admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:53:43 +00:00
parent a3361a1f5a
commit f337501d11
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 3269 additions and 3269 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
2006/0xxx/CVE-2006-0332.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0332", "ID": "CVE-2006-0332",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Pantomime in Ecartis 1.0.0 snapshot 20050909 stores e-mail attachments in a publicly accessible directory, which may allow remote attackers to upload arbitrary files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[listar-dev] 20060115 [EDev] Re: Potential vulnerability -- who to contact?", "description_data": [
"refsource" : "MLIST", {
"url" : "http://marc.info/?l=listar-dev&m=113732552708625&w=2" "lang": "eng",
}, "value": "Pantomime in Ecartis 1.0.0 snapshot 20050909 stores e-mail attachments in a publicly accessible directory, which may allow remote attackers to upload arbitrary files."
{ }
"name" : "[listar-dev] 20060119 [EDev] Re: Potential vulnerability -- who to contact?", ]
"refsource" : "MLIST", },
"url" : "http://marc.info/?l=listar-dev&m=113770802408358&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16317", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16317" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-0260", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/0260" ]
}, },
{ "references": {
"name" : "18524", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18524" "name": "[listar-dev] 20060119 [EDev] Re: Potential vulnerability -- who to contact?",
}, "refsource": "MLIST",
{ "url": "http://marc.info/?l=listar-dev&m=113770802408358&w=2"
"name" : "ecartis-pantomime-bypass-security(24220)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24220" "name": "18524",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/18524"
} },
} {
"name": "ADV-2006-0260",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0260"
},
{
"name": "[listar-dev] 20060115 [EDev] Re: Potential vulnerability -- who to contact?",
"refsource": "MLIST",
"url": "http://marc.info/?l=listar-dev&m=113732552708625&w=2"
},
{
"name": "16317",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16317"
},
{
"name": "ecartis-pantomime-bypass-security(24220)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24220"
}
]
}
}

200
2006/0xxx/CVE-2006-0642.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0642", "ID": "CVE-2006-0642",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Trend Micro ServerProtect 5.58, and possibly InterScan Messaging Security Suite and InterScan Web Security Suite, have a default configuration setting of \"Do not scan compressed files when Extracted file count exceeds 500 files,\" which may be too low in certain circumstances, which allows remote attackers to bypass anti-virus checks by sending compressed archives containing many small files. NOTE: since this is related to a configuration setting that has an operational impact that might vary depending on the environment, and the product is claimed to report a message when the compressed file exceeds specified limits, perhaps this should not be included in CVE."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060203 Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan.", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/423896/100/0/threaded" "lang": "eng",
}, "value": "Trend Micro ServerProtect 5.58, and possibly InterScan Messaging Security Suite and InterScan Web Security Suite, have a default configuration setting of \"Do not scan compressed files when Extracted file count exceeds 500 files,\" which may be too low in certain circumstances, which allows remote attackers to bypass anti-virus checks by sending compressed archives containing many small files. NOTE: since this is related to a configuration setting that has an operational impact that might vary depending on the environment, and the product is claimed to report a message when the compressed file exceeds specified limits, perhaps this should not be included in CVE."
{ }
"name" : "20060203 Re: Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan.", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/423914/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20060203 Re: Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan.", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/423913/100/0/threaded" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20060205 RE: Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan.", ]
"refsource" : "BUGTRAQ", }
"url" : "http://www.securityfocus.com/archive/1/424172/100/0/threaded" ]
}, },
{ "references": {
"name" : "20060206 Fwd: Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan.", "reference_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/424598/100/0/threaded" "name": "http://www.packetstormsecurity.org/0602-advisories/Bypass.pdf",
}, "refsource": "MISC",
{ "url": "http://www.packetstormsecurity.org/0602-advisories/Bypass.pdf"
"name" : "http://www.packetstormsecurity.org/0602-advisories/Bypass.pdf", },
"refsource" : "MISC", {
"url" : "http://www.packetstormsecurity.org/0602-advisories/Bypass.pdf" "name": "20060206 Fwd: Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan.",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/424598/100/0/threaded"
"name" : "http://www.packetstormsecurity.org/filedesc/Bypass.pdf.html", },
"refsource" : "MISC", {
"url" : "http://www.packetstormsecurity.org/filedesc/Bypass.pdf.html" "name": "20060203 Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan.",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/423896/100/0/threaded"
"name" : "16483", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16483" "name": "16483",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/16483"
"name" : "serverprotect-file-scanning-bypass(24658)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24658" "name": "20060205 RE: Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan.",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/424172/100/0/threaded"
} },
} {
"name": "serverprotect-file-scanning-bypass(24658)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24658"
},
{
"name": "20060203 Re: Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423914/100/0/threaded"
},
{
"name": "http://www.packetstormsecurity.org/filedesc/Bypass.pdf.html",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.org/filedesc/Bypass.pdf.html"
},
{
"name": "20060203 Re: Trend Micro ServerProtect version 5.58 can be easily circumvented via the mechanism that limits how many files to scan.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423913/100/0/threaded"
}
]
}
}

160
2006/0xxx/CVE-2006-0649.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0649", "ID": "CVE-2006-0649",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in DataparkSearch before 4.37 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.dataparksearch.org/ChangeLog", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.dataparksearch.org/ChangeLog" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in DataparkSearch before 4.37 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "16572", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/16572" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-0488", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0488" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "18751", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/18751" ]
}, },
{ "references": {
"name" : "dataparksearch-scripts-xss(24627)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24627" "name": "18751",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/18751"
} },
} {
"name": "dataparksearch-scripts-xss(24627)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24627"
},
{
"name": "http://www.dataparksearch.org/ChangeLog",
"refsource": "CONFIRM",
"url": "http://www.dataparksearch.org/ChangeLog"
},
{
"name": "16572",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16572"
},
{
"name": "ADV-2006-0488",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0488"
}
]
}
}

170
2006/1xxx/CVE-2006-1602.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1602", "ID": "CVE-2006-1602",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in includes/functions_common.php in the VWar Account module (vWar_Account) in PHPNuke Clan 3.0.1 allows remote attackers to include arbitrary files via a URL in the vwar_root2 parameter. NOTE: it is possible that this issue stems from a problem in VWar itself, but this is not clear."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060401 PHPNuke-Clan 3.0.1 Remote File Inclusion Exploit", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/429615/100/0/threaded" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in includes/functions_common.php in the VWar Account module (vWar_Account) in PHPNuke Clan 3.0.1 allows remote attackers to include arbitrary files via a URL in the vwar_root2 parameter. NOTE: it is possible that this issue stems from a problem in VWar itself, but this is not clear."
{ }
"name" : "17356", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/17356" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-1202", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1202" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "24481", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/24481" ]
}, },
{ "references": {
"name" : "19501", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19501" "name": "phpnukeclan-functionscommon-file-include(25609)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25609"
"name" : "phpnukeclan-functionscommon-file-include(25609)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25609" "name": "20060401 PHPNuke-Clan 3.0.1 Remote File Inclusion Exploit",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/429615/100/0/threaded"
} },
} {
"name": "19501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19501"
},
{
"name": "ADV-2006-1202",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1202"
},
{
"name": "17356",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17356"
},
{
"name": "24481",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24481"
}
]
}
}

160
2006/1xxx/CVE-2006-1623.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1623", "ID": "CVE-2006-1623",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in main.php in an unspecified \"file created by Andries Bruinsma,\" possibly a FleXiBle Development (FXB) application, allows remote attackers to include and execute arbitrary PHP code. NOTE: this disclosure is extremely vague and has very little information about the specific vulnerability type. In addition, there is little public information on the named product. Finally, an XSS vector is implied in the subject line, but because there is no other information and evidence of a cut-and-paste error, it will not be assigned a separate CVE identifier unless additional information is provided."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060401 FleXiBle Development Script Remote Command Exucetion And XSS Attacking", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/429613/100/0/threaded" "lang": "eng",
}, "value": "Unspecified vulnerability in main.php in an unspecified \"file created by Andries Bruinsma,\" possibly a FleXiBle Development (FXB) application, allows remote attackers to include and execute arbitrary PHP code. NOTE: this disclosure is extremely vague and has very little information about the specific vulnerability type. In addition, there is little public information on the named product. Finally, an XSS vector is implied in the subject line, but because there is no other information and evidence of a cut-and-paste error, it will not be assigned a separate CVE identifier unless additional information is provided."
{ }
"name" : "20060405 Re: FleXiBle Development Script Remote Command Exucetion And XSS Attacking", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/430334/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20060404 FleXiBle Development Script Remote Command Exucetion And XSS Attacking", "description": [
"refsource" : "VIM", {
"url" : "http://attrition.org/pipermail/vim/2006-April/000680.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "flexible-development-main-command-execution(25600)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25600" ]
}, },
{ "references": {
"name" : "flexible-development-main-xss(25603)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25603" "name": "20060404 FleXiBle Development Script Remote Command Exucetion And XSS Attacking",
} "refsource": "VIM",
] "url": "http://attrition.org/pipermail/vim/2006-April/000680.html"
} },
} {
"name": "20060401 FleXiBle Development Script Remote Command Exucetion And XSS Attacking",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/429613/100/0/threaded"
},
{
"name": "flexible-development-main-xss(25603)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25603"
},
{
"name": "20060405 Re: FleXiBle Development Script Remote Command Exucetion And XSS Attacking",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430334/100/0/threaded"
},
{
"name": "flexible-development-main-command-execution(25600)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25600"
}
]
}
}

190
2006/1xxx/CVE-2006-1996.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1996", "ID": "CVE-2006-1996",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Scry Gallery 1.1 allows remote attackers to obtain sensitive information via an invalid p parameter, which reveals the path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060421 Scry Gallery Directory Traversal & Full Path Disclosure Vulnerabilites", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/431716/100/0/threaded" "lang": "eng",
}, "value": "Scry Gallery 1.1 allows remote attackers to obtain sensitive information via an invalid p parameter, which reveals the path in an error message."
{ }
"name" : "20060425 Interesting Scry stuff", ]
"refsource" : "VIM", },
"url" : "http://attrition.org/pipermail/vim/2006-April/000716.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "17668", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17668" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-1490", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/1490" ]
}, },
{ "references": {
"name" : "24890", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/24890" "name": "17668",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/17668"
"name" : "19777", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19777" "name": "ADV-2006-1490",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/1490"
"name" : "784", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/784" "name": "scry-gallery-index-path-disclosure(25990)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25990"
"name" : "scry-gallery-index-path-disclosure(25990)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25990" "name": "784",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/784"
} },
} {
"name": "20060425 Interesting Scry stuff",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-April/000716.html"
},
{
"name": "20060421 Scry Gallery Directory Traversal & Full Path Disclosure Vulnerabilites",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431716/100/0/threaded"
},
{
"name": "19777",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19777"
},
{
"name": "24890",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24890"
}
]
}
}

170
2006/3xxx/CVE-2006-3338.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3338", "ID": "CVE-2006-3338",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a direct request to secure/ConfigureReleaseNote.jspa, which are not sanitized before being returned in an error page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels0.blogspot.com/2006/06/atlassian-jira-information-disclosure.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels0.blogspot.com/2006/06/atlassian-jira-information-disclosure.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a direct request to secure/ConfigureReleaseNote.jspa, which are not sanitized before being returned in an error page."
{ }
"name" : "18575", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/18575" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-2472", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2472" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "26744", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/26744" ]
}, },
{ "references": {
"name" : "20767", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20767" "name": "ADV-2006-2472",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/2472"
"name" : "jira-configurereleasenote-xss(27588)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27588" "name": "18575",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/18575"
} },
} {
"name": "jira-configurereleasenote-xss(27588)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27588"
},
{
"name": "20767",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20767"
},
{
"name": "http://pridels0.blogspot.com/2006/06/atlassian-jira-information-disclosure.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/06/atlassian-jira-information-disclosure.html"
},
{
"name": "26744",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26744"
}
]
}
}

140
2006/4xxx/CVE-2006-4594.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4594", "ID": "CVE-2006-4594",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpAtm) 1.21 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the include_location parameter in (1) confirm.php or (2) login.php. NOTE: the include_location parameter to index.php is already covered by CVE-2005-1681."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "2279", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2279" "lang": "eng",
}, "value": "Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpAtm) 1.21 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the include_location parameter in (1) confirm.php or (2) login.php. NOTE: the include_location parameter to index.php is already covered by CVE-2005-1681."
{ }
"name" : "19765", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/19765" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "phpatm-include-file-include(28670)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28670" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "19765",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19765"
},
{
"name": "2279",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2279"
},
{
"name": "phpatm-include-file-include(28670)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28670"
}
]
}
}

170
2006/4xxx/CVE-2006-4714.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4714", "ID": "CVE-2006-4714",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the classified_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1467/exploit.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1467/exploit.html" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the classified_path parameter."
{ }
"name" : "2339", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/2339" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "84147", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/84147" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-3548", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/3548" ]
}, },
{ "references": {
"name" : "21855", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21855" "name": "84147",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/84147"
"name" : "vivvo-index-file-include(28834)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28834" "name": "21855",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/21855"
} },
} {
"name": "ADV-2006-3548",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3548"
},
{
"name": "2339",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2339"
},
{
"name": "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1467/exploit.html",
"refsource": "MISC",
"url": "http://securitydot.net/xpl/exploits/vulnerabilities/articles/1467/exploit.html"
},
{
"name": "vivvo-index-file-include(28834)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28834"
}
]
}
}

160
2006/4xxx/CVE-2006-4786.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4786", "ID": "CVE-2006-4786",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive information via (1) help.php and (2) other unspecified vectors involving scheduled backups."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://docs.moodle.org/en/Release_Notes#Moodle_1.6.2", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://docs.moodle.org/en/Release_Notes#Moodle_1.6.2" "lang": "eng",
}, "value": "Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive information via (1) help.php and (2) other unspecified vectors involving scheduled backups."
{ }
"name" : "19995", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/19995" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-3591", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3591" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "21899", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/21899" ]
}, },
{ "references": {
"name" : "moodle-help-information-disclosure(28903)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28903" "name": "http://docs.moodle.org/en/Release_Notes#Moodle_1.6.2",
} "refsource": "CONFIRM",
] "url": "http://docs.moodle.org/en/Release_Notes#Moodle_1.6.2"
} },
} {
"name": "19995",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19995"
},
{
"name": "21899",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21899"
},
{
"name": "moodle-help-information-disclosure(28903)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28903"
},
{
"name": "ADV-2006-3591",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3591"
}
]
}
}

200
2006/4xxx/CVE-2006-4820.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4820", "ID": "CVE-2006-4820",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in X.25 on HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBUX02126", "description_data": [
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/446030/100/0/threaded" "lang": "eng",
}, "value": "Unspecified vulnerability in X.25 on HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors."
{ }
"name" : "SSRT051019", ]
"refsource" : "HP", },
"url" : "http://www.securityfocus.com/archive/1/446030/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20029", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/20029" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:5747", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5747" ]
}, },
{ "references": {
"name" : "ADV-2006-3634", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3634" "name": "oval:org.mitre.oval:def:5747",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5747"
"name" : "1016857", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016857" "name": "SSRT051019",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/446030/100/0/threaded"
"name" : "21928", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21928" "name": "ADV-2006-3634",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3634"
"name" : "1595", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1595" "name": "HPSBUX02126",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/446030/100/0/threaded"
"name" : "hp-ux-unspecified-dos(28954)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28954" "name": "20029",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/20029"
} },
} {
"name": "hp-ux-unspecified-dos(28954)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28954"
},
{
"name": "1016857",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016857"
},
{
"name": "1595",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1595"
},
{
"name": "21928",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21928"
}
]
}
}

170
2010/2xxx/CVE-2010-2464.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2464", "ID": "CVE-2010-2464",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the RSComments (com_rscomments) component 1.0.0 Rev 2 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website and (2) name parameters to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "13935", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/13935" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in the RSComments (com_rscomments) component 1.0.0 Rev 2 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website and (2) name parameters to index.php."
{ }
"name" : "http://packetstormsecurity.org/1006-exploits/joomlarscomments-xss.txt", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.org/1006-exploits/joomlarscomments-xss.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.rsjoomla.com/customer-support/documentations/96--general-overview-of-the-component/393-changelog.html", "description": [
"refsource" : "MISC", {
"url" : "http://www.rsjoomla.com/customer-support/documentations/96--general-overview-of-the-component/393-changelog.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "40977", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/40977" ]
}, },
{ "references": {
"name" : "40278", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40278" "name": "40977",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/40977"
"name" : "rscomments-index-xss(59578)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59578" "name": "rscomments-index-xss(59578)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59578"
} },
} {
"name": "13935",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/13935"
},
{
"name": "40278",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40278"
},
{
"name": "http://packetstormsecurity.org/1006-exploits/joomlarscomments-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1006-exploits/joomlarscomments-xss.txt"
},
{
"name": "http://www.rsjoomla.com/customer-support/documentations/96--general-overview-of-the-component/393-changelog.html",
"refsource": "MISC",
"url": "http://www.rsjoomla.com/customer-support/documentations/96--general-overview-of-the-component/393-changelog.html"
}
]
}
}

120
2010/2xxx/CVE-2010-2975.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2975", "ID": "CVE-2010-2975",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 does not properly handle multiple SSH sessions, which allows physically proximate attackers to read a password, related to an \"arrow key failure,\" aka Bug ID CSCtg51544."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html" "lang": "eng",
} "value": "Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 does not properly handle multiple SSH sessions, which allows physically proximate attackers to read a password, related to an \"arrow key failure,\" aka Bug ID CSCtg51544."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html"
}
]
}
}

140
2010/3xxx/CVE-2010-3416.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3416", "ID": "CVE-2010-3416",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 6.0.472.59 on Linux does not properly implement the Khmer locale, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=53930", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=53930" "lang": "eng",
}, "value": "Google Chrome before 6.0.472.59 on Linux does not properly implement the Khmer locale, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors."
{ }
"name" : "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:14307", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14307" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/chromium/issues/detail?id=53930",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=53930"
},
{
"name": "oval:org.mitre.oval:def:14307",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14307"
},
{
"name": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html"
}
]
}
}

130
2010/3xxx/CVE-2010-3521.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2010-3521", "ID": "CVE-2010-3521",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft Enterprise HCM ePay component in Oracle PeopleSoft and JDEdwards Suite 9.0 to Payroll Update 10-C and 9.1 to Payroll Update 10-C allows remote authenticated users to affect confidentiality and integrity via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the PeopleSoft Enterprise HCM ePay component in Oracle PeopleSoft and JDEdwards Suite 9.0 to Payroll Update 10-C and 9.1 to Payroll Update 10-C allows remote authenticated users to affect confidentiality and integrity via unknown vectors."
{ }
"name" : "TA10-287A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name": "TA10-287A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
}
]
}
}

300
2010/3xxx/CVE-2010-3767.json
View File

@ -1,152 +1,152 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3767", "ID": "CVE-2010-3767",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the NewIdArray function in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via a JavaScript array with many elements."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-81.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-81.html" "lang": "eng",
}, "value": "Integer overflow in the NewIdArray function in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via a JavaScript array with many elements."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=599468", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=599468" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.avaya.com/css/P8/documents/100124650", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/css/P8/documents/100124650" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2132", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2010/dsa-2132" ]
}, },
{ "references": {
"name" : "FEDORA-2010-18773", "reference_data": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html" "name": "SUSE-SA:2011:003",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html"
"name" : "FEDORA-2010-18775", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html" "name": "FEDORA-2010-18775",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html"
"name" : "FEDORA-2010-18890", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html" "name": "MDVSA-2010:251",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:251"
"name" : "FEDORA-2010-18920", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html" "name": "http://support.avaya.com/css/P8/documents/100124650",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/css/P8/documents/100124650"
"name" : "MDVSA-2010:251", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:251" "name": "RHSA-2010:0968",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0968.html"
"name" : "RHSA-2010:0966", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0966.html" "name": "RHSA-2010:0966",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0966.html"
"name" : "RHSA-2010:0967", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0967.html" "name": "USN-1019-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1019-1"
"name" : "RHSA-2010:0968", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0968.html" "name": "42818",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42818"
"name" : "SUSE-SA:2011:003", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html" "name": "DSA-2132",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2010/dsa-2132"
"name" : "USN-1019-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1019-1" "name": "1024848",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1024848"
"name" : "oval:org.mitre.oval:def:12610", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12610" "name": "FEDORA-2010-18920",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html"
"name" : "1024848", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024848" "name": "ADV-2011-0030",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0030"
"name" : "42716", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42716" "name": "RHSA-2010:0967",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0967.html"
"name" : "42818", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42818" "name": "FEDORA-2010-18890",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html"
"name" : "ADV-2011-0030", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0030" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=599468",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=599468"
} },
} {
"name": "42716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42716"
},
{
"name": "http://www.mozilla.org/security/announce/2010/mfsa2010-81.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-81.html"
},
{
"name": "oval:org.mitre.oval:def:12610",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12610"
},
{
"name": "FEDORA-2010-18773",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html"
}
]
}
}

170
2010/4xxx/CVE-2010-4402.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4402", "ID": "CVE-2010-4402",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Register Plus plugin 3.5.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) firstname, (2) lastname, (3) website, (4) aim, (5) yahoo, (6) jabber, (7) about, (8) pass1, and (9) pass2 parameters in a register action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20101125 [Suspected Spam]Vulnerabilities in Register Plus for WordPress", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/514903/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Register Plus plugin 3.5.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) firstname, (2) lastname, (3) website, (4) aim, (5) yahoo, (6) jabber, (7) about, (8) pass1, and (9) pass2 parameters in a register action."
{ }
"name" : "http://packetstormsecurity.org/files/view/96143/registerplus-xss.txt", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.org/files/view/96143/registerplus-xss.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://websecurity.com.ua/4539", "description": [
"refsource" : "MISC", {
"url" : "http://websecurity.com.ua/4539" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "45057", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/45057" ]
}, },
{ "references": {
"name" : "69491", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/69491" "name": "http://websecurity.com.ua/4539",
}, "refsource": "MISC",
{ "url": "http://websecurity.com.ua/4539"
"name" : "42360", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42360" "name": "http://packetstormsecurity.org/files/view/96143/registerplus-xss.txt",
} "refsource": "MISC",
] "url": "http://packetstormsecurity.org/files/view/96143/registerplus-xss.txt"
} },
} {
"name": "45057",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45057"
},
{
"name": "42360",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42360"
},
{
"name": "69491",
"refsource": "OSVDB",
"url": "http://osvdb.org/69491"
},
{
"name": "20101125 [Suspected Spam]Vulnerabilities in Register Plus for WordPress",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514903/100/0/threaded"
}
]
}
}

200
2010/4xxx/CVE-2010-4554.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4554", "ID": "CVE-2010-4554",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/page_header.php?view=patch&r1=14117&r2=14116&pathrev=14117", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/page_header.php?view=patch&r1=14117&r2=14116&pathrev=14117" "lang": "eng",
}, "value": "functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site."
{ }
"name" : "http://www.squirrelmail.org/security/issue/2011-07-12", ]
"refsource" : "CONFIRM", },
"url" : "http://www.squirrelmail.org/security/issue/2011-07-12" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=720693", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=720693" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.apple.com/kb/HT5130", ]
"refsource" : "CONFIRM", }
"url" : "http://support.apple.com/kb/HT5130" ]
}, },
{ "references": {
"name" : "APPLE-SA-2012-02-01-1", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" "name": "DSA-2291",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2011/dsa-2291"
"name" : "DSA-2291", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2291" "name": "squirrelmail-http-clickjacking(68512)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68512"
"name" : "MDVSA-2011:123", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:123" "name": "http://support.apple.com/kb/HT5130",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT5130"
"name" : "RHSA-2012:0103", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0103.html" "name": "http://www.squirrelmail.org/security/issue/2011-07-12",
}, "refsource": "CONFIRM",
{ "url": "http://www.squirrelmail.org/security/issue/2011-07-12"
"name" : "squirrelmail-http-clickjacking(68512)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68512" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=720693",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.redhat.com/show_bug.cgi?id=720693"
} },
} {
"name": "MDVSA-2011:123",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:123"
},
{
"name": "APPLE-SA-2012-02-01-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/page_header.php?view=patch&r1=14117&r2=14116&pathrev=14117",
"refsource": "CONFIRM",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/page_header.php?view=patch&r1=14117&r2=14116&pathrev=14117"
},
{
"name": "RHSA-2012:0103",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
}
]
}
}

130
2010/4xxx/CVE-2010-4929.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4929", "ID": "CVE-2010-4929",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Joostina (com_ezautos) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the firstCode parameter in a helpers action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "15085", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/15085" "lang": "eng",
}, "value": "SQL injection vulnerability in the Joostina (com_ezautos) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the firstCode parameter in a helpers action to index.php."
{ }
"name" : "43415", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/43415" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43415",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43415"
},
{
"name": "15085",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15085"
}
]
}
}

34
2011/1xxx/CVE-2011-1009.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1009", "ID": "CVE-2011-1009",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2011/1xxx/CVE-2011-1356.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1356", "ID": "CVE-2011-1356",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows local users to obtain sensitive stack-trace information via a crafted Administration Console request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "PM36620", "description_data": [
"refsource" : "AIXAPAR", {
"url" : "http://www.ibm.com/support/docview.wss?uid=swg1PM36620" "lang": "eng",
}, "value": "IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows local users to obtain sensitive stack-trace information via a crafted Administration Console request."
{ }
"name" : "PM42436", ]
"refsource" : "AIXAPAR", },
"url" : "http://www.ibm.com/support/docview.wss?uid=swg1PM42436" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "48709", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/48709" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "was-admcons-info-disclosure(68571)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68571" ]
} },
] "references": {
} "reference_data": [
} {
"name": "PM42436",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1PM42436"
},
{
"name": "48709",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48709"
},
{
"name": "PM36620",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1PM36620"
},
{
"name": "was-admcons-info-disclosure(68571)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68571"
}
]
}
}

140
2014/3xxx/CVE-2014-3041.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2014-3041", "ID": "CVE-2014-3041",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680370", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680370" "lang": "eng",
}, "value": "SQL injection vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
{ }
"name" : "60479", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/60479" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ibm-emptoris-cve20143041-sql-injection(93318)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93318" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "ibm-emptoris-cve20143041-sql-injection(93318)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93318"
},
{
"name": "60479",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60479"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680370",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680370"
}
]
}
}

34
2014/3xxx/CVE-2014-3118.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3118", "ID": "CVE-2014-3118",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2014/3xxx/CVE-2014-3720.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3720", "ID": "CVE-2014-3720",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2014/3xxx/CVE-2014-3847.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3847", "ID": "CVE-2014-3847",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2014/7xxx/CVE-2014-7813.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-7813", "ID": "CVE-2014-7813",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Red Hat CloudForms 3 Management Engine (CFME) allows remote authenticated users to cause a denial of service (resource consumption) via vectors involving calls to the .to_sym rails function and lack of garbage collection of inserted symbols."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1157872", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1157872" "lang": "eng",
} "value": "Red Hat CloudForms 3 Management Engine (CFME) allows remote authenticated users to cause a denial of service (resource consumption) via vectors involving calls to the .to_sym rails function and lack of garbage collection of inserted symbols."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1157872",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1157872"
}
]
}
}

160
2014/8xxx/CVE-2014-8248.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-8248", "ID": "CVE-2014-8248",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote authenticated users to execute arbitrary SQL commands via a crafted query."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20141215 CA20141215-01: Security Notice for CA LISA Release Automation", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/534246/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote authenticated users to execute arbitrary SQL commands via a crafted query."
{ }
"name" : "20141216 CA20141215-01: Security Notice for CA LISA Release Automation", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2014/Dec/55" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141215-01-security-notice-for-ca-lisa-release-automation.aspx", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141215-01-security-notice-for-ca-lisa-release-automation.aspx" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "VU#343060", ]
"refsource" : "CERT-VN", }
"url" : "http://www.kb.cert.org/vuls/id/343060" ]
}, },
{ "references": {
"name" : "1031375", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1031375" "name": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141215-01-security-notice-for-ca-lisa-release-automation.aspx",
} "refsource": "CONFIRM",
] "url": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141215-01-security-notice-for-ca-lisa-release-automation.aspx"
} },
} {
"name": "20141216 CA20141215-01: Security Notice for CA LISA Release Automation",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/55"
},
{
"name": "VU#343060",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/343060"
},
{
"name": "20141215 CA20141215-01: Security Notice for CA LISA Release Automation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534246/100/0/threaded"
},
{
"name": "1031375",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1031375"
}
]
}
}

160
2014/8xxx/CVE-2014-8389.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8389", "ID": "CVE-2014-8389",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with firmware LM.1.6.18 14.10.2011, and AirLive POE-200CAM v2 with firmware LM.1.6.17.01 uses hard-coded credentials in the embedded Boa web server, which allows remote attackers to obtain user credentials via crafted HTTP requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150706 [CORE-2015-0012] - AirLive Multiple Products OS Command Injection", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/535938/100/0/threaded" "lang": "eng",
}, "value": "cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with firmware LM.1.6.18 14.10.2011, and AirLive POE-200CAM v2 with firmware LM.1.6.17.01 uses hard-coded credentials in the embedded Boa web server, which allows remote attackers to obtain user credentials via crafted HTTP requests."
{ }
"name" : "20151231 [CORE-2015-0012] - AirLive Multiple Products OS Command Injection", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2015/Jul/29" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://packetstormsecurity.com/files/132585/AirLive-Remote-Command-Injection.html", "description": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/132585/AirLive-Remote-Command-Injection.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://www.coresecurity.com/advisories/airlive-multiple-products-os-command-injection", ]
"refsource" : "MISC", }
"url" : "https://www.coresecurity.com/advisories/airlive-multiple-products-os-command-injection" ]
}, },
{ "references": {
"name" : "75559", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/75559" "name": "20150706 [CORE-2015-0012] - AirLive Multiple Products OS Command Injection",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/535938/100/0/threaded"
} },
} {
"name": "http://packetstormsecurity.com/files/132585/AirLive-Remote-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132585/AirLive-Remote-Command-Injection.html"
},
{
"name": "20151231 [CORE-2015-0012] - AirLive Multiple Products OS Command Injection",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jul/29"
},
{
"name": "75559",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75559"
},
{
"name": "https://www.coresecurity.com/advisories/airlive-multiple-products-os-command-injection",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/airlive-multiple-products-os-command-injection"
}
]
}
}

170
2014/8xxx/CVE-2014-8480.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8480", "ID": "CVE-2014-8480",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel before 3.18-rc2 lacks intended decoder-table flags for certain RIP-relative instructions, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a crafted application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[kvm] 20141013 [PATCH 0/2] KVM: x86: Fixing clflush/hint_nop/prefetch", "description_data": [
"refsource" : "MLIST", {
"url" : "http://thread.gmane.org/gmane.comp.emulators.kvm.devel/128427" "lang": "eng",
}, "value": "The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel before 3.18-rc2 lacks intended decoder-table flags for certain RIP-relative instructions, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a crafted application."
{ }
"name" : "[oss-security] 20141023 CVE Request: Linux 3.17 guest-triggerable KVM OOPS", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2014/10/23/7" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3f6f1480d86bf9fc16c160d803ab1d006e3058d5", "description": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3f6f1480d86bf9fc16c160d803ab1d006e3058d5" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1156615", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1156615" ]
}, },
{ "references": {
"name" : "https://github.com/torvalds/linux/commit/3f6f1480d86bf9fc16c160d803ab1d006e3058d5", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/torvalds/linux/commit/3f6f1480d86bf9fc16c160d803ab1d006e3058d5" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1156615",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1156615"
"name" : "70710", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/70710" "name": "70710",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/70710"
} },
} {
"name": "[oss-security] 20141023 CVE Request: Linux 3.17 guest-triggerable KVM OOPS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/10/23/7"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3f6f1480d86bf9fc16c160d803ab1d006e3058d5",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3f6f1480d86bf9fc16c160d803ab1d006e3058d5"
},
{
"name": "https://github.com/torvalds/linux/commit/3f6f1480d86bf9fc16c160d803ab1d006e3058d5",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/3f6f1480d86bf9fc16c160d803ab1d006e3058d5"
},
{
"name": "[kvm] 20141013 [PATCH 0/2] KVM: x86: Fixing clflush/hint_nop/prefetch",
"refsource": "MLIST",
"url": "http://thread.gmane.org/gmane.comp.emulators.kvm.devel/128427"
}
]
}
}

170
2014/8xxx/CVE-2014-8830.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2014-8830", "ID": "CVE-2014-8830",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted accessor element in a Collada file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/HT204244", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/HT204244" "lang": "eng",
}, "value": "Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted accessor element in a Collada file."
{ }
"name" : "https://support.apple.com/HT204659", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT204659" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2015-01-27-4", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2015-04-08-2", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" ]
}, },
{ "references": {
"name" : "1031650", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031650" "name": "macosx-cve20148830-bo(100524)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100524"
"name" : "macosx-cve20148830-bo(100524)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100524" "name": "https://support.apple.com/HT204659",
} "refsource": "CONFIRM",
] "url": "https://support.apple.com/HT204659"
} },
} {
"name": "1031650",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031650"
},
{
"name": "http://support.apple.com/HT204244",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204244"
},
{
"name": "APPLE-SA-2015-04-08-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "APPLE-SA-2015-01-27-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
]
}
}

150
2014/8xxx/CVE-2014-8952.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8952", "ID": "CVE-2014-8952",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Check Point Security Gateway R75.40VS, R75.45, R75.46, R75.47, R76, R77, and R77.10, when the (1) IPS blade, (2) IPsec Remote Access, (3) Mobile Access / SSL VPN blade, (4) SSL Network Extender, (5) Identify Awareness blade, (6) HTTPS Inspection, (7) UserCheck, or (8) Data Leak Prevention blade module is enabled, allow remote attackers to cause a denial of service (\"stability issue\") via an unspecified \"traffic condition.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk100431", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk100431" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in Check Point Security Gateway R75.40VS, R75.45, R75.46, R75.47, R76, R77, and R77.10, when the (1) IPS blade, (2) IPsec Remote Access, (3) Mobile Access / SSL VPN blade, (4) SSL Network Extender, (5) Identify Awareness blade, (6) HTTPS Inspection, (7) UserCheck, or (8) Data Leak Prevention blade module is enabled, allow remote attackers to cause a denial of service (\"stability issue\") via an unspecified \"traffic condition.\""
{ }
"name" : "67993", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/67993" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "58487", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/58487" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "security-gateway-cve20148952-dos(98762)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98762" ]
} },
] "references": {
} "reference_data": [
} {
"name": "security-gateway-cve20148952-dos(98762)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98762"
},
{
"name": "58487",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58487"
},
{
"name": "67993",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67993"
},
{
"name": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk100431",
"refsource": "CONFIRM",
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk100431"
}
]
}
}

34
2014/9xxx/CVE-2014-9083.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9083", "ID": "CVE-2014-9083",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2014/9xxx/CVE-2014-9136.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@huawei.com", "ASSIGNER": "psirt@huawei.com",
"ID" : "CVE-2014-9136", "ID": "CVE-2014-9136",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "FusionManager FusionManager All V100R002C03 versions, All V100R003C00 versions,", "product_name": "FusionManager FusionManager All V100R002C03 versions, All V100R003C00 versions,",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "FusionManager FusionManager All V100R002C03 versions, All V100R003C00 versions," "version_value": "FusionManager FusionManager All V100R002C03 versions, All V100R003C00 versions,"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CSRF"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.huawei.com/en/psirt/security-advisories/hw-372186", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.huawei.com/en/psirt/security-advisories/hw-372186" "lang": "eng",
} "value": "Huawei FusionManager with software V100R002C03 and V100R003C00 could allow an unauthenticated, remote attacker to conduct a CSRF attack against the user of the web interface."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSRF"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/hw-372186",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-372186"
}
]
}
}

150
2014/9xxx/CVE-2014-9490.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9490", "ID": "CVE-2014-9490",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The numtok function in lib/raven/okjson.rb in the raven-ruby gem before 0.12.2 for Ruby allows remote attackers to cause a denial of service via a large exponent value in a scientific number."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20150103 Re: CVE Request", "description_data": [
"refsource" : "MLIST", {
"url" : "http://seclists.org/oss-sec/2015/q1/26" "lang": "eng",
}, "value": "The numtok function in lib/raven/okjson.rb in the raven-ruby gem before 0.12.2 for Ruby allows remote attackers to cause a denial of service via a large exponent value in a scientific number."
{ }
"name" : "https://github.com/getsentry/raven-ruby/commit/477ee93a3f735be33bc1e726820654cdf6e22d8f", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/getsentry/raven-ruby/commit/477ee93a3f735be33bc1e726820654cdf6e22d8f" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://groups.google.com/forum/#!topic/getsentry/Cz5bih0ZY1U", "description": [
"refsource" : "CONFIRM", {
"url" : "https://groups.google.com/forum/#!topic/getsentry/Cz5bih0ZY1U" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ravenruby-cve20149490-dos(99687)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99687" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://github.com/getsentry/raven-ruby/commit/477ee93a3f735be33bc1e726820654cdf6e22d8f",
"refsource": "CONFIRM",
"url": "https://github.com/getsentry/raven-ruby/commit/477ee93a3f735be33bc1e726820654cdf6e22d8f"
},
{
"name": "ravenruby-cve20149490-dos(99687)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99687"
},
{
"name": "[oss-security] 20150103 Re: CVE Request",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q1/26"
},
{
"name": "https://groups.google.com/forum/#!topic/getsentry/Cz5bih0ZY1U",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/getsentry/Cz5bih0ZY1U"
}
]
}
}

140
2014/9xxx/CVE-2014-9741.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9741", "ID": "CVE-2014-9741",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Desktop, ArcGIS for Engine, and ArcGIS for Server 10.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://blogs.esri.com/esri/arcgis/2014/09/04/arcgis-for-server-security-patch-10-1-sp1-qip-10-2-1-10-2-2/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://blogs.esri.com/esri/arcgis/2014/09/04/arcgis-for-server-security-patch-10-1-sp1-qip-10-2-1-10-2-2/" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Desktop, ArcGIS for Engine, and ArcGIS for Server 10.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "http://support.esri.com/en/downloads/patches-servicepacks/view/productid/67/metaid/2223", ]
"refsource" : "CONFIRM", },
"url" : "http://support.esri.com/en/downloads/patches-servicepacks/view/productid/67/metaid/2223" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1032733", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032733" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://blogs.esri.com/esri/arcgis/2014/09/04/arcgis-for-server-security-patch-10-1-sp1-qip-10-2-1-10-2-2/",
"refsource": "CONFIRM",
"url": "http://blogs.esri.com/esri/arcgis/2014/09/04/arcgis-for-server-security-patch-10-1-sp1-qip-10-2-1-10-2-2/"
},
{
"name": "1032733",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032733"
},
{
"name": "http://support.esri.com/en/downloads/patches-servicepacks/view/productid/67/metaid/2223",
"refsource": "CONFIRM",
"url": "http://support.esri.com/en/downloads/patches-servicepacks/view/productid/67/metaid/2223"
}
]
}
}

160
2014/9xxx/CVE-2014-9759.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9759", "ID": "CVE-2014-9759",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information via a SOAP API request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160102 CVE Request: MantisBT SOAP API can be used to disclose confidential settings", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/01/02/1" "lang": "eng",
}, "value": "Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information via a SOAP API request."
{ }
"name" : "[oss-security] 20160103 Re: CVE Request: MantisBT SOAP API can be used to disclose confidential settings", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2016/01/03/2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://sourceforge.net/p/mantisbt/mailman/message/32948048/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/p/mantisbt/mailman/message/32948048/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://mantisbt.org/bugs/view.php?id=20277", ]
"refsource" : "CONFIRM", }
"url" : "https://mantisbt.org/bugs/view.php?id=20277" ]
}, },
{ "references": {
"name" : "1035518", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1035518" "name": "[oss-security] 20160103 Re: CVE Request: MantisBT SOAP API can be used to disclose confidential settings",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2016/01/03/2"
} },
} {
"name": "https://mantisbt.org/bugs/view.php?id=20277",
"refsource": "CONFIRM",
"url": "https://mantisbt.org/bugs/view.php?id=20277"
},
{
"name": "[oss-security] 20160102 CVE Request: MantisBT SOAP API can be used to disclose confidential settings",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/02/1"
},
{
"name": "1035518",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035518"
},
{
"name": "http://sourceforge.net/p/mantisbt/mailman/message/32948048/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/mantisbt/mailman/message/32948048/"
}
]
}
}

120
2016/2xxx/CVE-2016-2363.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2016-2363", "ID": "CVE-2016-2363",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 uses weak permissions for the /var/www/rpc/surun script, which allows local users to obtain root access for unspecified command execution by leveraging access to the nobody account."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#754056", "description_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/754056" "lang": "eng",
} "value": "Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 uses weak permissions for the /var/www/rpc/surun script, which allows local users to obtain root access for unspecified command execution by leveraging access to the nobody account."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#754056",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/754056"
}
]
}
}

130
2016/2xxx/CVE-2016-2430.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-2430", "ID": "CVE-2016-2430",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libbacktrace/Backtrace.cpp in debuggerd in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to gain privileges via an application containing a crafted symbol name, aka internal bug 27299236."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://source.android.com/security/bulletin/2016-05-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://source.android.com/security/bulletin/2016-05-01.html" "lang": "eng",
}, "value": "libbacktrace/Backtrace.cpp in debuggerd in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to gain privileges via an application containing a crafted symbol name, aka internal bug 27299236."
{ }
"name" : "https://android.googlesource.com/platform/system/core/+/ad54cfed4516292654c997910839153264ae00a0", ]
"refsource" : "CONFIRM", },
"url" : "https://android.googlesource.com/platform/system/core/+/ad54cfed4516292654c997910839153264ae00a0" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-05-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-05-01.html"
},
{
"name": "https://android.googlesource.com/platform/system/core/+/ad54cfed4516292654c997910839153264ae00a0",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/system/core/+/ad54cfed4516292654c997910839153264ae00a0"
}
]
}
}

140
2016/2xxx/CVE-2016-2540.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-2540", "ID": "CVE-2016-2540",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted FORMATCHUNK structure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180212 [SECURITY] [DLA 1277-1] audacity security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/02/msg00012.html" "lang": "eng",
}, "value": "Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted FORMATCHUNK structure."
{ }
"name" : "https://fortiguard.com/zeroday/FG-VD-15-116", ]
"refsource" : "MISC", },
"url" : "https://fortiguard.com/zeroday/FG-VD-15-116" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://wiki.audacityteam.org/wiki/Release_Notes_2.1.2", "description": [
"refsource" : "CONFIRM", {
"url" : "http://wiki.audacityteam.org/wiki/Release_Notes_2.1.2" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.audacityteam.org/wiki/Release_Notes_2.1.2",
"refsource": "CONFIRM",
"url": "http://wiki.audacityteam.org/wiki/Release_Notes_2.1.2"
},
{
"name": "https://fortiguard.com/zeroday/FG-VD-15-116",
"refsource": "MISC",
"url": "https://fortiguard.com/zeroday/FG-VD-15-116"
},
{
"name": "[debian-lts-announce] 20180212 [SECURITY] [DLA 1277-1] audacity security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00012.html"
}
]
}
}

34
2016/2xxx/CVE-2016-2721.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-2721", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-2721",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

34
2016/2xxx/CVE-2016-2751.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-2751", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-2751",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

34
2016/2xxx/CVE-2016-2909.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-2909", "ID": "CVE-2016-2909",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2016/6xxx/CVE-2016-6064.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6064", "ID": "CVE-2016-6064",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2016/6xxx/CVE-2016-6450.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2016-6450", "ID": "CVE-2016-6450",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco IOS XE 3.7(0) through Denali-16.3.1", "product_name": "Cisco IOS XE 3.7(0) through Denali-16.3.1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco IOS XE 3.7(0) through Denali-16.3.1" "version_value": "Cisco IOS XE 3.7(0) through Denali-16.3.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. This vulnerability affects the following products if they are running a vulnerable release of Cisco IOS XE Software: Cisco 5700 Series Wireless LAN Controllers, Cisco Catalyst 3650 Series Switches, Cisco Catalyst 3850 Series Switches, Cisco Catalyst 4500E Series Switches, Cisco Catalyst 4500X Series Switches. More Information: CSCva60013 CSCvb22622. Known Affected Releases: 3.7(0) 16.4.1 Denali-16.1.3 Denali-16.2.2 Denali-16.3.1. Known Fixed Releases: 15.2(4)E3 16.1(2.208) 16.2(2.42) 16.3(1.22) 16.4(0.190) 16.5(0.29)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unspecified"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161115-iosxe", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161115-iosxe" "lang": "eng",
}, "value": "A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. This vulnerability affects the following products if they are running a vulnerable release of Cisco IOS XE Software: Cisco 5700 Series Wireless LAN Controllers, Cisco Catalyst 3650 Series Switches, Cisco Catalyst 3850 Series Switches, Cisco Catalyst 4500E Series Switches, Cisco Catalyst 4500X Series Switches. More Information: CSCva60013 CSCvb22622. Known Affected Releases: 3.7(0) 16.4.1 Denali-16.1.3 Denali-16.2.2 Denali-16.3.1. Known Fixed Releases: 15.2(4)E3 16.1(2.208) 16.2(2.42) 16.3(1.22) 16.4(0.190) 16.5(0.29)."
{ }
"name" : "94340", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/94340" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037299", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037299" "lang": "eng",
} "value": "unspecified"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161115-iosxe",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161115-iosxe"
},
{
"name": "94340",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94340"
},
{
"name": "1037299",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037299"
}
]
}
}

34
2016/6xxx/CVE-2016-6666.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6666", "ID": "CVE-2016-6666",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2016/6xxx/CVE-2016-6744.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-6744", "ID": "CVE-2016-6744",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Kernel-3.10" "version_value": "Kernel-3.10"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30970485."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2016-11-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2016-11-01.html" "lang": "eng",
}, "value": "An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30970485."
{ }
"name" : "94131", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/94131" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94131",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94131"
},
{
"name": "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-11-01.html"
}
]
}
}

160
2016/7xxx/CVE-2016-7419.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-7419", "ID": "CVE-2016-7419",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://hackerone.com/reports/145355", "description_data": [
"refsource" : "MISC", {
"url" : "https://hackerone.com/reports/145355" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name."
{ }
"name" : "https://github.com/nextcloud/gallery/commit/6933d27afe518967bd1b60e6a7eacd88288929fc", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/nextcloud/gallery/commit/6933d27afe518967bd1b60e6a7eacd88288929fc" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://nextcloud.com/security/advisory/?id=nc-sa-2016-001", "description": [
"refsource" : "CONFIRM", {
"url" : "https://nextcloud.com/security/advisory/?id=nc-sa-2016-001" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://owncloud.org/security/advisory/?id=oc-sa-2016-011", ]
"refsource" : "CONFIRM", }
"url" : "https://owncloud.org/security/advisory/?id=oc-sa-2016-011" ]
}, },
{ "references": {
"name" : "92373", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/92373" "name": "92373",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/92373"
} },
} {
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2016-011",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-011"
},
{
"name": "https://hackerone.com/reports/145355",
"refsource": "MISC",
"url": "https://hackerone.com/reports/145355"
},
{
"name": "https://github.com/nextcloud/gallery/commit/6933d27afe518967bd1b60e6a7eacd88288929fc",
"refsource": "CONFIRM",
"url": "https://github.com/nextcloud/gallery/commit/6933d27afe518967bd1b60e6a7eacd88288929fc"
},
{
"name": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-001",
"refsource": "CONFIRM",
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-001"
}
]
}
}

34
2016/7xxx/CVE-2016-7491.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-7491", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-7491",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

130
2016/7xxx/CVE-2016-7817.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2016-7817", "ID": "CVE-2016-7817",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Simple keitai chat", "product_name": "Simple keitai chat",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.0 and earlier" "version_value": "2.0 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "LEMON-S PHP" "vendor_name": "LEMON-S PHP"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in Simple keitai chat 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "JVN#05493467", "description_data": [
"refsource" : "JVN", {
"url" : "https://jvn.jp/en/jp/JVN05493467/index.html" "lang": "eng",
}, "value": "Cross-site scripting vulnerability in Simple keitai chat 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "94537", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/94537" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#05493467",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN05493467/index.html"
},
{
"name": "94537",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94537"
}
]
}
}

34
2017/5xxx/CVE-2017-5323.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5323", "ID": "CVE-2017-5323",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2017/5xxx/CVE-2017-5553.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5553", "ID": "CVE-2017-5553",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://b2evolution.net/downloads/6-8-5", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://b2evolution.net/downloads/6-8-5" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL."
{ }
"name" : "https://github.com/b2evolution/b2evolution/commit/ce5b36e44b714b18b0bcd34c6db0187b8d13bab8", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/b2evolution/b2evolution/commit/ce5b36e44b714b18b0bcd34c6db0187b8d13bab8" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "95704", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/95704" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "95704",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95704"
},
{
"name": "http://b2evolution.net/downloads/6-8-5",
"refsource": "CONFIRM",
"url": "http://b2evolution.net/downloads/6-8-5"
},
{
"name": "https://github.com/b2evolution/b2evolution/commit/ce5b36e44b714b18b0bcd34c6db0187b8d13bab8",
"refsource": "CONFIRM",
"url": "https://github.com/b2evolution/b2evolution/commit/ce5b36e44b714b18b0bcd34c6db0187b8d13bab8"
}
]
}
}