admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:40:46 +00:00
parent bc4b3c012f
commit f11313897d
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
45 changed files with 3700 additions and 3700 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

440
2006/0xxx/CVE-2006-0024.json
View File

@ -1,222 +1,222 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0024",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 and earlier allow remote attackers to execute arbitrary code via a crafted SWF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-0024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.macromedia.com/devnet/security/security_zone/apsb06-03.html",
"refsource" : "CONFIRM",
"url" : "http://www.macromedia.com/devnet/security/security_zone/apsb06-03.html"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=307179",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"name" : "APPLE-SA-2006-05-11",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
},
{
"name" : "APPLE-SA-2007-12-17",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name" : "GLSA-200603-20",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200603-20.xml"
},
{
"name" : "MS06-020",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-020"
},
{
"name" : "RHSA-2006:0268",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0268.html"
},
{
"name" : "SUSE-SA:2006:015",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_15_flashplayer.html"
},
{
"name" : "http://www.opera.com/docs/changelogs/windows/854/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/windows/854/"
},
{
"name" : "TA06-075A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-075A.html"
},
{
"name" : "TA06-129A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-129A.html"
},
{
"name" : "TA06-132A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
},
{
"name" : "TA07-352A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name" : "VU#945060",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/945060"
},
{
"name" : "17106",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17106"
},
{
"name" : "17951",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17951"
},
{
"name" : "ADV-2006-0952",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0952"
},
{
"name" : "ADV-2006-1744",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1744"
},
{
"name" : "ADV-2006-1779",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1779"
},
{
"name" : "ADV-2006-1262",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1262"
},
{
"name" : "ADV-2007-4238",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name" : "23908",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23908"
},
{
"name" : "oval:org.mitre.oval:def:1894",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1894"
},
{
"name" : "oval:org.mitre.oval:def:1922",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1922"
},
{
"name" : "1015770",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015770"
},
{
"name" : "19218",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19218"
},
{
"name" : "19259",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19259"
},
{
"name" : "19198",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19198"
},
{
"name" : "19328",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19328"
},
{
"name" : "20077",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20077"
},
{
"name" : "20045",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20045"
},
{
"name" : "28136",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28136"
},
{
"name" : "macromedia-swf-code-execution(25005)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25005"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 and earlier allow remote attackers to execute arbitrary code via a crafted SWF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17951",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17951"
},
{
"name": "http://www.macromedia.com/devnet/security/security_zone/apsb06-03.html",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/devnet/security/security_zone/apsb06-03.html"
},
{
"name": "ADV-2007-4238",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name": "macromedia-swf-code-execution(25005)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25005"
},
{
"name": "TA07-352A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name": "ADV-2006-1779",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1779"
},
{
"name": "23908",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23908"
},
{
"name": "ADV-2006-1262",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1262"
},
{
"name": "17106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17106"
},
{
"name": "TA06-132A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
},
{
"name": "28136",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28136"
},
{
"name": "19259",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19259"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/854/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/854/"
},
{
"name": "TA06-129A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-129A.html"
},
{
"name": "1015770",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015770"
},
{
"name": "RHSA-2006:0268",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0268.html"
},
{
"name": "GLSA-200603-20",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-20.xml"
},
{
"name": "20045",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20045"
},
{
"name": "APPLE-SA-2007-12-17",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name": "APPLE-SA-2006-05-11",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
},
{
"name": "SUSE-SA:2006:015",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_15_flashplayer.html"
},
{
"name": "TA06-075A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-075A.html"
},
{
"name": "oval:org.mitre.oval:def:1922",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1922"
},
{
"name": "19328",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19328"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307179",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"name": "19218",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19218"
},
{
"name": "19198",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19198"
},
{
"name": "ADV-2006-1744",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1744"
},
{
"name": "20077",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20077"
},
{
"name": "oval:org.mitre.oval:def:1894",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1894"
},
{
"name": "MS06-020",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-020"
},
{
"name": "ADV-2006-0952",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0952"
},
{
"name": "VU#945060",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/945060"
}
]
}
}

160
2006/0xxx/CVE-2006-0101.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0101",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 Beta 20051202 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p and (2) keyword parameters in (a) index.php and (b) search.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://osvdb.org/ref/22/22373-sblog.txt",
"refsource" : "MISC",
"url" : "http://osvdb.org/ref/22/22373-sblog.txt"
},
{
"name" : "ADV-2006-0041",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0041"
},
{
"name" : "22373",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22373"
},
{
"name" : "22374",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22374"
},
{
"name" : "sblog-multiple-scripts-xss(23979)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23979"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 Beta 20051202 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p and (2) keyword parameters in (a) index.php and (b) search.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://osvdb.org/ref/22/22373-sblog.txt",
"refsource": "MISC",
"url": "http://osvdb.org/ref/22/22373-sblog.txt"
},
{
"name": "ADV-2006-0041",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0041"
},
{
"name": "22373",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22373"
},
{
"name": "sblog-multiple-scripts-xss(23979)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23979"
},
{
"name": "22374",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22374"
}
]
}
}

140
2006/1xxx/CVE-2006-1253.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1253",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote attackers to bypass IP checks via a crafted DNS hostname, possibly a hostname that appears to be an IP address."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.glftpd.com/files/docs/changelog",
"refsource" : "CONFIRM",
"url" : "http://www.glftpd.com/files/docs/changelog"
},
{
"name" : "17118",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17118"
},
{
"name" : "19221",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19221"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote attackers to bypass IP checks via a crafted DNS hostname, possibly a hostname that appears to be an IP address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17118",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17118"
},
{
"name": "19221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19221"
},
{
"name": "http://www.glftpd.com/files/docs/changelog",
"refsource": "CONFIRM",
"url": "http://www.glftpd.com/files/docs/changelog"
}
]
}
}

170
2006/1xxx/CVE-2006-1482.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1482",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in ConfTool 1.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060327 CanfTool v1.1 Cross Site Scripting Attack",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/428899/100/0/threaded"
},
{
"name" : "20060328 Conftool, not Canftool; appears to be distributable",
"refsource" : "VIM",
"url" : "http://attrition.org/pipermail/vim/2006-March/000664.html"
},
{
"name" : "17231",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17231"
},
{
"name" : "24264",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24264"
},
{
"name" : "635",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/635"
},
{
"name" : "canftool-index-xss(25437)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25437"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in ConfTool 1.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17231",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17231"
},
{
"name": "canftool-index-xss(25437)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25437"
},
{
"name": "635",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/635"
},
{
"name": "20060327 CanfTool v1.1 Cross Site Scripting Attack",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/428899/100/0/threaded"
},
{
"name": "24264",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24264"
},
{
"name": "20060328 Conftool, not Canftool; appears to be distributable",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-March/000664.html"
}
]
}
}

160
2006/1xxx/CVE-2006-1675.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1675",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) num, and (3) search parameters to (a) category.php, and the (4) slideshow, (5) show_metadata, and (6) start parameters to (b) picture.php, a different vulnerability than CVE-2006-1674."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060410 PHPWebGallery Multiple Cross Site Scripting Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/430481/100/0/threaded"
},
{
"name" : "17421",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17421"
},
{
"name" : "ADV-2006-1301",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1301"
},
{
"name" : "19610",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19610"
},
{
"name" : "phpwebgallery-category-picture-xss(25733)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25733"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) num, and (3) search parameters to (a) category.php, and the (4) slideshow, (5) show_metadata, and (6) start parameters to (b) picture.php, a different vulnerability than CVE-2006-1674."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19610",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19610"
},
{
"name": "ADV-2006-1301",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1301"
},
{
"name": "20060410 PHPWebGallery Multiple Cross Site Scripting Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430481/100/0/threaded"
},
{
"name": "phpwebgallery-category-picture-xss(25733)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25733"
},
{
"name": "17421",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17421"
}
]
}
}

170
2006/5xxx/CVE-2006-5167.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5167",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) BSX_LIBDIR parameter in scripts in /files/ including (a) abook.php3, (b) compose-attach.php3, (c) compose-menu.php3, (d) compose-new.php3, (e) compose-send.php3, (f) folder-create.php3, (g) folder-delete.php3, (h) folder-empty.php3, (i) folder-rename.php3, (j) folders.php3, (k) mbox-action.php3, (l) mbox-list.php3, (m) message-delete.php3, (n) message-forward.php3, (o) message-header.php3, (p) message-print.php3, (q) message-read.php3, (r) message-reply.php3, (s) message-replyall.php3, (t) message-search.php3, or (u) settings.php3; and the (2) BSX_HTXDIR parameter in (v) files/login.php3."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2465",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2465"
},
{
"name" : "20287",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20287"
},
{
"name" : "ADV-2006-3866",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3866"
},
{
"name" : "29403",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29403"
},
{
"name" : "22231",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22231"
},
{
"name" : "basilix-bsxlibdir-file-include(29289)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29289"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) BSX_LIBDIR parameter in scripts in /files/ including (a) abook.php3, (b) compose-attach.php3, (c) compose-menu.php3, (d) compose-new.php3, (e) compose-send.php3, (f) folder-create.php3, (g) folder-delete.php3, (h) folder-empty.php3, (i) folder-rename.php3, (j) folders.php3, (k) mbox-action.php3, (l) mbox-list.php3, (m) message-delete.php3, (n) message-forward.php3, (o) message-header.php3, (p) message-print.php3, (q) message-read.php3, (r) message-reply.php3, (s) message-replyall.php3, (t) message-search.php3, or (u) settings.php3; and the (2) BSX_HTXDIR parameter in (v) files/login.php3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22231",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22231"
},
{
"name": "basilix-bsxlibdir-file-include(29289)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29289"
},
{
"name": "20287",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20287"
},
{
"name": "2465",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2465"
},
{
"name": "ADV-2006-3866",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3866"
},
{
"name": "29403",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29403"
}
]
}
}

160
2006/5xxx/CVE-2006-5504.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5504",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) allows remote attackers to inject arbitrary web script or HTML via a base64 encoded params value in the action parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061020 Simple Machines Forum (SMF) XSS issue",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/449307/100/0/threaded"
},
{
"name" : "20061021 Re: Simple Machines Forum (SMF) XSS issue",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/449395/100/0/threaded"
},
{
"name" : "20061022 Re: Simple Machines Forum (SMF) XSS issue",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/449478/100/0/threaded"
},
{
"name" : "31070",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/31070"
},
{
"name" : "smf-base64-xss(29689)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29689"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) allows remote attackers to inject arbitrary web script or HTML via a base64 encoded params value in the action parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061020 Simple Machines Forum (SMF) XSS issue",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449307/100/0/threaded"
},
{
"name": "31070",
"refsource": "OSVDB",
"url": "http://osvdb.org/31070"
},
{
"name": "20061021 Re: Simple Machines Forum (SMF) XSS issue",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449395/100/0/threaded"
},
{
"name": "20061022 Re: Simple Machines Forum (SMF) XSS issue",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449478/100/0/threaded"
},
{
"name": "smf-base64-xss(29689)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29689"
}
]
}
}

150
2006/5xxx/CVE-2006-5623.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5623",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in ip.inc.php in Electronic Engineering Tool (EE Tool) 0.4-1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cgipath parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5623",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2667",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2667"
},
{
"name" : "20780",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20780"
},
{
"name" : "ADV-2006-4231",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4231"
},
{
"name" : "eetool-ip-file-include(29884)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29884"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in ip.inc.php in Electronic Engineering Tool (EE Tool) 0.4-1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cgipath parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20780",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20780"
},
{
"name": "2667",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2667"
},
{
"name": "eetool-ip-file-include(29884)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29884"
},
{
"name": "ADV-2006-4231",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4231"
}
]
}
}

130
2006/5xxx/CVE-2006-5985.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5985",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in admin/options.php in Extreme CMS 0.9, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) bg1, (2) bg2, (3) text, or (4) size parameters. NOTE: the provenance of this information is unknown; details are obtained from third party sources."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ADV-2006-4529",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4529"
},
{
"name" : "22919",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22919"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in admin/options.php in Extreme CMS 0.9, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) bg1, (2) bg2, (3) text, or (4) size parameters. NOTE: the provenance of this information is unknown; details are obtained from third party sources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22919",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22919"
},
{
"name": "ADV-2006-4529",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4529"
}
]
}
}

180
2007/2xxx/CVE-2007-2151.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2151",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The administration server in McAfee e-Business Server before 8.1.1 and 8.5.x before 8.5.2 allows remote attackers to cause a denial of service (service crash) via a large length value in a malformed authentication packet, which triggers a heap over-read."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070417 McAfee E-Business Admin Server Invalid Data Length DoS Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=516"
},
{
"name" : "https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=612751&command=show&forward=nonthreadedKC",
"refsource" : "CONFIRM",
"url" : "https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=612751&command=show&forward=nonthreadedKC"
},
{
"name" : "23544",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23544"
},
{
"name" : "ADV-2007-1434",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1434"
},
{
"name" : "1017929",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1017929"
},
{
"name" : "24893",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24893"
},
{
"name" : "mcafee-ebusiness-utility-dos(33730)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33730"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administration server in McAfee e-Business Server before 8.1.1 and 8.5.x before 8.5.2 allows remote attackers to cause a denial of service (service crash) via a large length value in a malformed authentication packet, which triggers a heap over-read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1434",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1434"
},
{
"name": "20070417 McAfee E-Business Admin Server Invalid Data Length DoS Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=516"
},
{
"name": "https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=612751&command=show&forward=nonthreadedKC",
"refsource": "CONFIRM",
"url": "https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=612751&command=show&forward=nonthreadedKC"
},
{
"name": "1017929",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017929"
},
{
"name": "mcafee-ebusiness-utility-dos(33730)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33730"
},
{
"name": "23544",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23544"
},
{
"name": "24893",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24893"
}
]
}
}

180
2007/2xxx/CVE-2007-2506.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2506",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070501 Disable website access for sites running Webspeed",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/467375/100/0/threaded"
},
{
"name" : "20070502 response Progress: Denial of Service attack against WebSpeed possible",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/467376/100/0/threaded"
},
{
"name" : "http://www.ishare.nl/",
"refsource" : "MISC",
"url" : "http://www.ishare.nl/"
},
{
"name" : "http://progress.atgnow.com/esprogress/resultDisplay.do?gotoLink=115&docType=1006&clusterName=CombinedCluster&contentId=12&groupId=3&answerGroup=1&score=1932&page=http%3A%2F%2Fprogress.atgnow.com%2Fesprogress%2Fdocs%2FSolutions%2FProgress%2FESERVER_P123694.xhtml&result=0&excerpt=P123694",
"refsource" : "CONFIRM",
"url" : "http://progress.atgnow.com/esprogress/resultDisplay.do?gotoLink=115&docType=1006&clusterName=CombinedCluster&contentId=12&groupId=3&answerGroup=1&score=1932&page=http%3A%2F%2Fprogress.atgnow.com%2Fesprogress%2Fdocs%2FSolutions%2FProgress%2FESERVER_P123694.xhtml&result=0&excerpt=P123694"
},
{
"name" : "23778",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23778"
},
{
"name" : "35541",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35541"
},
{
"name" : "25129",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25129"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://progress.atgnow.com/esprogress/resultDisplay.do?gotoLink=115&docType=1006&clusterName=CombinedCluster&contentId=12&groupId=3&answerGroup=1&score=1932&page=http%3A%2F%2Fprogress.atgnow.com%2Fesprogress%2Fdocs%2FSolutions%2FProgress%2FESERVER_P123694.xhtml&result=0&excerpt=P123694",
"refsource": "CONFIRM",
"url": "http://progress.atgnow.com/esprogress/resultDisplay.do?gotoLink=115&docType=1006&clusterName=CombinedCluster&contentId=12&groupId=3&answerGroup=1&score=1932&page=http%3A%2F%2Fprogress.atgnow.com%2Fesprogress%2Fdocs%2FSolutions%2FProgress%2FESERVER_P123694.xhtml&result=0&excerpt=P123694"
},
{
"name": "23778",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23778"
},
{
"name": "http://www.ishare.nl/",
"refsource": "MISC",
"url": "http://www.ishare.nl/"
},
{
"name": "20070502 response Progress: Denial of Service attack against WebSpeed possible",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/467376/100/0/threaded"
},
{
"name": "35541",
"refsource": "OSVDB",
"url": "http://osvdb.org/35541"
},
{
"name": "20070501 Disable website access for sites running Webspeed",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/467375/100/0/threaded"
},
{
"name": "25129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25129"
}
]
}
}

190
2007/2xxx/CVE-2007-2527.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2527",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in DynamicPAD before 1.03.31 allow remote attackers to execute arbitrary PHP code via a URL in the HomeDir parameter to (1) dp_logs.php or (2) index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3868",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3868"
},
{
"name" : "http://dynamicpad.org/",
"refsource" : "CONFIRM",
"url" : "http://dynamicpad.org/"
},
{
"name" : "20070508 FALSE -> DynamicPAD HomeDir RFI",
"refsource" : "VIM",
"url" : "http://attrition.org/pipermail/vim/2007-May/001591.html"
},
{
"name" : "20070508 Reneged: RE: FALSE -> DynamicPAD HomeDir RFI",
"refsource" : "VIM",
"url" : "http://attrition.org/pipermail/vim/2007-May/001593.html"
},
{
"name" : "23861",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23861"
},
{
"name" : "ADV-2007-1681",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1681"
},
{
"name" : "25176",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25176"
},
{
"name" : "dynamicpad-homedir-file-include(34125)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34125"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in DynamicPAD before 1.03.31 allow remote attackers to execute arbitrary PHP code via a URL in the HomeDir parameter to (1) dp_logs.php or (2) index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "dynamicpad-homedir-file-include(34125)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34125"
},
{
"name": "25176",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25176"
},
{
"name": "ADV-2007-1681",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1681"
},
{
"name": "20070508 FALSE -> DynamicPAD HomeDir RFI",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2007-May/001591.html"
},
{
"name": "http://dynamicpad.org/",
"refsource": "CONFIRM",
"url": "http://dynamicpad.org/"
},
{
"name": "20070508 Reneged: RE: FALSE -> DynamicPAD HomeDir RFI",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2007-May/001593.html"
},
{
"name": "23861",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23861"
},
{
"name": "3868",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3868"
}
]
}
}

180
2007/2xxx/CVE-2007-2598.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2598",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in print.php in SimpleNews 1.0.0 FINAL allows remote attackers to execute arbitrary SQL commands via the news_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2598",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3886",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3886"
},
{
"name" : "http://www.w4ck1ng.com/exploits/w4ck1ng_simplenews.txt",
"refsource" : "MISC",
"url" : "http://www.w4ck1ng.com/exploits/w4ck1ng_simplenews.txt"
},
{
"name" : "23904",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23904"
},
{
"name" : "35910",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35910"
},
{
"name" : "ADV-2007-1741",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1741"
},
{
"name" : "25223",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25223"
},
{
"name" : "simplenews-print-sql-injection(34220)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34220"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in print.php in SimpleNews 1.0.0 FINAL allows remote attackers to execute arbitrary SQL commands via the news_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.w4ck1ng.com/exploits/w4ck1ng_simplenews.txt",
"refsource": "MISC",
"url": "http://www.w4ck1ng.com/exploits/w4ck1ng_simplenews.txt"
},
{
"name": "25223",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25223"
},
{
"name": "simplenews-print-sql-injection(34220)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34220"
},
{
"name": "23904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23904"
},
{
"name": "35910",
"refsource": "OSVDB",
"url": "http://osvdb.org/35910"
},
{
"name": "3886",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3886"
},
{
"name": "ADV-2007-1741",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1741"
}
]
}
}

150
2010/0xxx/CVE-2010-0365.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0365",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in search.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allows remote attackers to inject arbitrary web script or HTML via the order parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0365",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.packetstormsecurity.com/1001-exploits/bitsvs-xssuploadrfi.txt",
"refsource" : "MISC",
"url" : "http://www.packetstormsecurity.com/1001-exploits/bitsvs-xssuploadrfi.txt"
},
{
"name" : "61827",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/61827"
},
{
"name" : "38252",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38252"
},
{
"name" : "bitsvideo-search-xss(55739)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55739"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in search.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allows remote attackers to inject arbitrary web script or HTML via the order parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bitsvideo-search-xss(55739)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55739"
},
{
"name": "38252",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38252"
},
{
"name": "61827",
"refsource": "OSVDB",
"url": "http://osvdb.org/61827"
},
{
"name": "http://www.packetstormsecurity.com/1001-exploits/bitsvs-xssuploadrfi.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.com/1001-exploits/bitsvs-xssuploadrfi.txt"
}
]
}
}

140
2010/0xxx/CVE-2010-0479.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0479",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka \"Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-0479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS10-023",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-023"
},
{
"name" : "TA10-103A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-103A.html"
},
{
"name" : "oval:org.mitre.oval:def:7141",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7141"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka \"Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS10-023",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-023"
},
{
"name": "oval:org.mitre.oval:def:7141",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7141"
},
{
"name": "TA10-103A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-103A.html"
}
]
}
}

130
2010/0xxx/CVE-2010-0503.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0503",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in iChat Server in Apple Mac OS X Server 10.5.8 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-0503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4077",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4077"
},
{
"name" : "APPLE-SA-2010-03-29-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in iChat Server in Apple Mac OS X Server 10.5.8 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
}
]
}
}

260
2010/0xxx/CVE-2010-0744.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0744",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "aMSN (aka Alvaro's Messenger) 0.98.3 and earlier, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof an MSN server via an arbitrary certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090626 aMSN SSL Certificate Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://seclists.org/bugtraq/2009/Jun/239"
},
{
"name" : "[oss-security] 20100310 CVE Request -- aMSN -- improper SSL certificate validation (MITM)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/03/10/4"
},
{
"name" : "[oss-security] 20100401 Re: CVE Request -- aMSN -- improper SSL certificate validation (MITM)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/04/01/4"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572818",
"refsource" : "MISC",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572818"
},
{
"name" : "http://amsn.svn.sourceforge.net/viewvc/amsn/trunk/?view=log&pathrev=11991",
"refsource" : "CONFIRM",
"url" : "http://amsn.svn.sourceforge.net/viewvc/amsn/trunk/?view=log&pathrev=11991"
},
{
"name" : "http://amsn.svn.sourceforge.net/viewvc/amsn/trunk/amsn/proxy.tcl?r1=11886&r2=11991&pathrev=11991",
"refsource" : "CONFIRM",
"url" : "http://amsn.svn.sourceforge.net/viewvc/amsn/trunk/amsn/proxy.tcl?r1=11886&r2=11991&pathrev=11991"
},
{
"name" : "http://amsn.svn.sourceforge.net/viewvc/amsn/trunk/amsn/sip.tcl?r1=11953&r2=11991&pathrev=11991",
"refsource" : "CONFIRM",
"url" : "http://amsn.svn.sourceforge.net/viewvc/amsn/trunk/amsn/sip.tcl?r1=11953&r2=11991&pathrev=11991"
},
{
"name" : "http://amsn.svn.sourceforge.net/viewvc/amsn/trunk/amsn/soap.tcl?r1=11891&r2=11991&pathrev=11991",
"refsource" : "CONFIRM",
"url" : "http://amsn.svn.sourceforge.net/viewvc/amsn/trunk/amsn/soap.tcl?r1=11891&r2=11991&pathrev=11991"
},
{
"name" : "http://www.opensource-archive.org/showthread.php?p=183821",
"refsource" : "CONFIRM",
"url" : "http://www.opensource-archive.org/showthread.php?p=183821"
},
{
"name" : "FEDORA-2010-7373",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041046.html"
},
{
"name" : "FEDORA-2010-7378",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041079.html"
},
{
"name" : "35507",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35507"
},
{
"name" : "35621",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35621"
},
{
"name" : "39796",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39796"
},
{
"name" : "ADV-2010-1109",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1109"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "aMSN (aka Alvaro's Messenger) 0.98.3 and earlier, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof an MSN server via an arbitrary certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2010-7373",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041046.html"
},
{
"name": "http://amsn.svn.sourceforge.net/viewvc/amsn/trunk/?view=log&pathrev=11991",
"refsource": "CONFIRM",
"url": "http://amsn.svn.sourceforge.net/viewvc/amsn/trunk/?view=log&pathrev=11991"
},
{
"name": "[oss-security] 20100310 CVE Request -- aMSN -- improper SSL certificate validation (MITM)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/03/10/4"
},
{
"name": "39796",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39796"
},
{
"name": "http://amsn.svn.sourceforge.net/viewvc/amsn/trunk/amsn/sip.tcl?r1=11953&r2=11991&pathrev=11991",
"refsource": "CONFIRM",
"url": "http://amsn.svn.sourceforge.net/viewvc/amsn/trunk/amsn/sip.tcl?r1=11953&r2=11991&pathrev=11991"
},
{
"name": "http://amsn.svn.sourceforge.net/viewvc/amsn/trunk/amsn/proxy.tcl?r1=11886&r2=11991&pathrev=11991",
"refsource": "CONFIRM",
"url": "http://amsn.svn.sourceforge.net/viewvc/amsn/trunk/amsn/proxy.tcl?r1=11886&r2=11991&pathrev=11991"
},
{
"name": "35507",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35507"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572818",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572818"
},
{
"name": "[oss-security] 20100401 Re: CVE Request -- aMSN -- improper SSL certificate validation (MITM)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/04/01/4"
},
{
"name": "20090626 aMSN SSL Certificate Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2009/Jun/239"
},
{
"name": "http://www.opensource-archive.org/showthread.php?p=183821",
"refsource": "CONFIRM",
"url": "http://www.opensource-archive.org/showthread.php?p=183821"
},
{
"name": "http://amsn.svn.sourceforge.net/viewvc/amsn/trunk/amsn/soap.tcl?r1=11891&r2=11991&pathrev=11991",
"refsource": "CONFIRM",
"url": "http://amsn.svn.sourceforge.net/viewvc/amsn/trunk/amsn/soap.tcl?r1=11891&r2=11991&pathrev=11991"
},
{
"name": "35621",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35621"
},
{
"name": "ADV-2010-1109",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1109"
},
{
"name": "FEDORA-2010-7378",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041079.html"
}
]
}
}

140
2010/3xxx/CVE-2010-3004.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3004",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windows allows remote attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2010-3004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMA02572",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02497800"
},
{
"name" : "SSRT100082",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02497800"
},
{
"name" : "41277",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41277"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windows allows remote attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBMA02572",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02497800"
},
{
"name": "41277",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41277"
},
{
"name": "SSRT100082",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02497800"
}
]
}
}

150
2010/3xxx/CVE-2010-3208.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3208",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in ajax.php in Wiccle Web Builder (WWB) 1.00 and 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the post_text parameter in a site custom_search action to index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3208",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.packetstormsecurity.com/1008-exploits/wiccle-xss.txt",
"refsource" : "MISC",
"url" : "http://www.packetstormsecurity.com/1008-exploits/wiccle-xss.txt"
},
{
"name" : "67691",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/67691"
},
{
"name" : "41191",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41191"
},
{
"name" : "wicclewebbuilder-posttext-xss(61466)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61466"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ajax.php in Wiccle Web Builder (WWB) 1.00 and 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the post_text parameter in a site custom_search action to index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.packetstormsecurity.com/1008-exploits/wiccle-xss.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.com/1008-exploits/wiccle-xss.txt"
},
{
"name": "67691",
"refsource": "OSVDB",
"url": "http://osvdb.org/67691"
},
{
"name": "41191",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41191"
},
{
"name": "wicclewebbuilder-posttext-xss(61466)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61466"
}
]
}
}

120
2010/3xxx/CVE-2010-3980.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3980",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the number of CUIDs that may be requested, which allows remote authenticated users to cause a denial of service via a large numCuids value in a GenerateCuids SOAPAction to the dswsbobje/services/biplatform URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf",
"refsource" : "MISC",
"url" : "http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the number of CUIDs that may be requested, which allows remote authenticated users to cause a denial of service via a large numCuids value in a GenerateCuids SOAPAction to the dswsbobje/services/biplatform URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf",
"refsource": "MISC",
"url": "http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf"
}
]
}
}

310
2010/4xxx/CVE-2010-4257.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4257",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.sjinks.pro/wordpress/858-information-disclosure-via-sql-injection-attack/",
"refsource" : "MISC",
"url" : "http://blog.sjinks.pro/wordpress/858-information-disclosure-via-sql-injection-attack/"
},
{
"name" : "http://www.xakep.ru/magazine/xa/124/052/1.asp",
"refsource" : "MISC",
"url" : "http://www.xakep.ru/magazine/xa/124/052/1.asp"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605603",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605603"
},
{
"name" : "http://codex.wordpress.org/Version_3.0.2",
"refsource" : "CONFIRM",
"url" : "http://codex.wordpress.org/Version_3.0.2"
},
{
"name" : "http://core.trac.wordpress.org/changeset/16625",
"refsource" : "CONFIRM",
"url" : "http://core.trac.wordpress.org/changeset/16625"
},
{
"name" : "http://wordpress.org/news/2010/11/wordpress-3-0-2/",
"refsource" : "CONFIRM",
"url" : "http://wordpress.org/news/2010/11/wordpress-3-0-2/"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=659265",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=659265"
},
{
"name" : "DSA-2138",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2138"
},
{
"name" : "FEDORA-2010-19290",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052892.html"
},
{
"name" : "FEDORA-2010-19296",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052879.html"
},
{
"name" : "FEDORA-2010-19329",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052932.html"
},
{
"name" : "FEDORA-2010-19330",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052917.html"
},
{
"name" : "45131",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45131"
},
{
"name" : "42431",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42431"
},
{
"name" : "42753",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42753"
},
{
"name" : "42844",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42844"
},
{
"name" : "42871",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42871"
},
{
"name" : "ADV-2010-3337",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3337"
},
{
"name" : "ADV-2011-0042",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0042"
},
{
"name" : "ADV-2011-0057",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0057"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42844",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42844"
},
{
"name": "http://wordpress.org/news/2010/11/wordpress-3-0-2/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/news/2010/11/wordpress-3-0-2/"
},
{
"name": "DSA-2138",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2138"
},
{
"name": "FEDORA-2010-19329",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052932.html"
},
{
"name": "42753",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42753"
},
{
"name": "http://blog.sjinks.pro/wordpress/858-information-disclosure-via-sql-injection-attack/",
"refsource": "MISC",
"url": "http://blog.sjinks.pro/wordpress/858-information-disclosure-via-sql-injection-attack/"
},
{
"name": "FEDORA-2010-19290",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052892.html"
},
{
"name": "42871",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42871"
},
{
"name": "ADV-2010-3337",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3337"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605603",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605603"
},
{
"name": "http://core.trac.wordpress.org/changeset/16625",
"refsource": "CONFIRM",
"url": "http://core.trac.wordpress.org/changeset/16625"
},
{
"name": "http://www.xakep.ru/magazine/xa/124/052/1.asp",
"refsource": "MISC",
"url": "http://www.xakep.ru/magazine/xa/124/052/1.asp"
},
{
"name": "45131",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45131"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=659265",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=659265"
},
{
"name": "FEDORA-2010-19296",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052879.html"
},
{
"name": "FEDORA-2010-19330",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052917.html"
},
{
"name": "42431",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42431"
},
{
"name": "http://codex.wordpress.org/Version_3.0.2",
"refsource": "CONFIRM",
"url": "http://codex.wordpress.org/Version_3.0.2"
},
{
"name": "ADV-2011-0042",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0042"
},
{
"name": "ADV-2011-0057",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0057"
}
]
}
}

180
2010/4xxx/CVE-2010-4626.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4626",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/10/08/7"
},
{
"name" : "[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/10/11/8"
},
{
"name" : "[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/12/06/2"
},
{
"name" : "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/",
"refsource" : "CONFIRM",
"url" : "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/"
},
{
"name" : "http://dev.mybboard.net/issues/843",
"refsource" : "CONFIRM",
"url" : "http://dev.mybboard.net/issues/843"
},
{
"name" : "http://dev.mybboard.net/projects/mybb/repository/revisions/4872",
"refsource" : "CONFIRM",
"url" : "http://dev.mybboard.net/projects/mybb/repository/revisions/4872"
},
{
"name" : "mybb-myrand-unauth-access(64516)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64516"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dev.mybboard.net/issues/843",
"refsource": "CONFIRM",
"url": "http://dev.mybboard.net/issues/843"
},
{
"name": "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/",
"refsource": "CONFIRM",
"url": "http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/"
},
{
"name": "[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/10/08/7"
},
{
"name": "mybb-myrand-unauth-access(64516)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64516"
},
{
"name": "http://dev.mybboard.net/projects/mybb/repository/revisions/4872",
"refsource": "CONFIRM",
"url": "http://dev.mybboard.net/projects/mybb/repository/revisions/4872"
},
{
"name": "[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/10/11/8"
},
{
"name": "[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/12/06/2"
}
]
}
}

540
2014/0xxx/CVE-2014-0096.json
View File

@ -1,272 +1,272 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0096",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name" : "20140527 [SECURITY] CVE-2014-0096 Apache Tomcat information disclosure",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/May/135"
},
{
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1578610",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1578610"
},
{
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1578611",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1578611"
},
{
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1578637",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1578637"
},
{
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1578655",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1578655"
},
{
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1585853",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1585853"
},
{
"name" : "http://tomcat.apache.org/security-6.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-6.html"
},
{
"name" : "http://tomcat.apache.org/security-7.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-7.html"
},
{
"name" : "http://tomcat.apache.org/security-8.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-8.html"
},
{
"name" : "http://www.novell.com/support/kb/doc.php?id=7010166",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/kb/doc.php?id=7010166"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21678231",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2014-0865.html",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2014-0865.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681528",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name" : "http://advisories.mageia.org/MGASA-2014-0268.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2014-0268.html"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013",
"refsource" : "CONFIRM",
"url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name" : "DSA-3530",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3530"
},
{
"name" : "DSA-3552",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3552"
},
{
"name" : "FEDORA-2015-2109",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html"
},
{
"name" : "HPSBOV03503",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=144498216801440&w=2"
},
{
"name" : "HPSBUX03102",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=141017844705317&w=2"
},
{
"name" : "SSRT101681",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=141017844705317&w=2"
},
{
"name" : "MDVSA-2015:052",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"
},
{
"name" : "MDVSA-2015:053",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"
},
{
"name" : "MDVSA-2015:084",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
},
{
"name" : "RHSA-2015:0675",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"name" : "RHSA-2015:0720",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
},
{
"name" : "RHSA-2015:0765",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
},
{
"name" : "67667",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67667"
},
{
"name" : "1030301",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030301"
},
{
"name" : "59616",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59616"
},
{
"name" : "59678",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59678"
},
{
"name" : "59835",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59835"
},
{
"name" : "59873",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59873"
},
{
"name" : "59732",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59732"
},
{
"name" : "59849",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59849"
},
{
"name" : "60729",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60729"
},
{
"name" : "59121",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59121"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://advisories.mageia.org/MGASA-2014-0268.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0268.html"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7010166",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7010166"
},
{
"name": "67667",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67667"
},
{
"name": "59121",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59121"
},
{
"name": "RHSA-2015:0765",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
},
{
"name": "59732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59732"
},
{
"name": "59835",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59835"
},
{
"name": "RHSA-2015:0675",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
},
{
"name": "MDVSA-2015:052",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"
},
{
"name": "RHSA-2015:0720",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
},
{
"name": "59849",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59849"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-0865.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-0865.html"
},
{
"name": "http://svn.apache.org/viewvc?view=revision&revision=1578637",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1578637"
},
{
"name": "MDVSA-2015:084",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
},
{
"name": "1030301",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030301"
},
{
"name": "DSA-3530",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3530"
},
{
"name": "59678",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59678"
},
{
"name": "HPSBUX03102",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=141017844705317&w=2"
},
{
"name": "http://tomcat.apache.org/security-7.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "MDVSA-2015:053",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "FEDORA-2015-2109",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html"
},
{
"name": "http://tomcat.apache.org/security-8.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-8.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
},
{
"name": "http://svn.apache.org/viewvc?view=revision&revision=1585853",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1585853"
},
{
"name": "59616",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59616"
},
{
"name": "20140527 [SECURITY] CVE-2014-0096 Apache Tomcat information disclosure",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/May/135"
},
{
"name": "http://tomcat.apache.org/security-6.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-6.html"
},
{
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "http://svn.apache.org/viewvc?view=revision&revision=1578655",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1578655"
},
{
"name": "59873",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59873"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "HPSBOV03503",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=144498216801440&w=2"
},
{
"name": "SSRT101681",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=141017844705317&w=2"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "http://svn.apache.org/viewvc?view=revision&revision=1578610",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1578610"
},
{
"name": "http://svn.apache.org/viewvc?view=revision&revision=1578611",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1578611"
},
{
"name": "DSA-3552",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3552"
},
{
"name": "60729",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60729"
}
]
}
}

120
2014/0xxx/CVE-2014-0326.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0326",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Pilot Below Deck Equipment (BDE) and OpenPort implementations on Iridium satellite terminals allow remote attackers to read hardcoded credentials via the web interface."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-0326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#578598",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/578598"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Pilot Below Deck Equipment (BDE) and OpenPort implementations on Iridium satellite terminals allow remote attackers to read hardcoded credentials via the web interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#578598",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/578598"
}
]
}
}

34
2014/4xxx/CVE-2014-4181.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4181",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4181",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/4xxx/CVE-2014-4182.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4182",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4182",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/8xxx/CVE-2014-8035.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8035",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web framework in Cisco WebEx Meetings Server produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCuj40247."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-8035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150109 Cisco WebEx Meetings Server User Enumeration Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8035"
},
{
"name" : "71980",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71980"
},
{
"name" : "cisco-webex-cve20148035-info-disc(100662)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100662"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web framework in Cisco WebEx Meetings Server produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCuj40247."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-webex-cve20148035-info-disc(100662)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100662"
},
{
"name": "20150109 Cisco WebEx Meetings Server User Enumeration Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8035"
},
{
"name": "71980",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71980"
}
]
}
}

34
2014/8xxx/CVE-2014-8979.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8979",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-8979",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

130
2014/9xxx/CVE-2014-9252.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9252",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Zenoss Core through 5 Beta 3 stores cleartext passwords in the session database, which might allow local users to obtain sensitive information by reading database entries, aka ZEN-15416."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-9252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing",
"refsource" : "CONFIRM",
"url" : "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing"
},
{
"name" : "VU#449452",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/449452"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zenoss Core through 5 Beta 3 stores cleartext passwords in the session database, which might allow local users to obtain sensitive information by reading database entries, aka ZEN-15416."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#449452",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/449452"
},
{
"name": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing",
"refsource": "CONFIRM",
"url": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing"
}
]
}
}

120
2014/9xxx/CVE-2014-9354.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9354",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NetApp OnCommand Balance before 4.2P3 allows local users to obtain sensitive information via unspecified vectors related to cleartext storage."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9354",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kb.netapp.com/support/index?page=content&id=9010021",
"refsource" : "CONFIRM",
"url" : "https://kb.netapp.com/support/index?page=content&id=9010021"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetApp OnCommand Balance before 4.2P3 allows local users to obtain sensitive information via unspecified vectors related to cleartext storage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.netapp.com/support/index?page=content&id=9010021",
"refsource": "CONFIRM",
"url": "https://kb.netapp.com/support/index?page=content&id=9010021"
}
]
}
}

130
2014/9xxx/CVE-2014-9424.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9424",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext function in d1_srtp.c in LibreSSL before 2.1.2 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a certain length-verification error during processing of a DTLS handshake."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://code.google.com/p/google-security-research/issues/detail?id=202",
"refsource" : "MISC",
"url" : "https://code.google.com/p/google-security-research/issues/detail?id=202"
},
{
"name" : "https://github.com/robertbachmann/openbsd-libssl/commit/62a110d447bb8c16a4c69629e28a42e8c39fd7e0",
"refsource" : "CONFIRM",
"url" : "https://github.com/robertbachmann/openbsd-libssl/commit/62a110d447bb8c16a4c69629e28a42e8c39fd7e0"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext function in d1_srtp.c in LibreSSL before 2.1.2 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a certain length-verification error during processing of a DTLS handshake."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/robertbachmann/openbsd-libssl/commit/62a110d447bb8c16a4c69629e28a42e8c39fd7e0",
"refsource": "CONFIRM",
"url": "https://github.com/robertbachmann/openbsd-libssl/commit/62a110d447bb8c16a4c69629e28a42e8c39fd7e0"
},
{
"name": "https://code.google.com/p/google-security-research/issues/detail?id=202",
"refsource": "MISC",
"url": "https://code.google.com/p/google-security-research/issues/detail?id=202"
}
]
}
}

140
2014/9xxx/CVE-2014-9782.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9782",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate direction and step parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28431531 and Qualcomm internal bug CR511349."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2014-9782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=2e57a46ab2ba7299d99d9cdc1382bd1e612963fb",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=2e57a46ab2ba7299d99d9cdc1382bd1e612963fb"
},
{
"name" : "91628",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91628"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate direction and step parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28431531 and Qualcomm internal bug CR511349."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91628",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91628"
},
{
"name": "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=2e57a46ab2ba7299d99d9cdc1382bd1e612963fb",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=2e57a46ab2ba7299d99d9cdc1382bd1e612963fb"
}
]
}
}

140
2014/9xxx/CVE-2014-9903.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9903",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The sched_read_attr function in kernel/sched/core.c in the Linux kernel 3.14-rc before 3.14-rc4 uses an incorrect size, which allows local users to obtain sensitive information from kernel stack memory via a crafted sched_getattr system call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2014-9903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4efbc454ba68def5ef285b26ebfcfdb605b52755",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4efbc454ba68def5ef285b26ebfcfdb605b52755"
},
{
"name" : "https://github.com/torvalds/linux/commit/4efbc454ba68def5ef285b26ebfcfdb605b52755",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/4efbc454ba68def5ef285b26ebfcfdb605b52755"
},
{
"name" : "91511",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91511"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sched_read_attr function in kernel/sched/core.c in the Linux kernel 3.14-rc before 3.14-rc4 uses an incorrect size, which allows local users to obtain sensitive information from kernel stack memory via a crafted sched_getattr system call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4efbc454ba68def5ef285b26ebfcfdb605b52755",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4efbc454ba68def5ef285b26ebfcfdb605b52755"
},
{
"name": "https://github.com/torvalds/linux/commit/4efbc454ba68def5ef285b26ebfcfdb605b52755",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/4efbc454ba68def5ef285b26ebfcfdb605b52755"
},
{
"name": "91511",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91511"
}
]
}
}

220
2016/2xxx/CVE-2016-2848.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2848",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via malformed options data in an OPT resource record."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1385450",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1385450"
},
{
"name" : "https://kb.isc.org/article/AA-01433/74/CVE-2016-2848",
"refsource" : "CONFIRM",
"url" : "https://kb.isc.org/article/AA-01433/74/CVE-2016-2848"
},
{
"name" : "https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=4adf97c32fcca7d00e5756607fd045f2aab9c3d4",
"refsource" : "CONFIRM",
"url" : "https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=4adf97c32fcca7d00e5756607fd045f2aab9c3d4"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180926-0002/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180926-0002/"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180926-0005/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180926-0005/"
},
{
"name" : "RHSA-2016:2093",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2093.html"
},
{
"name" : "RHSA-2016:2094",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2094.html"
},
{
"name" : "RHSA-2016:2099",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2099.html"
},
{
"name" : "93809",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93809"
},
{
"name" : "93814",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93814"
},
{
"name" : "1037073",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037073"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via malformed options data in an OPT resource record."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:2093",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2093.html"
},
{
"name": "1037073",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037073"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180926-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180926-0005/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180926-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180926-0002/"
},
{
"name": "https://kb.isc.org/article/AA-01433/74/CVE-2016-2848",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-01433/74/CVE-2016-2848"
},
{
"name": "RHSA-2016:2094",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2094.html"
},
{
"name": "RHSA-2016:2099",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2099.html"
},
{
"name": "93809",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93809"
},
{
"name": "https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=4adf97c32fcca7d00e5756607fd045f2aab9c3d4",
"refsource": "CONFIRM",
"url": "https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=4adf97c32fcca7d00e5756607fd045f2aab9c3d4"
},
{
"name": "93814",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93814"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1385450",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385450"
}
]
}
}

220
2016/3xxx/CVE-2016-3023.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-3023",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Access Manager",
"version" : {
"version_data" : [
{
"version_value" : "9.0"
},
{
"version_value" : "9.0.0.1"
},
{
"version_value" : "9.0.1"
},
{
"version_value" : "7.0.0"
},
{
"version_value" : "8.0.0"
},
{
"version_value" : "8.0.0.1"
},
{
"version_value" : "8.0.0.2"
},
{
"version_value" : "8.0.0.3"
},
{
"version_value" : "8.0.0.4"
},
{
"version_value" : "8.0.0.5"
},
{
"version_value" : "8.0.1"
},
{
"version_value" : "8.0.1.2"
},
{
"version_value" : "8.0.1.3"
},
{
"version_value" : "8.0.1.4"
},
{
"version_value" : "9.0.0"
},
{
"version_value" : "9.0.1.0"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-3023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0"
},
{
"version_value": "9.0.0.1"
},
{
"version_value": "9.0.1"
},
{
"version_value": "7.0.0"
},
{
"version_value": "8.0.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "9.0.0"
},
{
"version_value": "9.0.1.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21995348",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21995348"
},
{
"name" : "96124",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96124"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21995348",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995348"
},
{
"name": "96124",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96124"
}
]
}
}

120
2016/3xxx/CVE-2016-3102.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3102",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set array operations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-04-11",
"refsource" : "CONFIRM",
"url" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-04-11"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set array operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-04-11",
"refsource": "CONFIRM",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-04-11"
}
]
}
}

34
2016/3xxx/CVE-2016-3662.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3662",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3662",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

300
2016/3xxx/CVE-2016-3718.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3718",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160513 May 2016 - HipChat Server - Critical Security Advisory",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/538378/100/0/threaded"
},
{
"name" : "39767",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/39767/"
},
{
"name" : "[oss-security] 20160504 Re: ImageMagick Is On Fire -- CVE-2016-3714",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/05/03/18"
},
{
"name" : "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
},
{
"name" : "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog",
"refsource" : "CONFIRM",
"url" : "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"
},
{
"name" : "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588",
"refsource" : "CONFIRM",
"url" : "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588"
},
{
"name" : "https://www.imagemagick.org/script/changelog.php",
"refsource" : "CONFIRM",
"url" : "https://www.imagemagick.org/script/changelog.php"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name" : "DSA-3580",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3580"
},
{
"name" : "GLSA-201611-21",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201611-21"
},
{
"name" : "RHSA-2016:0726",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0726.html"
},
{
"name" : "SSA:2016-132-01",
"refsource" : "SLACKWARE",
"url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568"
},
{
"name" : "SUSE-SU-2016:1260",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"
},
{
"name" : "openSUSE-SU-2016:1261",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"
},
{
"name" : "openSUSE-SU-2016:1266",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"
},
{
"name" : "SUSE-SU-2016:1275",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"
},
{
"name" : "openSUSE-SU-2016:1326",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html"
},
{
"name" : "USN-2990-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2990-1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog",
"refsource": "CONFIRM",
"url": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"
},
{
"name": "openSUSE-SU-2016:1266",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588",
"refsource": "CONFIRM",
"url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588"
},
{
"name": "openSUSE-SU-2016:1326",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html"
},
{
"name": "USN-2990-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2990-1"
},
{
"name": "openSUSE-SU-2016:1261",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"
},
{
"name": "20160513 May 2016 - HipChat Server - Critical Security Advisory",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538378/100/0/threaded"
},
{
"name": "39767",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39767/"
},
{
"name": "SUSE-SU-2016:1260",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"
},
{
"name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "[oss-security] 20160504 Re: ImageMagick Is On Fire -- CVE-2016-3714",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/03/18"
},
{
"name": "GLSA-201611-21",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-21"
},
{
"name": "SUSE-SU-2016:1275",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"
},
{
"name": "SSA:2016-132-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568"
},
{
"name": "https://www.imagemagick.org/script/changelog.php",
"refsource": "CONFIRM",
"url": "https://www.imagemagick.org/script/changelog.php"
},
{
"name": "DSA-3580",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3580"
},
{
"name": "RHSA-2016:0726",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0726.html"
}
]
}
}

120
2016/3xxx/CVE-2016-3797.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3797",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Qualcomm Wi-Fi driver in Android before 2016-07-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28085680 and Qualcomm internal bug CR1001450."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-07-01.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Qualcomm Wi-Fi driver in Android before 2016-07-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28085680 and Qualcomm internal bug CR1001450."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
}
]
}
}

140
2016/3xxx/CVE-2016-3917.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3917",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The fingerprint login feature in Android 6.0.1 before 2016-10-01 and 7.0 before 2016-10-01 does not track the user account during the authentication process, which allows physically proximate attackers to authenticate as an arbitrary user by leveraging lockscreen access, aka internal bug 30744668."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-10-01.html"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/base/+/f5334952131afa835dd3f08601fb3bced7b781cd",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/base/+/f5334952131afa835dd3f08601fb3bced7b781cd"
},
{
"name" : "93298",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93298"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The fingerprint login feature in Android 6.0.1 before 2016-10-01 and 7.0 before 2016-10-01 does not track the user account during the authentication process, which allows physically proximate attackers to authenticate as an arbitrary user by leveraging lockscreen access, aka internal bug 30744668."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93298",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93298"
},
{
"name": "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-10-01.html"
},
{
"name": "https://android.googlesource.com/platform/frameworks/base/+/f5334952131afa835dd3f08601fb3bced7b781cd",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/base/+/f5334952131afa835dd3f08601fb3bced7b781cd"
}
]
}
}

170
2016/6xxx/CVE-2016-6510.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6510",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6510",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160728 CVE request: Wireshark 2.0.5 and 1.12.13 security releases",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2016/07/28/3"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2016-46.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2016-46.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12664",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12664"
},
{
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=47a5fa850b388fcf4ea762073806f01b459820fe",
"refsource" : "CONFIRM",
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=47a5fa850b388fcf4ea762073806f01b459820fe"
},
{
"name" : "DSA-3648",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3648"
},
{
"name" : "1036480",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036480"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160728 CVE request: Wireshark 2.0.5 and 1.12.13 security releases",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2016/07/28/3"
},
{
"name": "DSA-3648",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3648"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12664",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12664"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2016-46.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2016-46.html"
},
{
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=47a5fa850b388fcf4ea762073806f01b459820fe",
"refsource": "CONFIRM",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=47a5fa850b388fcf4ea762073806f01b459820fe"
},
{
"name": "1036480",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036480"
}
]
}
}

220
2016/7xxx/CVE-2016-7166.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7166",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160908 CVE request: libarchive (pre 3.2.0) denial of service with gzip quine",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/09/08/15"
},
{
"name" : "[oss-security] 20160908 Re: CVE request: libarchive (pre 3.2.0) denial of service with gzip quine",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/09/08/18"
},
{
"name" : "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207362",
"refsource" : "CONFIRM",
"url" : "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207362"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1347086",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1347086"
},
{
"name" : "https://github.com/libarchive/libarchive/commit/6e06b1c89dd0d16f74894eac4cfc1327a06ee4a0",
"refsource" : "CONFIRM",
"url" : "https://github.com/libarchive/libarchive/commit/6e06b1c89dd0d16f74894eac4cfc1327a06ee4a0"
},
{
"name" : "https://github.com/libarchive/libarchive/issues/660",
"refsource" : "CONFIRM",
"url" : "https://github.com/libarchive/libarchive/issues/660"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name" : "GLSA-201701-03",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-03"
},
{
"name" : "RHSA-2016:1844",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1844.html"
},
{
"name" : "RHSA-2016:1850",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1850.html"
},
{
"name" : "92901",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92901"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:1844",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1844.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "[oss-security] 20160908 Re: CVE request: libarchive (pre 3.2.0) denial of service with gzip quine",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/08/18"
},
{
"name": "https://github.com/libarchive/libarchive/commit/6e06b1c89dd0d16f74894eac4cfc1327a06ee4a0",
"refsource": "CONFIRM",
"url": "https://github.com/libarchive/libarchive/commit/6e06b1c89dd0d16f74894eac4cfc1327a06ee4a0"
},
{
"name": "https://github.com/libarchive/libarchive/issues/660",
"refsource": "CONFIRM",
"url": "https://github.com/libarchive/libarchive/issues/660"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1347086",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1347086"
},
{
"name": "RHSA-2016:1850",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1850.html"
},
{
"name": "[oss-security] 20160908 CVE request: libarchive (pre 3.2.0) denial of service with gzip quine",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/08/15"
},
{
"name": "GLSA-201701-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-03"
},
{
"name": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207362",
"refsource": "CONFIRM",
"url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207362"
},
{
"name": "92901",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92901"
}
]
}
}

140
2016/7xxx/CVE-2016-7273.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2016-7273",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Graphics component in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka \"Windows Graphics Remote Code Execution Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-146",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-146"
},
{
"name" : "94752",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94752"
},
{
"name" : "1037438",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037438"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Graphics component in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka \"Windows Graphics Remote Code Execution Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037438",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037438"
},
{
"name": "MS16-146",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-146"
},
{
"name": "94752",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94752"
}
]
}
}

34
2016/7xxx/CVE-2016-7324.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7324",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7324",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

130
2016/8xxx/CVE-2016-8352.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2016-8352",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Schneider Electric ConneXium TCSEFEC2*",
"version" : {
"version_data" : [
{
"version_value" : "Schneider Electric ConneXium TCSEFEC2*"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20 all versions. A stack-based buffer overflow can be triggered during the SNMP login authentication process that may allow an attacker to remotely execute code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Schneider Electric ConneXium Buffer Overflow Vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-8352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Schneider Electric ConneXium TCSEFEC2*",
"version": {
"version_data": [
{
"version_value": "Schneider Electric ConneXium TCSEFEC2*"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-306-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-306-01"
},
{
"name" : "94062",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94062"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20 all versions. A stack-based buffer overflow can be triggered during the SNMP login authentication process that may allow an attacker to remotely execute code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Schneider Electric ConneXium Buffer Overflow Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94062",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94062"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-306-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-306-01"
}
]
}
}