SR:2010:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"name": "http://tracker.moodle.org/browse/MDL-16658",
"refsource": "MISC",
"url": "http://tracker.moodle.org/browse/MDL-16658"
}
]
}
}

160
2010/1xxx/CVE-2010-1928.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1928",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in scr/soustab.php in openMairie openPlanning 1.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "12365",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/12365"
},
{
"name" : "http://packetstormsecurity.org/1004-exploits/openplanning-rfilfi.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1004-exploits/openplanning-rfilfi.txt"
},
{
"name" : "64185",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/64185"
},
{
"name" : "39606",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39606"
},
{
"name" : "openpresse-soustab-file-include(58090)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58090"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in scr/soustab.php in openMairie openPlanning 1.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64185",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/64185"
},
{
"name": "openpresse-soustab-file-include(58090)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58090"
},
{
"name": "39606",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39606"
},
{
"name": "http://packetstormsecurity.org/1004-exploits/openplanning-rfilfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1004-exploits/openplanning-rfilfi.txt"
},
{
"name": "12365",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12365"
}
]
}
}

210
2010/3xxx/CVE-2010-3193.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3193",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21426108",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21432298",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
},
{
"name" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
"refsource" : "CONFIRM",
"url" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
},
{
"name" : "IC65408",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65408"
},
{
"name" : "IC65703",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65703"
},
{
"name" : "IC65742",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65742"
},
{
"name" : "oval:org.mitre.oval:def:14190",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14190"
},
{
"name" : "41218",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41218"
},
{
"name" : "ADV-2010-2225",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2225"
},
{
"name" : "db2-db2stst-unspecified(61444)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61444"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-2225",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2225"
},
{
"name": "db2-db2stst-unspecified(61444)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61444"
},
{
"name": "41218",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41218"
},
{
"name": "IC65742",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65742"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
},
{
"name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
"refsource": "CONFIRM",
"url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
},
{
"name": "IC65703",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65703"
},
{
"name": "oval:org.mitre.oval:def:14190",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14190"
},
{
"name": "IC65408",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65408"
}
]
}
}

150
2010/3xxx/CVE-2010-3213.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3213",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-3213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14285",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14285"
},
{
"name" : "http://sites.google.com/site/tentacoloviola/pwning-corporate-webmails",
"refsource" : "MISC",
"url" : "http://sites.google.com/site/tentacoloviola/pwning-corporate-webmails"
},
{
"name" : "41462",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41462"
},
{
"name" : "ms-owa-csrf(60164)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60164"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41462",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41462"
},
{
"name": "ms-owa-csrf(60164)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60164"
},
{
"name": "http://sites.google.com/site/tentacoloviola/pwning-corporate-webmails",
"refsource": "MISC",
"url": "http://sites.google.com/site/tentacoloviola/pwning-corporate-webmails"
},
{
"name": "14285",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14285"
}
]
}
}

230
2010/3xxx/CVE-2010-3477.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3477",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=0f04cfd098fb81fded74e78ea1a1b86cc6c6c31e",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=0f04cfd098fb81fded74e78ea1a1b86cc6c6c31e"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc4",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc4"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name" : "DSA-2126",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2126"
},
{
"name" : "RHSA-2010:0779",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0779.html"
},
{
"name" : "RHSA-2010:0839",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0839.html"
},
{
"name" : "RHSA-2011:0007",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0007.html"
},
{
"name" : "USN-1000-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1000-1"
},
{
"name" : "1024603",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024603"
},
{
"name" : "42890",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42890"
},
{
"name" : "46397",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46397"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024603",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024603"
},
{
"name": "USN-1000-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1000-1"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46397"
},
{
"name": "RHSA-2011:0007",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=0f04cfd098fb81fded74e78ea1a1b86cc6c6c31e",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commit;h=0f04cfd098fb81fded74e78ea1a1b86cc6c6c31e"
},
{
"name": "RHSA-2010:0839",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0839.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "42890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42890"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc4",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc4"
},
{
"name": "RHSA-2010:0779",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0779.html"
},
{
"name": "DSA-2126",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2126"
}
]
}
}

140
2010/3xxx/CVE-2010-3736.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3736",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a, when the connection concentrator is enabled, allows remote authenticated users to cause a denial of service (heap memory consumption) by using a different code page than the database server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3736",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
"refsource" : "CONFIRM",
"url" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
},
{
"name" : "IC68182",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68182"
},
{
"name" : "oval:org.mitre.oval:def:13859",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13859"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a, when the connection concentrator is enabled, allows remote authenticated users to cause a denial of service (heap memory consumption) by using a different code page than the database server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:13859",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13859"
},
{
"name": "IC68182",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68182"
},
{
"name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
"refsource": "CONFIRM",
"url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
}
]
}
}

260
2010/4xxx/CVE-2010-4208.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4208",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4208",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101103 Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/514622"
},
{
"name" : "[oss-security] 20101107 Re: CVE request: moodle 1.9.10",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/11/07/1"
},
{
"name" : "http://moodle.org/mod/forum/discuss.php?d=160910",
"refsource" : "CONFIRM",
"url" : "http://moodle.org/mod/forum/discuss.php?d=160910"
},
{
"name" : "http://www.bugzilla.org/security/3.2.8/",
"refsource" : "CONFIRM",
"url" : "http://www.bugzilla.org/security/3.2.8/"
},
{
"name" : "http://yuilibrary.com/support/2.8.2/",
"refsource" : "CONFIRM",
"url" : "http://yuilibrary.com/support/2.8.2/"
},
{
"name" : "FEDORA-2010-17235",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html"
},
{
"name" : "FEDORA-2010-17274",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html"
},
{
"name" : "FEDORA-2010-17280",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html"
},
{
"name" : "SUSE-SR:2010:021",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
},
{
"name" : "44420",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44420"
},
{
"name" : "1024683",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024683"
},
{
"name" : "41955",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41955"
},
{
"name" : "42271",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42271"
},
{
"name" : "ADV-2010-2878",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2878"
},
{
"name" : "ADV-2010-2975",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2975"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://moodle.org/mod/forum/discuss.php?d=160910",
"refsource": "CONFIRM",
"url": "http://moodle.org/mod/forum/discuss.php?d=160910"
},
{
"name": "FEDORA-2010-17280",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html"
},
{
"name": "http://yuilibrary.com/support/2.8.2/",
"refsource": "CONFIRM",
"url": "http://yuilibrary.com/support/2.8.2/"
},
{
"name": "ADV-2010-2878",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2878"
},
{
"name": "20101103 Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514622"
},
{
"name": "http://www.bugzilla.org/security/3.2.8/",
"refsource": "CONFIRM",
"url": "http://www.bugzilla.org/security/3.2.8/"
},
{
"name": "FEDORA-2010-17274",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html"
},
{
"name": "41955",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41955"
},
{
"name": "1024683",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024683"
},
{
"name": "44420",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44420"
},
{
"name": "SUSE-SR:2010:021",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
},
{
"name": "FEDORA-2010-17235",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html"
},
{
"name": "ADV-2010-2975",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2975"
},
{
"name": "[oss-security] 20101107 Re: CVE request: moodle 1.9.10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/11/07/1"
},
{
"name": "42271",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42271"
}
]
}
}

130
2010/4xxx/CVE-2010-4381.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4381",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, and Mac RealPlayer 11.0 through 12.0.0.1444 allows remote attackers to have an unspecified impact via a crafted AAC file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://service.real.com/realplayer/security/12102010_player/en/",
"refsource" : "CONFIRM",
"url" : "http://service.real.com/realplayer/security/12102010_player/en/"
},
{
"name" : "1024861",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024861"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, and Mac RealPlayer 11.0 through 12.0.0.1444 allows remote attackers to have an unspecified impact via a crafted AAC file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024861",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024861"
},
{
"name": "http://service.real.com/realplayer/security/12102010_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/12102010_player/en/"
}
]
}
}

160
2010/4xxx/CVE-2010-4650.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4650",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the fuse_do_ioctl function in fs/fuse/file.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service or possibly have unspecified other impact by leveraging the ability to operate a CUSE server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110106 Re: CVE Request: kernel [Re: Security review of 2.6.32.28]",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/01/06/18"
},
{
"name" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37",
"refsource" : "CONFIRM",
"url" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7572777eef78ebdee1ecb7c258c0ef94d35bad16",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7572777eef78ebdee1ecb7c258c0ef94d35bad16"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=667892",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=667892"
},
{
"name" : "https://github.com/torvalds/linux/commit/7572777eef78ebdee1ecb7c258c0ef94d35bad16",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/7572777eef78ebdee1ecb7c258c0ef94d35bad16"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the fuse_do_ioctl function in fs/fuse/file.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service or possibly have unspecified other impact by leveraging the ability to operate a CUSE server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110106 Re: CVE Request: kernel [Re: Security review of 2.6.32.28]",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/01/06/18"
},
{
"name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37",
"refsource": "CONFIRM",
"url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37"
},
{
"name": "https://github.com/torvalds/linux/commit/7572777eef78ebdee1ecb7c258c0ef94d35bad16",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/7572777eef78ebdee1ecb7c258c0ef94d35bad16"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7572777eef78ebdee1ecb7c258c0ef94d35bad16",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7572777eef78ebdee1ecb7c258c0ef94d35bad16"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=667892",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=667892"
}
]
}
}

180
2014/0xxx/CVE-2014-0868.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0868",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intended dual-control restrictions and modify data via a crafted XML document, as demonstrated by manipulation of read-only limit data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140630 SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/532598/100/0/threaded"
},
{
"name" : "20140630 SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Jun/173"
},
{
"name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt",
"refsource" : "MISC",
"url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt"
},
{
"name" : "http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675881",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675881"
},
{
"name" : "59296",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59296"
},
{
"name" : "ibm-aclm-cve20140868-sec-bypass(90942)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90942"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intended dual-control restrictions and modify data via a crafted XML document, as demonstrated by manipulation of read-only limit data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html"
},
{
"name": "ibm-aclm-cve20140868-sec-bypass(90942)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90942"
},
{
"name": "20140630 SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532598/100/0/threaded"
},
{
"name": "59296",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59296"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675881",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675881"
},
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt"
},
{
"name": "20140630 SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jun/173"
}
]
}
}

150
2014/4xxx/CVE-2014-4063.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4063",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2774, CVE-2014-2820, CVE-2014-2826, and CVE-2014-2827."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-4063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-051",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051"
},
{
"name" : "69132",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69132"
},
{
"name" : "1030715",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030715"
},
{
"name" : "60670",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60670"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2774, CVE-2014-2820, CVE-2014-2826, and CVE-2014-2827."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69132",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69132"
},
{
"name": "1030715",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030715"
},
{
"name": "MS14-051",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051"
},
{
"name": "60670",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60670"
}
]
}
}

150
2014/4xxx/CVE-2014-4284.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4284",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to IPS transfer module, a different vulnerability than CVE-2014-4280."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-4284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name" : "70554",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70554"
},
{
"name" : "1031032",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031032"
},
{
"name" : "61593",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61593"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to IPS transfer module, a different vulnerability than CVE-2014-4280."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70554",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70554"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "1031032",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031032"
},
{
"name": "61593",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61593"
}
]
}
}

34
2014/4xxx/CVE-2014-4332.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4332",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4332",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/8xxx/CVE-2014-8356.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8356",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8356",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2014/8xxx/CVE-2014-8391.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8391",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150522 [CORE-2015-0010] - Sendio ESP Information Disclosure Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/535592/100/0/threaded"
},
{
"name" : "37114",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/37114/"
},
{
"name" : "20150522 [CORE-2015-0010] - Sendio ESP Information Disclosure Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/May/95"
},
{
"name" : "http://packetstormsecurity.com/files/132022/Sendio-ESP-Information-Disclosure.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/132022/Sendio-ESP-Information-Disclosure.html"
},
{
"name" : "http://www.sendio.com/software-release-history/",
"refsource" : "CONFIRM",
"url" : "http://www.sendio.com/software-release-history/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150522 [CORE-2015-0010] - Sendio ESP Information Disclosure Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/May/95"
},
{
"name": "http://packetstormsecurity.com/files/132022/Sendio-ESP-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132022/Sendio-ESP-Information-Disclosure.html"
},
{
"name": "20150522 [CORE-2015-0010] - Sendio ESP Information Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535592/100/0/threaded"
},
{
"name": "37114",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37114/"
},
{
"name": "http://www.sendio.com/software-release-history/",
"refsource": "CONFIRM",
"url": "http://www.sendio.com/software-release-history/"
}
]
}
}

34
2014/8xxx/CVE-2014-8715.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8715",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8715",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2014/8xxx/CVE-2014-8894.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8894",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the out parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-8894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21694772",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21694772"
},
{
"name" : "72408",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72408"
},
{
"name" : "62674",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62674"
},
{
"name" : "ibm-tririga-cve20148894-redirect(99013)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99013"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the out parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-tririga-cve20148894-redirect(99013)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99013"
},
{
"name": "72408",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72408"
},
{
"name": "62674",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62674"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21694772",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21694772"
}
]
}
}

140
2014/9xxx/CVE-2014-9318.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9318",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via a crafted .cine file that triggers the avpicture_get_size function to return a negative frame size."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1d3a3b9f8907625b361420d48fe05716859620ff",
"refsource" : "CONFIRM",
"url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1d3a3b9f8907625b361420d48fe05716859620ff"
},
{
"name" : "https://www.ffmpeg.org/security.html",
"refsource" : "CONFIRM",
"url" : "https://www.ffmpeg.org/security.html"
},
{
"name" : "GLSA-201603-06",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201603-06"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via a crafted .cine file that triggers the avpicture_get_size function to return a negative frame size."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201603-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-06"
},
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1d3a3b9f8907625b361420d48fe05716859620ff",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1d3a3b9f8907625b361420d48fe05716859620ff"
},
{
"name": "https://www.ffmpeg.org/security.html",
"refsource": "CONFIRM",
"url": "https://www.ffmpeg.org/security.html"
}
]
}
}

130
2014/9xxx/CVE-2014-9326.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9326",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The automatic signature update functionality in the (1) Phone Home feature in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, GTM, and Link Controller 11.5.0 through 11.6.0, ASM 10.0.0 through 11.6.0, and PEM 11.3.0 through 11.6.0 and the (2) Call Home feature in ASM 10.0.0 through 11.6.0 and PEM 11.3.0 through 11.6.0 does not properly validate server SSL certificates, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.f5.com/kb/en-us/solutions/public/16000/000/sol16090.html",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/kb/en-us/solutions/public/16000/000/sol16090.html"
},
{
"name" : "1032305",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032305"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The automatic signature update functionality in the (1) Phone Home feature in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, GTM, and Link Controller 11.5.0 through 11.6.0, ASM 10.0.0 through 11.6.0, and PEM 11.3.0 through 11.6.0 and the (2) Call Home feature in ASM 10.0.0 through 11.6.0 and PEM 11.3.0 through 11.6.0 does not properly validate server SSL certificates, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032305",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032305"
},
{
"name": "https://support.f5.com/kb/en-us/solutions/public/16000/000/sol16090.html",
"refsource": "CONFIRM",
"url": "https://support.f5.com/kb/en-us/solutions/public/16000/000/sol16090.html"
}
]
}
}

130
2014/9xxx/CVE-2014-9385.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9385",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in Zenoss Core through 5 Beta 3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger arbitrary code execution via a ZenPack upload, aka ZEN-15388."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-9385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing",
"refsource" : "CONFIRM",
"url" : "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing"
},
{
"name" : "VU#449452",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/449452"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Zenoss Core through 5 Beta 3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger arbitrary code execution via a ZenPack upload, aka ZEN-15388."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#449452",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/449452"
},
{
"name": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing",
"refsource": "CONFIRM",
"url": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing"
}
]
}
}

34
2014/9xxx/CVE-2014-9543.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9543",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9543",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/9xxx/CVE-2014-9738.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9738",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Tournament module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via an (1) account username, a (2) node title, or a (3) team entity title."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.drupal.org/node/2378401",
"refsource" : "MISC",
"url" : "https://www.drupal.org/node/2378401"
},
{
"name" : "https://www.drupal.org/node/2378289",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2378289"
},
{
"name" : "71198",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71198"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Tournament module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via an (1) account username, a (2) node title, or a (3) team entity title."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "71198",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71198"
},
{
"name": "https://www.drupal.org/node/2378401",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2378401"
},
{
"name": "https://www.drupal.org/node/2378289",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2378289"
}
]
}
}

180
2016/3xxx/CVE-2016-3196.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3196",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160801 Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/539069/100/0/threaded"
},
{
"name" : "20160801 Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/Aug/4"
},
{
"name" : "http://www.vulnerability-lab.com/get_content.php?id=1687",
"refsource" : "MISC",
"url" : "http://www.vulnerability-lab.com/get_content.php?id=1687"
},
{
"name" : "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability",
"refsource" : "CONFIRM",
"url" : "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability"
},
{
"name" : "92203",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92203"
},
{
"name" : "1036551",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036551"
},
{
"name" : "1036550",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036550"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92203",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92203"
},
{
"name": "20160801 Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Aug/4"
},
{
"name": "1036550",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036550"
},
{
"name": "http://www.vulnerability-lab.com/get_content.php?id=1687",
"refsource": "MISC",
"url": "http://www.vulnerability-lab.com/get_content.php?id=1687"
},
{
"name": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability",
"refsource": "CONFIRM",
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability"
},
{
"name": "20160801 Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539069/100/0/threaded"
},
{
"name": "1036551",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036551"
}
]
}
}

150
2016/3xxx/CVE-2016-3213.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3213",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 9 through 11 has an improper fallback mechanism, which allows remote attackers to gain privileges via NetBIOS name responses, aka \"WPAD Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-063",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063"
},
{
"name" : "MS16-077",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-077"
},
{
"name" : "1036096",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036096"
},
{
"name" : "1036104",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036104"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 9 through 11 has an improper fallback mechanism, which allows remote attackers to gain privileges via NetBIOS name responses, aka \"WPAD Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-077",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-077"
},
{
"name": "MS16-063",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063"
},
{
"name": "1036096",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036096"
},
{
"name": "1036104",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036104"
}
]
}
}

160
2016/3xxx/CVE-2016-3297.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3297",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-104",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104"
},
{
"name" : "MS16-105",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105"
},
{
"name" : "92829",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92829"
},
{
"name" : "1036788",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036788"
},
{
"name" : "1036789",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036789"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036789",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036789"
},
{
"name": "MS16-104",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104"
},
{
"name": "MS16-105",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105"
},
{
"name": "92829",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92829"
},
{
"name": "1036788",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036788"
}
]
}
}

150
2016/3xxx/CVE-2016-3320.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3320",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow attackers to bypass the Secure Boot protection mechanism by leveraging (1) administrative or (2) physical access to install a crafted boot manager, aka \"Secure Boot Security Feature Bypass.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "FEDORA-2016-0f013aee39",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MVB6Y2TVKSOBTIIBRUAJUIH3LQHMHCAG/"
},
{
"name" : "MS16-100",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-100"
},
{
"name" : "92304",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92304"
},
{
"name" : "1036573",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036573"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow attackers to bypass the Secure Boot protection mechanism by leveraging (1) administrative or (2) physical access to install a crafted boot manager, aka \"Secure Boot Security Feature Bypass.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92304",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92304"
},
{
"name": "MS16-100",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-100"
},
{
"name": "1036573",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036573"
},
{
"name": "FEDORA-2016-0f013aee39",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MVB6Y2TVKSOBTIIBRUAJUIH3LQHMHCAG/"
}
]
}
}

140
2016/3xxx/CVE-2016-3404.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3404",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103959."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0",
"refsource" : "CONFIRM",
"url" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource" : "CONFIRM",
"url" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"name" : "95894",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95894"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103959."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"name": "95894",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95894"
}
]
}
}

140
2016/3xxx/CVE-2016-3923.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3923",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Accessibility services in Android 7.0 before 2016-10-01 mishandle motion events, which allows attackers to conduct touchjacking attacks and consequently gain privileges via a crafted application, aka internal bug 30647115."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-10-01.html"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/base/+/5f256310187b4ff2f13a7abb9afed9126facd7bc",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/base/+/5f256310187b4ff2f13a7abb9afed9126facd7bc"
},
{
"name" : "93310",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93310"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Accessibility services in Android 7.0 before 2016-10-01 mishandle motion events, which allows attackers to conduct touchjacking attacks and consequently gain privileges via a crafted application, aka internal bug 30647115."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/frameworks/base/+/5f256310187b4ff2f13a7abb9afed9126facd7bc",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/base/+/5f256310187b4ff2f13a7abb9afed9126facd7bc"
},
{
"name": "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-10-01.html"
},
{
"name": "93310",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93310"
}
]
}
}

140
2016/3xxx/CVE-2016-3949.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3949",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Siemens SIMATIC S7-300 Profinet-enabled CPU devices with firmware before 3.2.12 and SIMATIC S7-300 Profinet-disabled CPU devices with firmware before 3.3.12 allow remote attackers to cause a denial of service (defect-mode transition) via crafted (1) ISO-TSAP or (2) Profibus packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-161-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-161-01"
},
{
"name" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-818183.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-818183.pdf"
},
{
"name" : "1036089",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036089"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Siemens SIMATIC S7-300 Profinet-enabled CPU devices with firmware before 3.2.12 and SIMATIC S7-300 Profinet-disabled CPU devices with firmware before 3.3.12 allow remote attackers to cause a denial of service (defect-mode transition) via crafted (1) ISO-TSAP or (2) Profibus packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-818183.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-818183.pdf"
},
{
"name": "1036089",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036089"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-161-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-161-01"
}
]
}
}

130
2016/6xxx/CVE-2016-6026.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6026",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991278",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21991278"
},
{
"name" : "93342",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93342"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93342",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93342"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991278",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991278"
}
]
}
}

202
2016/6xxx/CVE-2016-6059.json
View File

@ -1,103 +1,103 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-6059",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "InfoSphere Information Server",
"version" : {
"version_data" : [
{
"version_value" : "8.1"
},
{
"version_value" : "8.5"
},
{
"version_value" : "8.0"
},
{
"version_value" : "8.5.0.1"
},
{
"version_value" : "8.7"
},
{
"version_value" : "9.1"
},
{
"version_value" : "8.0.1"
},
{
"version_value" : "10.0"
},
{
"version_value" : "11.3"
},
{
"version_value" : "10"
},
{
"version_value" : "11.3.0.0"
},
{
"version_value" : "11.3.1.0"
},
{
"version_value" : "11.5"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InfoSphere Information Server",
"version": {
"version_data": [
{
"version_value": "8.1"
},
{
"version_value": "8.5"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5.0.1"
},
{
"version_value": "8.7"
},
{
"version_value": "9.1"
},
{
"version_value": "8.0.1"
},
{
"version_value": "10.0"
},
{
"version_value": "11.3"
},
{
"version_value": "10"
},
{
"version_value": "11.3.0.0"
},
{
"version_value": "11.3.1.0"
},
{
"version_value": "11.5"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21991683",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21991683"
},
{
"name" : "94032",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94032"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94032",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94032"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21991683",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21991683"
}
]
}
}

170
2016/6xxx/CVE-2016-6156.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6156",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array access) by changing a certain size value, aka a \"double fetch\" vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160704 [CVE-2016-6156] Double-Fetch Vulnerability in Linux-4.6/drivers/platform/chrome/cros_ec_dev.c",
"refsource" : "BUGTRAQ",
"url" : "http://seclists.org/bugtraq/2016/Jul/20"
},
{
"name" : "https://bugzilla.kernel.org/show_bug.cgi?id=120131",
"refsource" : "MISC",
"url" : "https://bugzilla.kernel.org/show_bug.cgi?id=120131"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096cdc6f52225835ff503f987a0d68ef770bb78e",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096cdc6f52225835ff503f987a0d68ef770bb78e"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1353490",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1353490"
},
{
"name" : "https://github.com/torvalds/linux/commit/096cdc6f52225835ff503f987a0d68ef770bb78e",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/096cdc6f52225835ff503f987a0d68ef770bb78e"
},
{
"name" : "91553",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91553"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array access) by changing a certain size value, aka a \"double fetch\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096cdc6f52225835ff503f987a0d68ef770bb78e",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096cdc6f52225835ff503f987a0d68ef770bb78e"
},
{
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=120131",
"refsource": "MISC",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=120131"
},
{
"name": "https://github.com/torvalds/linux/commit/096cdc6f52225835ff503f987a0d68ef770bb78e",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/096cdc6f52225835ff503f987a0d68ef770bb78e"
},
{
"name": "91553",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91553"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1353490",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353490"
},
{
"name": "20160704 [CVE-2016-6156] Double-Fetch Vulnerability in Linux-4.6/drivers/platform/chrome/cros_ec_dev.c",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2016/Jul/20"
}
]
}
}

130
2016/6xxx/CVE-2016-6469.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2016-6469",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Web Security Appliance (WSA)",
"version" : {
"version_data" : [
{
"version_value" : "Cisco Web Security Appliance (WSA)"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) vulnerability due to the proxy process unexpectedly restarting. More Information: CSCvb04312. Known Affected Releases: 9.0.1-162 9.1.1-074. Known Fixed Releases: 10.1.0-129 9.1.2-010."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unspecified"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6469",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Web Security Appliance (WSA)",
"version": {
"version_data": [
{
"version_value": "Cisco Web Security Appliance (WSA)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa"
},
{
"name" : "94775",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94775"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) vulnerability due to the proxy process unexpectedly restarting. More Information: CSCvb04312. Known Affected Releases: 9.0.1-162 9.1.1-074. Known Fixed Releases: 10.1.0-129 9.1.2-010."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa"
},
{
"name": "94775",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94775"
}
]
}
}

150
2016/6xxx/CVE-2016-6597.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6597",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Traveler is enabled, allows remote attackers to access arbitrary web-resources from the backend mail system via a request for the resource, aka an Open Reverse Proxy vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160805 Sophos Mobile Control EAS Proxy Open Reverse Proxy vulnerability (CVE-2016-6597)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/539126/100/0/threaded"
},
{
"name" : "https://www.pallas.com/advisories/sophos_eas_open_reverse_proxy_vulnerability",
"refsource" : "MISC",
"url" : "https://www.pallas.com/advisories/sophos_eas_open_reverse_proxy_vulnerability"
},
{
"name" : "http://packetstormsecurity.com/files/138210/Sophos-Mobile-Control-3.5.0.3-Open-Reverse-Proxy.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/138210/Sophos-Mobile-Control-3.5.0.3-Open-Reverse-Proxy.html"
},
{
"name" : "92351",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92351"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Traveler is enabled, allows remote attackers to access arbitrary web-resources from the backend mail system via a request for the resource, aka an Open Reverse Proxy vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92351",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92351"
},
{
"name": "https://www.pallas.com/advisories/sophos_eas_open_reverse_proxy_vulnerability",
"refsource": "MISC",
"url": "https://www.pallas.com/advisories/sophos_eas_open_reverse_proxy_vulnerability"
},
{
"name": "http://packetstormsecurity.com/files/138210/Sophos-Mobile-Control-3.5.0.3-Open-Reverse-Proxy.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/138210/Sophos-Mobile-Control-3.5.0.3-Open-Reverse-Proxy.html"
},
{
"name": "20160805 Sophos Mobile Control EAS Proxy Open Reverse Proxy vulnerability (CVE-2016-6597)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539126/100/0/threaded"
}
]
}
}

140
2016/6xxx/CVE-2016-6996.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6996",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-6996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
},
{
"name" : "93496",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93496"
},
{
"name" : "1036986",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036986"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036986",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036986"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
},
{
"name": "93496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93496"
}
]
}
}

160
2016/7xxx/CVE-2016-7591.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2016-7591",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"IOHIDFamily\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-7591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207422",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207422"
},
{
"name" : "https://support.apple.com/HT207423",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207423"
},
{
"name" : "https://support.apple.com/HT207487",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207487"
},
{
"name" : "94905",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94905"
},
{
"name" : "1037469",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037469"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"IOHIDFamily\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT207487",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207487"
},
{
"name": "https://support.apple.com/HT207422",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207422"
},
{
"name": "94905",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94905"
},
{
"name": "1037469",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037469"
},
{
"name": "https://support.apple.com/HT207423",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207423"
}
]
}
}

140
2016/7xxx/CVE-2016-7602.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2016-7602",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-7602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207423",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207423"
},
{
"name" : "94903",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94903"
},
{
"name" : "1037469",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037469"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94903",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94903"
},
{
"name": "1037469",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037469"
},
{
"name": "https://support.apple.com/HT207423",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207423"
}
]
}
}

34
2016/7xxx/CVE-2016-7725.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7725",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7725",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/8xxx/CVE-2016-8037.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8037",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-8037",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/8xxx/CVE-2016-8047.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8047",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8047",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

350
2016/8xxx/CVE-2016-8610.json
View File

@ -1,177 +1,177 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"DATE_PUBLIC" : "2016-10-24T00:00:00",
"ID" : "CVE-2016-8610",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "OpenSSL",
"version" : {
"version_data" : [
{
"version_value" : "All 0.9.8"
},
{
"version_value" : "All 1.0.1"
},
{
"version_value" : "1.0.2 through 1.0.2h"
},
{
"version_value" : "1.1.0"
}
]
}
}
]
},
"vendor_name" : "OpenSSL"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-400"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2016-10-24T00:00:00",
"ID": "CVE-2016-8610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenSSL",
"version": {
"version_data": [
{
"version_value": "All 0.9.8"
},
{
"version_value": "All 1.0.1"
},
{
"version_value": "1.0.2 through 1.0.2h"
},
{
"version_value": "1.1.0"
}
]
}
}
]
},
"vendor_name": "OpenSSL"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161024 CVE-2016-8610: SSL Death Alert: OpenSSL SSL/TLS SSL3_AL_WARNING undefined alert Remote DoS",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2016/q4/224"
},
{
"name" : "https://security.360.cn/cve/CVE-2016-8610/",
"refsource" : "MISC",
"url" : "https://security.360.cn/cve/CVE-2016-8610/"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610"
},
{
"name" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401",
"refsource" : "CONFIRM",
"url" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20171130-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20171130-0001/"
},
{
"name" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/87",
"refsource" : "CONFIRM",
"url" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/87"
},
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us"
},
{
"name" : "DSA-3773",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3773"
},
{
"name" : "FreeBSD-SA-16:35",
"refsource" : "FREEBSD",
"url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc"
},
{
"name" : "RHSA-2017:0286",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0286.html"
},
{
"name" : "RHSA-2017:0574",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
},
{
"name" : "RHSA-2017:1413",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1413"
},
{
"name" : "RHSA-2017:1414",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1414"
},
{
"name" : "RHSA-2017:1415",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
},
{
"name" : "RHSA-2017:1658",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1658"
},
{
"name" : "RHSA-2017:1659",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
},
{
"name" : "RHSA-2017:1801",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1801"
},
{
"name" : "RHSA-2017:1802",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1802"
},
{
"name" : "RHSA-2017:2493",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2493"
},
{
"name" : "RHSA-2017:2494",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2494"
},
{
"name" : "93841",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93841"
},
{
"name" : "1037084",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037084"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93841",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93841"
},
{
"name": "RHSA-2017:1659",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
},
{
"name": "RHSA-2017:1658",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1658"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171130-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171130-0001/"
},
{
"name": "RHSA-2017:1801",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1801"
},
{
"name": "RHSA-2017:0286",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0286.html"
},
{
"name": "RHSA-2017:1413",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1413"
},
{
"name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/87",
"refsource": "CONFIRM",
"url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/87"
},
{
"name": "RHSA-2017:2494",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2494"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610"
},
{
"name": "FreeBSD-SA-16:35",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc"
},
{
"name": "RHSA-2017:1414",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1414"
},
{
"name": "[oss-security] 20161024 CVE-2016-8610: SSL Death Alert: OpenSSL SSL/TLS SSL3_AL_WARNING undefined alert Remote DoS",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2016/q4/224"
},
{
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401"
},
{
"name": "https://security.360.cn/cve/CVE-2016-8610/",
"refsource": "MISC",
"url": "https://security.360.cn/cve/CVE-2016-8610/"
},
{
"name": "RHSA-2017:0574",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
},
{
"name": "DSA-3773",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3773"
},
{
"name": "RHSA-2017:1415",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
},
{
"name": "1037084",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037084"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us"
},
{
"name": "RHSA-2017:1802",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1802"
},
{
"name": "RHSA-2017:2493",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2493"
}
]
}
}