admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:35:46 +00:00
parent 617647373e
commit ef382d353a
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
55 changed files with 3749 additions and 3749 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

250
2006/1xxx/CVE-2006-1495.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1495",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in general/sendpassword.php in (1) PHPCollab 2.4 and 2.5.rc3, and (2) NetOffice 2.5.3-pl1 and 2.6.0b2 allows remote attackers to execute arbitrary SQL commands via the loginForm parameter in the \"forgotten password\" option."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "1617",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1617"
},
{
"name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/PHPCollab_NetOffice_SQLINJ.php",
"refsource" : "MISC",
"url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/PHPCollab_NetOffice_SQLINJ.php"
},
{
"name" : "GLSA-200812-20",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200812-20.xml"
},
{
"name" : "17283",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17283"
},
{
"name" : "17286",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17286"
},
{
"name" : "ADV-2006-1142",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1142"
},
{
"name" : "ADV-2006-1141",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1141"
},
{
"name" : "24226",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24226"
},
{
"name" : "24230",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24230"
},
{
"name" : "19449",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19449"
},
{
"name" : "19452",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19452"
},
{
"name" : "33258",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33258"
},
{
"name" : "phpcollab-sendpassword-sql-injection(25505)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25505"
},
{
"name" : "netoffice-sendpassword-sql-injection(25503)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25503"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in general/sendpassword.php in (1) PHPCollab 2.4 and 2.5.rc3, and (2) NetOffice 2.5.3-pl1 and 2.6.0b2 allows remote attackers to execute arbitrary SQL commands via the loginForm parameter in the \"forgotten password\" option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19449",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19449"
},
{
"name": "ADV-2006-1141",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1141"
},
{
"name": "17286",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17286"
},
{
"name": "phpcollab-sendpassword-sql-injection(25505)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25505"
},
{
"name": "1617",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1617"
},
{
"name": "netoffice-sendpassword-sql-injection(25503)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25503"
},
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/PHPCollab_NetOffice_SQLINJ.php",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/PHPCollab_NetOffice_SQLINJ.php"
},
{
"name": "19452",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19452"
},
{
"name": "ADV-2006-1142",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1142"
},
{
"name": "24230",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24230"
},
{
"name": "GLSA-200812-20",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200812-20.xml"
},
{
"name": "24226",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24226"
},
{
"name": "17283",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17283"
},
{
"name": "33258",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33258"
}
]
}
}

160
2006/5xxx/CVE-2006-5098.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5098",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote attackers to cause a denial of service (CPU consumption) via large w and h parameters, when resizing an image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.splitbrain.org/?do=details&id=924",
"refsource" : "CONFIRM",
"url" : "http://bugs.splitbrain.org/?do=details&id=924"
},
{
"name" : "GLSA-200609-20",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200609-20.xml"
},
{
"name" : "ADV-2006-3851",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3851"
},
{
"name" : "22192",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22192"
},
{
"name" : "22199",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22199"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote attackers to cause a denial of service (CPU consumption) via large w and h parameters, when resizing an image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3851",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3851"
},
{
"name": "GLSA-200609-20",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200609-20.xml"
},
{
"name": "http://bugs.splitbrain.org/?do=details&id=924",
"refsource": "CONFIRM",
"url": "http://bugs.splitbrain.org/?do=details&id=924"
},
{
"name": "22192",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22192"
},
{
"name": "22199",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22199"
}
]
}
}

150
2006/5xxx/CVE-2006-5138.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5138",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Groupee UBB.threads 6.5.1.1 allows remote attackers to obtain sensitive information via a direct request for cron/php/subscriptions.php, which reveals the path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060929 UBB.threads Multiple input validation error",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/447359/100/0/threaded"
},
{
"name" : "20266",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20266"
},
{
"name" : "1676",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1676"
},
{
"name" : "ubbthreads-subscriptions-path-disclosure(29273)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29273"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Groupee UBB.threads 6.5.1.1 allows remote attackers to obtain sensitive information via a direct request for cron/php/subscriptions.php, which reveals the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1676",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1676"
},
{
"name": "20266",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20266"
},
{
"name": "ubbthreads-subscriptions-path-disclosure(29273)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29273"
},
{
"name": "20060929 UBB.threads Multiple input validation error",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447359/100/0/threaded"
}
]
}
}

180
2006/5xxx/CVE-2006-5199.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5199",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Contribute Publishing Server leaks the administrator password in logs that are created during product installation, which allows local users to gain privileges to the server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb06-15.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb06-15.html"
},
{
"name" : "20439",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20439"
},
{
"name" : "ADV-2006-4001",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4001"
},
{
"name" : "29672",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29672"
},
{
"name" : "1017038",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017038"
},
{
"name" : "22329",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22329"
},
{
"name" : "adobe-log-password-disclosure(29441)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29441"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Contribute Publishing Server leaks the administrator password in logs that are created during product installation, which allows local users to gain privileges to the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29672",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29672"
},
{
"name": "22329",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22329"
},
{
"name": "adobe-log-password-disclosure(29441)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29441"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb06-15.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb06-15.html"
},
{
"name": "20439",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20439"
},
{
"name": "1017038",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017038"
},
{
"name": "ADV-2006-4001",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4001"
}
]
}
}

150
2006/5xxx/CVE-2006-5595.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5595",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the AirPcap support in Wireshark (formerly Ethereal) 0.99.3 has unspecified attack vectors related to WEP key parsing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2006-03.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2006-03.html"
},
{
"name" : "20762",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20762"
},
{
"name" : "oval:org.mitre.oval:def:14787",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14787"
},
{
"name" : "22590",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22590"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the AirPcap support in Wireshark (formerly Ethereal) 0.99.3 has unspecified attack vectors related to WEP key parsing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:14787",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14787"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2006-03.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2006-03.html"
},
{
"name": "22590",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22590"
},
{
"name": "20762",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20762"
}
]
}
}

180
2006/5xxx/CVE-2006-5637.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5637",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in faq_reply.php in Faq Administrator 2.1b allows remote attackers to execute arbitrary PHP code via a URL in the email parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061031 Likely vendor fix for Faq Administrator 2.1b",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2006-October/001100.html"
},
{
"name" : "2678",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2678"
},
{
"name" : "20796",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20796"
},
{
"name" : "ADV-2006-4254",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4254"
},
{
"name" : "30115",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/30115"
},
{
"name" : "22621",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22621"
},
{
"name" : "faq-faq-file-include(29868)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29868"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in faq_reply.php in Faq Administrator 2.1b allows remote attackers to execute arbitrary PHP code via a URL in the email parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061031 Likely vendor fix for Faq Administrator 2.1b",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-October/001100.html"
},
{
"name": "22621",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22621"
},
{
"name": "20796",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20796"
},
{
"name": "faq-faq-file-include(29868)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29868"
},
{
"name": "2678",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2678"
},
{
"name": "ADV-2006-4254",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4254"
},
{
"name": "30115",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30115"
}
]
}
}

260
2007/2xxx/CVE-2007-2185.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2185",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b allow remote attackers to execute arbitrary PHP code via a URL in the supa[db_path] parameter to (1) common_functions.php, (2) admin_auth_cookies.php, (3) admin_mods.php, (4) admin_news.php, (5) admin_topics.php, (6) admin_users.php, (7) admin_utilities.php, (8) site_comment.php, or (9) site_news.php; or the supa[include_path] parameter to (10) admin_settings.php or (11) backend_site.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3771",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3771"
},
{
"name" : "23581",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23581"
},
{
"name" : "ADV-2007-1492",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1492"
},
{
"name" : "38845",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38845"
},
{
"name" : "38846",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38846"
},
{
"name" : "38847",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38847"
},
{
"name" : "38848",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38848"
},
{
"name" : "38849",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38849"
},
{
"name" : "38850",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38850"
},
{
"name" : "38851",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38851"
},
{
"name" : "38852",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38852"
},
{
"name" : "38853",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38853"
},
{
"name" : "38854",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38854"
},
{
"name" : "38855",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38855"
},
{
"name" : "supasite-supa-file-include(33796)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33796"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b allow remote attackers to execute arbitrary PHP code via a URL in the supa[db_path] parameter to (1) common_functions.php, (2) admin_auth_cookies.php, (3) admin_mods.php, (4) admin_news.php, (5) admin_topics.php, (6) admin_users.php, (7) admin_utilities.php, (8) site_comment.php, or (9) site_news.php; or the supa[include_path] parameter to (10) admin_settings.php or (11) backend_site.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "supasite-supa-file-include(33796)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33796"
},
{
"name": "38845",
"refsource": "OSVDB",
"url": "http://osvdb.org/38845"
},
{
"name": "38849",
"refsource": "OSVDB",
"url": "http://osvdb.org/38849"
},
{
"name": "38846",
"refsource": "OSVDB",
"url": "http://osvdb.org/38846"
},
{
"name": "38851",
"refsource": "OSVDB",
"url": "http://osvdb.org/38851"
},
{
"name": "38855",
"refsource": "OSVDB",
"url": "http://osvdb.org/38855"
},
{
"name": "38854",
"refsource": "OSVDB",
"url": "http://osvdb.org/38854"
},
{
"name": "38853",
"refsource": "OSVDB",
"url": "http://osvdb.org/38853"
},
{
"name": "23581",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23581"
},
{
"name": "3771",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3771"
},
{
"name": "38847",
"refsource": "OSVDB",
"url": "http://osvdb.org/38847"
},
{
"name": "38848",
"refsource": "OSVDB",
"url": "http://osvdb.org/38848"
},
{
"name": "ADV-2007-1492",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1492"
},
{
"name": "38850",
"refsource": "OSVDB",
"url": "http://osvdb.org/38850"
},
{
"name": "38852",
"refsource": "OSVDB",
"url": "http://osvdb.org/38852"
}
]
}
}

210
2007/2xxx/CVE-2007-2348.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2348",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as \"get\" which could overwrite executable files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2007-2348",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=173524",
"refsource" : "CONFIRM",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=173524"
},
{
"name" : "http://lftp.yar.ru/news.html",
"refsource" : "CONFIRM",
"url" : "http://lftp.yar.ru/news.html"
},
{
"name" : "https://issues.rpath.com/browse/RPL-1229",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-1229"
},
{
"name" : "RHSA-2009:1278",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2009-1278.html"
},
{
"name" : "23736",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23736"
},
{
"name" : "oval:org.mitre.oval:def:10806",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10806"
},
{
"name" : "36559",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36559"
},
{
"name" : "ADV-2007-1590",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1590"
},
{
"name" : "25107",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25107"
},
{
"name" : "25132",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25132"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as \"get\" which could overwrite executable files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36559",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36559"
},
{
"name": "ADV-2007-1590",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1590"
},
{
"name": "https://issues.rpath.com/browse/RPL-1229",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1229"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=173524",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=173524"
},
{
"name": "25107",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25107"
},
{
"name": "RHSA-2009:1278",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1278.html"
},
{
"name": "23736",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23736"
},
{
"name": "http://lftp.yar.ru/news.html",
"refsource": "CONFIRM",
"url": "http://lftp.yar.ru/news.html"
},
{
"name": "25132",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25132"
},
{
"name": "oval:org.mitre.oval:def:10806",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10806"
}
]
}
}

160
2007/2xxx/CVE-2007-2375.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2375",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity of upgrades, which allows remote attackers to execute arbitrary code via software that implements the agent upgrade protocol."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.symantec.com/avcenter/security/Content/2007.04.05d.html",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/avcenter/security/Content/2007.04.05d.html"
},
{
"name" : "23287",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23287"
},
{
"name" : "ADV-2007-1277",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1277"
},
{
"name" : "1017881",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1017881"
},
{
"name" : "24767",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24767"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity of upgrades, which allows remote attackers to execute arbitrary code via software that implements the agent upgrade protocol."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23287",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23287"
},
{
"name": "1017881",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017881"
},
{
"name": "ADV-2007-1277",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1277"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2007.04.05d.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2007.04.05d.html"
},
{
"name": "24767",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24767"
}
]
}
}

140
2007/2xxx/CVE-2007-2422.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2422",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Modules Builder (modbuild) 4.1 for Comdev One Admin allow remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter to (1) config-bak.php or (2) config.php. NOTE: CVE disputes this vulnerability because the unmodified scripts set the applicable variable to the empty string; reasonable modified copies would use a fixed pathname string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070425 modbuild >> 4.1 Remote File Inclusion",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/466953/100/0/threaded"
},
{
"name" : "2659",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2659"
},
{
"name" : "modbuilder-config-file-include(33917)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33917"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Modules Builder (modbuild) 4.1 for Comdev One Admin allow remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter to (1) config-bak.php or (2) config.php. NOTE: CVE disputes this vulnerability because the unmodified scripts set the applicable variable to the empty string; reasonable modified copies would use a fixed pathname string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2659",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2659"
},
{
"name": "modbuilder-config-file-include(33917)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33917"
},
{
"name": "20070425 modbuild >> 4.1 Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466953/100/0/threaded"
}
]
}
}

150
2007/2xxx/CVE-2007-2848.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2848",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the SetPath function in the shComboBox ActiveX control (shcmb80.ocx) in Sky Software Shell MegaPack ActiveX 8.0 allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "24113",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24113"
},
{
"name" : "36581",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36581"
},
{
"name" : "25269",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25269"
},
{
"name" : "shell-megapack-shcombobox-bo(34458)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34458"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the SetPath function in the shComboBox ActiveX control (shcmb80.ocx) in Sky Software Shell MegaPack ActiveX 8.0 allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25269",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25269"
},
{
"name": "24113",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24113"
},
{
"name": "shell-megapack-shcombobox-bo(34458)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34458"
},
{
"name": "36581",
"refsource": "OSVDB",
"url": "http://osvdb.org/36581"
}
]
}
}

170
2007/2xxx/CVE-2007-2968.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2968",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in register.php in cpCommerce 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter (Full Name field)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2968",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070525 Vulnerability - cpCommerce - XSS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/469595/100/0/threaded"
},
{
"name" : "24166",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24166"
},
{
"name" : "36697",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36697"
},
{
"name" : "25424",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25424"
},
{
"name" : "2761",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2761"
},
{
"name" : "cpcommerce-fullname-xss(34517)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34517"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in register.php in cpCommerce 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter (Full Name field)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36697",
"refsource": "OSVDB",
"url": "http://osvdb.org/36697"
},
{
"name": "24166",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24166"
},
{
"name": "cpcommerce-fullname-xss(34517)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34517"
},
{
"name": "25424",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25424"
},
{
"name": "2761",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2761"
},
{
"name": "20070525 Vulnerability - cpCommerce - XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/469595/100/0/threaded"
}
]
}
}

34
2007/6xxx/CVE-2007-6024.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6024",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6024",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

190
2010/0xxx/CVE-2010-0149.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0149",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.2 before 7.2(4.46), 8.0 before 8.0(4.38), 8.1 before 8.1(2.29), and 8.2 before 8.2(1.5); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (prevention of new connections) via crafted TCP segments during termination of the TCP connection that cause the connection to remain in CLOSEWAIT status, aka \"TCP Connection Exhaustion Denial of Service Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-0149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100217 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910c.shtml"
},
{
"name" : "38275",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38275"
},
{
"name" : "62433",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/62433"
},
{
"name" : "1023612",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023612"
},
{
"name" : "38618",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38618"
},
{
"name" : "38636",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38636"
},
{
"name" : "ADV-2010-0415",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0415"
},
{
"name" : "cisco-asa-tcp-dos(56336)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56336"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.2 before 7.2(4.46), 8.0 before 8.0(4.38), 8.1 before 8.1(2.29), and 8.2 before 8.2(1.5); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (prevention of new connections) via crafted TCP segments during termination of the TCP connection that cause the connection to remain in CLOSEWAIT status, aka \"TCP Connection Exhaustion Denial of Service Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100217 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910c.shtml"
},
{
"name": "38275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38275"
},
{
"name": "38618",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38618"
},
{
"name": "62433",
"refsource": "OSVDB",
"url": "http://osvdb.org/62433"
},
{
"name": "cisco-asa-tcp-dos(56336)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56336"
},
{
"name": "38636",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38636"
},
{
"name": "1023612",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023612"
},
{
"name": "ADV-2010-0415",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0415"
}
]
}
}

190
2010/0xxx/CVE-2010-0150.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0150",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.2), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.16); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCsy91157."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-0150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100217 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910c.shtml"
},
{
"name" : "38277",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38277"
},
{
"name" : "62434",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/62434"
},
{
"name" : "1023612",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023612"
},
{
"name" : "38618",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38618"
},
{
"name" : "38636",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38636"
},
{
"name" : "ADV-2010-0415",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0415"
},
{
"name" : "cisco-asa5500-sip-dos(56338)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56338"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.2), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.16); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCsy91157."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38277"
},
{
"name": "20100217 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910c.shtml"
},
{
"name": "62434",
"refsource": "OSVDB",
"url": "http://osvdb.org/62434"
},
{
"name": "38618",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38618"
},
{
"name": "38636",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38636"
},
{
"name": "1023612",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023612"
},
{
"name": "ADV-2010-0415",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0415"
},
{
"name": "cisco-asa5500-sip-dos(56338)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56338"
}
]
}
}

190
2010/0xxx/CVE-2010-0784.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0784",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27004980",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27004980"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
},
{
"name" : "PM17046",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM17046"
},
{
"name" : "PM23872",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM23872"
},
{
"name" : "43874",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43874"
},
{
"name" : "41722",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41722"
},
{
"name" : "ADV-2010-2595",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2595"
},
{
"name" : "was-admins-console-xss(62948)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62948"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41722",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41722"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27004980",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27004980"
},
{
"name": "ADV-2010-2595",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2595"
},
{
"name": "43874",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43874"
},
{
"name": "was-admins-console-xss(62948)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62948"
},
{
"name": "PM23872",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM23872"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
},
{
"name": "PM17046",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM17046"
}
]
}
}

170
2010/1xxx/CVE-2010-1292.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1292",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The implementation of pami RIFF chunk parsing in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-1292",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100511 ZDI-10-089: Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/511242/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-089/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-089/"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-12.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
},
{
"name" : "oval:org.mitre.oval:def:7416",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7416"
},
{
"name" : "38751",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38751"
},
{
"name" : "ADV-2010-1128",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1128"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The implementation of pami RIFF chunk parsing in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38751"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-12.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
},
{
"name": "20100511 ZDI-10-089: Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511242/100/0/threaded"
},
{
"name": "ADV-2010-1128",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1128"
},
{
"name": "oval:org.mitre.oval:def:7416",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7416"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-089/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-089/"
}
]
}
}

34
2010/4xxx/CVE-2010-4127.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4127",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2010-4127",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}

34
2010/4xxx/CVE-2010-4266.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4266",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4266",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2010/4xxx/CVE-2010-4978.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4978",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in image/view.php in CANDID allows remote attackers to inject arbitrary web script or HTML via the image_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.packetstormsecurity.com/1006-exploits/candid-sql.txt",
"refsource" : "MISC",
"url" : "http://www.packetstormsecurity.com/1006-exploits/candid-sql.txt"
},
{
"name" : "41216",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41216"
},
{
"name" : "8493",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8493"
},
{
"name" : "candid-view-xss(59943)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59943"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in image/view.php in CANDID allows remote attackers to inject arbitrary web script or HTML via the image_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41216",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41216"
},
{
"name": "candid-view-xss(59943)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59943"
},
{
"name": "8493",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8493"
},
{
"name": "http://www.packetstormsecurity.com/1006-exploits/candid-sql.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.com/1006-exploits/candid-sql.txt"
}
]
}
}

190
2010/5xxx/CVE-2010-5096.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5096",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or (2) do_stuff action to private.php. NOTE: the vendor disputes this issue, saying \"Although this doesn't lead to an SQL injection, it does provide a general MyBB SQL error.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-5096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120323 CVE-request: MyBB 1.6 <= SQL Injection",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/03/23/4"
},
{
"name" : "[oss-security] 20120325 Re: CVE-request: MyBB 1.6 <= SQL Injection",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/03/25/1"
},
{
"name" : "[oss-security] 20120508 CVE-request: MyBB before 1.6.1",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/05/08/3"
},
{
"name" : "[oss-security] 20120508 Re: CVE-request: MyBB before 1.6.1",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/05/08/7"
},
{
"name" : "http://dev.mybb.com/issues/1330",
"refsource" : "MISC",
"url" : "http://dev.mybb.com/issues/1330"
},
{
"name" : "45565",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45565"
},
{
"name" : "70013",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/70013"
},
{
"name" : "70014",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/70014"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or (2) do_stuff action to private.php. NOTE: the vendor disputes this issue, saying \"Although this doesn't lead to an SQL injection, it does provide a general MyBB SQL error.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70014",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70014"
},
{
"name": "http://dev.mybb.com/issues/1330",
"refsource": "MISC",
"url": "http://dev.mybb.com/issues/1330"
},
{
"name": "[oss-security] 20120508 Re: CVE-request: MyBB before 1.6.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/08/7"
},
{
"name": "70013",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70013"
},
{
"name": "45565",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45565"
},
{
"name": "[oss-security] 20120325 Re: CVE-request: MyBB 1.6 <= SQL Injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/25/1"
},
{
"name": "[oss-security] 20120508 CVE-request: MyBB before 1.6.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/08/3"
},
{
"name": "[oss-security] 20120323 CVE-request: MyBB 1.6 <= SQL Injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/23/4"
}
]
}
}

200
2010/5xxx/CVE-2010-5179.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5179",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Race condition in Trend Micro Internet Security Pro 2010 17.50.1647.0000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
},
{
"name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
},
{
"name" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/",
"refsource" : "MISC",
"url" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
},
{
"name" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
"refsource" : "MISC",
"url" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
},
{
"name" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
"refsource" : "MISC",
"url" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
},
{
"name" : "http://www.f-secure.com/weblog/archives/00001949.html",
"refsource" : "MISC",
"url" : "http://www.f-secure.com/weblog/archives/00001949.html"
},
{
"name" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/",
"refsource" : "MISC",
"url" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
},
{
"name" : "39924",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39924"
},
{
"name" : "67660",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/67660"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Race condition in Trend Micro Internet Security Pro 2010 17.50.1647.0000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
},
{
"name": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/",
"refsource": "MISC",
"url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
},
{
"name": "39924",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39924"
},
{
"name": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
"refsource": "MISC",
"url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
},
{
"name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
},
{
"name": "67660",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/67660"
},
{
"name": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/",
"refsource": "MISC",
"url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
},
{
"name": "http://www.f-secure.com/weblog/archives/00001949.html",
"refsource": "MISC",
"url": "http://www.f-secure.com/weblog/archives/00001949.html"
},
{
"name": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
"refsource": "MISC",
"url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
}
]
}
}

200
2010/5xxx/CVE-2010-5183.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5183",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Race condition in Webroot Internet Security Essentials 6.1.0.145 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
},
{
"name" : "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
},
{
"name" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/",
"refsource" : "MISC",
"url" : "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
},
{
"name" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
"refsource" : "MISC",
"url" : "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
},
{
"name" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
"refsource" : "MISC",
"url" : "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
},
{
"name" : "http://www.f-secure.com/weblog/archives/00001949.html",
"refsource" : "MISC",
"url" : "http://www.f-secure.com/weblog/archives/00001949.html"
},
{
"name" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/",
"refsource" : "MISC",
"url" : "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
},
{
"name" : "39924",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39924"
},
{
"name" : "67660",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/67660"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Race condition in Webroot Internet Security Essentials 6.1.0.145 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
},
{
"name": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/",
"refsource": "MISC",
"url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
},
{
"name": "39924",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39924"
},
{
"name": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
"refsource": "MISC",
"url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
},
{
"name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
},
{
"name": "67660",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/67660"
},
{
"name": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/",
"refsource": "MISC",
"url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
},
{
"name": "http://www.f-secure.com/weblog/archives/00001949.html",
"refsource": "MISC",
"url": "http://www.f-secure.com/weblog/archives/00001949.html"
},
{
"name": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
"refsource": "MISC",
"url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
}
]
}
}

190
2014/0xxx/CVE-2014-0069.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0069",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[linux-cifs] 20140214 [PATCH] cifs: ensure that uncached writes handle unmapped areas correctly",
"refsource" : "MLIST",
"url" : "http://article.gmane.org/gmane.linux.kernel.cifs/9401"
},
{
"name" : "[oss-security] 20140217 CVE-2014-0069 -- kernel: cifs: incorrect handling of bogus user pointers during uncached writes",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/02/17/4"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5d81de8e8667da7135d3a32a964087c0faf5483f",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5d81de8e8667da7135d3a32a964087c0faf5483f"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1064253",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1064253"
},
{
"name" : "https://github.com/torvalds/linux/commit/5d81de8e8667da7135d3a32a964087c0faf5483f",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/5d81de8e8667da7135d3a32a964087c0faf5483f"
},
{
"name" : "RHSA-2014:0328",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0328.html"
},
{
"name" : "SUSE-SU-2014:0459",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html"
},
{
"name" : "65588",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65588"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[linux-cifs] 20140214 [PATCH] cifs: ensure that uncached writes handle unmapped areas correctly",
"refsource": "MLIST",
"url": "http://article.gmane.org/gmane.linux.kernel.cifs/9401"
},
{
"name": "65588",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65588"
},
{
"name": "https://github.com/torvalds/linux/commit/5d81de8e8667da7135d3a32a964087c0faf5483f",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/5d81de8e8667da7135d3a32a964087c0faf5483f"
},
{
"name": "RHSA-2014:0328",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0328.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1064253",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064253"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5d81de8e8667da7135d3a32a964087c0faf5483f",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5d81de8e8667da7135d3a32a964087c0faf5483f"
},
{
"name": "[oss-security] 20140217 CVE-2014-0069 -- kernel: cifs: incorrect handling of bogus user pointers during uncached writes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/02/17/4"
},
{
"name": "SUSE-SU-2014:0459",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html"
}
]
}
}

150
2014/0xxx/CVE-2014-0089.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0089",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x before 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name when adding a bookmark."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1071741",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1071741"
},
{
"name" : "http://projects.theforeman.org/issues/4456",
"refsource" : "CONFIRM",
"url" : "http://projects.theforeman.org/issues/4456"
},
{
"name" : "http://theforeman.org/security.html",
"refsource" : "CONFIRM",
"url" : "http://theforeman.org/security.html"
},
{
"name" : "57575",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57575"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x before 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name when adding a bookmark."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1071741",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1071741"
},
{
"name": "http://projects.theforeman.org/issues/4456",
"refsource": "CONFIRM",
"url": "http://projects.theforeman.org/issues/4456"
},
{
"name": "http://theforeman.org/security.html",
"refsource": "CONFIRM",
"url": "http://theforeman.org/security.html"
},
{
"name": "57575",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57575"
}
]
}
}

34
2014/0xxx/CVE-2014-0147.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0147",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-0147",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2014/0xxx/CVE-2014-0328.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0328",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The thraneLINK protocol implementation on Cobham devices does not verify firmware signatures, which allows attackers to execute arbitrary code by leveraging physical access or terminal access to send an SNMP request and a TFTP response."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-0328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#179732",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/179732"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The thraneLINK protocol implementation on Cobham devices does not verify firmware signatures, which allows attackers to execute arbitrary code by leveraging physical access or terminal access to send an SNMP request and a TFTP response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#179732",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/179732"
}
]
}
}

130
2014/0xxx/CVE-2014-0470.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0470",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "super.c in Super 3.30.0 does not check the return value of the setuid function when the -F flag is set, which allows local users to gain privileges via unspecified vectors, aka an RLIMIT_NPROC attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-0470",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140428 super unchecked setuid (CVE-2014-0470)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/04/28/6"
},
{
"name" : "DSA-2917",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2917"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "super.c in Super 3.30.0 does not check the return value of the setuid function when the -F flag is set, which allows local users to gain privileges via unspecified vectors, aka an RLIMIT_NPROC attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2917",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2917"
},
{
"name": "[oss-security] 20140428 super unchecked setuid (CVE-2014-0470)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/04/28/6"
}
]
}
}

150
2014/0xxx/CVE-2014-0615.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0615",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2, and 13.3 before 13.3R1 allows local users to gain privileges via vectors related to \"certain combinations of Junos OS CLI commands and arguments.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-0615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10608",
"refsource" : "CONFIRM",
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10608"
},
{
"name" : "64762",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64762"
},
{
"name" : "101862",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/101862"
},
{
"name" : "1029585",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029585"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2, and 13.3 before 13.3R1 allows local users to gain privileges via vectors related to \"certain combinations of Junos OS CLI commands and arguments.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101862",
"refsource": "OSVDB",
"url": "http://osvdb.org/101862"
},
{
"name": "64762",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64762"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10608",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10608"
},
{
"name": "1029585",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029585"
}
]
}
}

150
2014/0xxx/CVE-2014-0895.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0895",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the vsflex8l ActiveX control in IBM SPSS SamplePower 3.0.1 before FP1 3.0.1-IM-S3SAMPC-WIN32-FP001-IF02 allows remote attackers to execute arbitrary code via a crafted ComboList property value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0895",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21666790",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21666790"
},
{
"name" : "http://www.solarwinds.com/documentation/orion/docs/releasenotes/releasenotes.htm",
"refsource" : "CONFIRM",
"url" : "http://www.solarwinds.com/documentation/orion/docs/releasenotes/releasenotes.htm"
},
{
"name" : "PI09800",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI09800"
},
{
"name" : "ibm-spss-cve20140895-code-exec(91314)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91314"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the vsflex8l ActiveX control in IBM SPSS SamplePower 3.0.1 before FP1 3.0.1-IM-S3SAMPC-WIN32-FP001-IF02 allows remote attackers to execute arbitrary code via a crafted ComboList property value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21666790",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21666790"
},
{
"name": "ibm-spss-cve20140895-code-exec(91314)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91314"
},
{
"name": "PI09800",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI09800"
},
{
"name": "http://www.solarwinds.com/documentation/orion/docs/releasenotes/releasenotes.htm",
"refsource": "CONFIRM",
"url": "http://www.solarwinds.com/documentation/orion/docs/releasenotes/releasenotes.htm"
}
]
}
}

170
2014/1xxx/CVE-2014-1343.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1343",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-1343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT6254",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT6254"
},
{
"name" : "https://support.apple.com/kb/HT6537",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT6537"
},
{
"name" : "APPLE-SA-2014-05-21-1",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html"
},
{
"name" : "APPLE-SA-2014-06-30-3",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
},
{
"name" : "APPLE-SA-2014-06-30-4",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html"
},
{
"name" : "67553",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67553"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT6537",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT6537"
},
{
"name": "APPLE-SA-2014-06-30-4",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html"
},
{
"name": "http://support.apple.com/kb/HT6254",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6254"
},
{
"name": "APPLE-SA-2014-06-30-3",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
},
{
"name": "67553",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67553"
},
{
"name": "APPLE-SA-2014-05-21-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html"
}
]
}
}

34
2014/1xxx/CVE-2014-1605.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1605",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1605",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/1xxx/CVE-2014-1754.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1754",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Server 2013 Gold and SP1, and SharePoint Server 2013 Client Components SDK allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka \"SharePoint XSS Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-1754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-022",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-022"
},
{
"name" : "67288",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67288"
},
{
"name" : "1030227",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030227"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Server 2013 Gold and SP1, and SharePoint Server 2013 Client Components SDK allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka \"SharePoint XSS Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS14-022",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-022"
},
{
"name": "1030227",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030227"
},
{
"name": "67288",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67288"
}
]
}
}

150
2014/4xxx/CVE-2014-4096.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4096",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-4087, CVE-2014-4095, and CVE-2014-4101."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-4096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-052",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052"
},
{
"name" : "69601",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69601"
},
{
"name" : "1030818",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030818"
},
{
"name" : "ms-ie-cve20144096-code-exec(95526)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95526"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-4087, CVE-2014-4095, and CVE-2014-4101."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ms-ie-cve20144096-code-exec(95526)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95526"
},
{
"name": "1030818",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030818"
},
{
"name": "MS14-052",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052"
},
{
"name": "69601",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69601"
}
]
}
}

34
2014/4xxx/CVE-2014-4125.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4125",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-4125",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

120
2014/4xxx/CVE-2014-4694.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4694",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in suricata_select_alias.php in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via unspecified variables."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc",
"refsource" : "CONFIRM",
"url" : "https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in suricata_select_alias.php in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via unspecified variables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc",
"refsource": "CONFIRM",
"url": "https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc"
}
]
}
}

140
2014/5xxx/CVE-2014-5313.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5313",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the management page in Six Apart Movable Type before 5.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-5313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://jvn.jp/en/jp/JVN73357573/370331/index.html",
"refsource" : "CONFIRM",
"url" : "http://jvn.jp/en/jp/JVN73357573/370331/index.html"
},
{
"name" : "JVN#73357573",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN73357573/index.html"
},
{
"name" : "JVNDB-2014-000104",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000104"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the management page in Six Apart Movable Type before 5.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2014-000104",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000104"
},
{
"name": "http://jvn.jp/en/jp/JVN73357573/370331/index.html",
"refsource": "CONFIRM",
"url": "http://jvn.jp/en/jp/JVN73357573/370331/index.html"
},
{
"name": "JVN#73357573",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN73357573/index.html"
}
]
}
}

120
2014/9xxx/CVE-2014-9201.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9201",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Beckwith Electric M-6200 Digital Voltage Regulator Control with firmware before D-0198V04.07.00, M-6200A Digital Voltage Regulator Control with firmware before D-0228V02.01.07, M-2001D Digital Tapchanger Control with firmware before D-0214V01.10.04, M-6283A Three Phase Digital Capacitor Bank Control with firmware before D-0346V03.00.02, M-6280A Digital Capacitor Bank Control with firmware before D-0254V03.05.05, and M-6280 Digital Capacitor Bank Control do not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-9201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-153-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-153-01"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Beckwith Electric M-6200 Digital Voltage Regulator Control with firmware before D-0198V04.07.00, M-6200A Digital Voltage Regulator Control with firmware before D-0228V02.01.07, M-2001D Digital Tapchanger Control with firmware before D-0214V01.10.04, M-6283A Three Phase Digital Capacitor Bank Control with firmware before D-0346V03.00.02, M-6280A Digital Capacitor Bank Control with firmware before D-0254V03.05.05, and M-6280 Digital Capacitor Bank Control do not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-153-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-153-01"
}
]
}
}

34
2014/9xxx/CVE-2014-9631.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9631",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9631",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

174
2016/3xxx/CVE-2016-3019.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-3019",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Access Manager",
"version" : {
"version_data" : [
{
"version_value" : "9.0.0.1"
},
{
"version_value" : "9.0.0"
},
{
"version_value" : "9.0.1.0"
},
{
"version_value" : "9.0.2.0"
},
{
"version_value" : "9.0.3"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 114462."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-3019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0.0.1"
},
{
"version_value": "9.0.0"
},
{
"version_value": "9.0.1.0"
},
{
"version_value": "9.0.2.0"
},
{
"version_value": "9.0.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/114462",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/114462"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21988419",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21988419"
},
{
"name" : "98832",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98832"
},
{
"name" : "1038616",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038616"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 114462."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98832",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98832"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21988419",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21988419"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/114462",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/114462"
},
{
"name": "1038616",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038616"
}
]
}
}

140
2016/3xxx/CVE-2016-3868.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3868",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Qualcomm power driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28967028 and Qualcomm internal bug CR1032875."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-09-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-09-01.html"
},
{
"name" : "92883",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92883"
},
{
"name" : "1036763",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036763"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Qualcomm power driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28967028 and Qualcomm internal bug CR1032875."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92883",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92883"
},
{
"name": "http://source.android.com/security/bulletin/2016-09-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-09-01.html"
},
{
"name": "1036763",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036763"
}
]
}
}

140
2016/7xxx/CVE-2016-7122.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7122",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7122",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161008 ffmpeg before 3.1.4 [CVE-2016-7562] [CVE-2016-7122] [CVE-2016-7450] [CVE-2016-7502] [CVE-2016-7555] [CVE-2016-7785] [CVE-2016-7905]",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/08/1"
},
{
"name" : "GLSA-201701-71",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-71"
},
{
"name" : "94839",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94839"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20161008 ffmpeg before 3.1.4 [CVE-2016-7562] [CVE-2016-7122] [CVE-2016-7450] [CVE-2016-7502] [CVE-2016-7555] [CVE-2016-7785] [CVE-2016-7905]",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/08/1"
},
{
"name": "GLSA-201701-71",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-71"
},
{
"name": "94839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94839"
}
]
}
}

150
2016/7xxx/CVE-2016-7188.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2016-7188",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Standard Collector Service in Windows Diagnostics Hub in Microsoft Windows 10 Gold, 1511, and 1607 mishandles library loading, which allows local users to gain privileges via a crafted application, aka \"Windows Diagnostics Hub Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "40562",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40562/"
},
{
"name" : "MS16-125",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-125"
},
{
"name" : "93359",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93359"
},
{
"name" : "1036997",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036997"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Standard Collector Service in Windows Diagnostics Hub in Microsoft Windows 10 Gold, 1511, and 1607 mishandles library loading, which allows local users to gain privileges via a crafted application, aka \"Windows Diagnostics Hub Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036997",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036997"
},
{
"name": "MS16-125",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-125"
},
{
"name": "93359",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93359"
},
{
"name": "40562",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40562/"
}
]
}
}

140
2016/7xxx/CVE-2016-7284.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2016-7284",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 10 and 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Internet Explorer Information Disclosure Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-144",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-144"
},
{
"name" : "94725",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94725"
},
{
"name" : "1037448",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037448"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 10 and 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Internet Explorer Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-144",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-144"
},
{
"name": "94725",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94725"
},
{
"name": "1037448",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037448"
}
]
}
}

160
2016/7xxx/CVE-2016-7784.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7784",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20161102 Disclose [10 * cve] in Exponent CMS",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/Nov/12"
},
{
"name" : "http://packetstormsecurity.com/files/139484/Exponent-CMS-2.3.9-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/139484/Exponent-CMS-2.3.9-SQL-Injection.html"
},
{
"name" : "https://github.com/exponentcms/exponent-cms/commit/1965e3719986406576898668855b8afbab43ed2c",
"refsource" : "CONFIRM",
"url" : "https://github.com/exponentcms/exponent-cms/commit/1965e3719986406576898668855b8afbab43ed2c"
},
{
"name" : "97232",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97232"
},
{
"name" : "1037252",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037252"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037252",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037252"
},
{
"name": "http://packetstormsecurity.com/files/139484/Exponent-CMS-2.3.9-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/139484/Exponent-CMS-2.3.9-SQL-Injection.html"
},
{
"name": "20161102 Disclose [10 * cve] in Exponent CMS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Nov/12"
},
{
"name": "97232",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97232"
},
{
"name": "https://github.com/exponentcms/exponent-cms/commit/1965e3719986406576898668855b8afbab43ed2c",
"refsource": "CONFIRM",
"url": "https://github.com/exponentcms/exponent-cms/commit/1965e3719986406576898668855b8afbab43ed2c"
}
]
}
}

140
2016/7xxx/CVE-2016-7822.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2016-7822",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "WNC01WH",
"version" : {
"version_data" : [
{
"version_value" : "firmware version 1.0.0.8 and earlier"
}
]
}
}
]
},
"vendor_name" : "BUFFALO INC."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7822",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WNC01WH",
"version": {
"version_data": [
{
"version_value": "firmware version 1.0.0.8 and earlier"
}
]
}
}
]
},
"vendor_name": "BUFFALO INC."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://buffalo.jp/support_s/s20161201.html",
"refsource" : "CONFIRM",
"url" : "http://buffalo.jp/support_s/s20161201.html"
},
{
"name" : "JVN#40613060",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"name" : "94648",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94648"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#40613060",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"name": "http://buffalo.jp/support_s/s20161201.html",
"refsource": "CONFIRM",
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94648"
}
]
}
}

130
2016/8xxx/CVE-2016-8105.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"ID" : "CVE-2016-8105",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Intel Ethernet Controller X710 family and Intel Ethernet Controller XL710 family",
"version" : {
"version_data" : [
{
"version_value" : "Before 22.0"
}
]
}
}
]
},
"vendor_name" : "Intel"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Drivers for the Intel Ethernet Controller X710 and Intel Ethernet Controller XL710 families before version 22.0 are vulnerable to a denial of service in certain layer 2 network configurations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2016-8105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel Ethernet Controller X710 family and Intel Ethernet Controller XL710 family",
"version": {
"version_data": [
{
"version_value": "Before 22.0"
}
]
}
}
]
},
"vendor_name": "Intel"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00069&languageid=en-fr",
"refsource" : "CONFIRM",
"url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00069&languageid=en-fr"
},
{
"name" : "96474",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96474"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Drivers for the Intel Ethernet Controller X710 and Intel Ethernet Controller XL710 families before version 22.0 are vulnerable to a denial of service in certain layer 2 network configurations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96474",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96474"
},
{
"name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00069&languageid=en-fr",
"refsource": "CONFIRM",
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00069&languageid=en-fr"
}
]
}
}

140
2016/8xxx/CVE-2016-8425.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2016-8425",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Kernel-3.10"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31797770. References: N-CVE-2016-8425."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-8425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Kernel-3.10"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-01-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-01-01.html"
},
{
"name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
"refsource" : "CONFIRM",
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"name" : "95231",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95231"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31797770. References: N-CVE-2016-8425."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-01-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-01-01.html"
},
{
"name": "95231",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95231"
},
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
}
]
}
}

130
2016/8xxx/CVE-2016-8796.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2016-8796",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "USG9520,USG9560,USG9580, USG9520 V300R001C01,USG9560 V300R001C01,USG9580 V300R001C01",
"version" : {
"version_data" : [
{
"version_value" : "USG9520,USG9560,USG9580, USG9520 V300R001C01,USG9560 V300R001C01,USG9580 V300R001C01"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei USG9520 V300R001C01, USG9560 V300R001C01, and USG9580 V300R001C01 allow unauthenticated attackers to send abnormal DHCP request packets to the affected products to trigger a DoS condition."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "denial of service"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2016-8796",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "USG9520,USG9560,USG9580, USG9520 V300R001C01,USG9560 V300R001C01,USG9580 V300R001C01",
"version": {
"version_data": [
{
"version_value": "USG9520,USG9560,USG9580, USG9520 V300R001C01,USG9560 V300R001C01,USG9580 V300R001C01"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-firewall-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-firewall-en"
},
{
"name" : "94405",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94405"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei USG9520 V300R001C01, USG9560 V300R001C01, and USG9580 V300R001C01 allow unauthenticated attackers to send abnormal DHCP request packets to the affected products to trigger a DoS condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94405",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94405"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-firewall-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161116-01-firewall-en"
}
]
}
}

34
2016/8xxx/CVE-2016-8874.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8874",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8874",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2016/8xxx/CVE-2016-8906.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8906",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the \"Site Browser > Links pages\" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://seclists.org/fulldisclosure/2016/Nov/0",
"refsource" : "MISC",
"url" : "http://seclists.org/fulldisclosure/2016/Nov/0"
},
{
"name" : "https://github.com/dotCMS/core/pull/8460/",
"refsource" : "MISC",
"url" : "https://github.com/dotCMS/core/pull/8460/"
},
{
"name" : "https://github.com/dotCMS/core/pull/8468/",
"refsource" : "MISC",
"url" : "https://github.com/dotCMS/core/pull/8468/"
},
{
"name" : "https://security.elarlang.eu/multiple-sql-injection-vulnerabilities-in-dotcms-8x-cve-full-disclosure.html",
"refsource" : "MISC",
"url" : "https://security.elarlang.eu/multiple-sql-injection-vulnerabilities-in-dotcms-8x-cve-full-disclosure.html"
},
{
"name" : "94311",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94311"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the \"Site Browser > Links pages\" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dotCMS/core/pull/8460/",
"refsource": "MISC",
"url": "https://github.com/dotCMS/core/pull/8460/"
},
{
"name": "94311",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94311"
},
{
"name": "http://seclists.org/fulldisclosure/2016/Nov/0",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2016/Nov/0"
},
{
"name": "https://github.com/dotCMS/core/pull/8468/",
"refsource": "MISC",
"url": "https://github.com/dotCMS/core/pull/8468/"
},
{
"name": "https://security.elarlang.eu/multiple-sql-injection-vulnerabilities-in-dotcms-8x-cve-full-disclosure.html",
"refsource": "MISC",
"url": "https://security.elarlang.eu/multiple-sql-injection-vulnerabilities-in-dotcms-8x-cve-full-disclosure.html"
}
]
}
}

34
2016/9xxx/CVE-2016-9787.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9787",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-9787",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

150
2016/9xxx/CVE-2016-9828.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9828",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dumpBuffer function in read.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SWF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161201 libming: listswf: NULL pointer dereference in dumpBuffer (read.c)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/12/01/8"
},
{
"name" : "[oss-security] 20161204 Re: libming: listswf: NULL pointer dereference in dumpBuffer (read.c)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/12/05/3"
},
{
"name" : "https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-null-pointer-dereference-in-dumpbuffer-read-c/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-null-pointer-dereference-in-dumpbuffer-read-c/"
},
{
"name" : "94627",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94627"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dumpBuffer function in read.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SWF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20161201 libming: listswf: NULL pointer dereference in dumpBuffer (read.c)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/01/8"
},
{
"name": "https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-null-pointer-dereference-in-dumpbuffer-read-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-null-pointer-dereference-in-dumpbuffer-read-c/"
},
{
"name": "94627",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94627"
},
{
"name": "[oss-security] 20161204 Re: libming: listswf: NULL pointer dereference in dumpBuffer (read.c)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/3"
}
]
}
}

34
2019/2xxx/CVE-2019-2916.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2916",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2916",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2926.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2926",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2926",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}