admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:28:07 +00:00
parent 06fa95e680
commit fe63604ba8
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
59 changed files with 4444 additions and 4444 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

258
2006/0xxx/CVE-2006-0265.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0265",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB17 in the Oracle Text component and (2) DB18 in the Program Interface Network component. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that DB17 involves SQL injection in the (a) VALIDATE_STATEMENT and BUILD_DML functions in CTXSYS.DRILOAD; (b) CLEAN_DML function in CTXSYS.DRIDML; (c) GET_ROWID function in CTXSYS.CTX_DOC; (d) BROWSE_WORDS function in CTXSYS.CTX_QUERY; and (e) ODCIINDEXTRUNCATE, ODCIINDEXDROP, and ODCIINDEXDELETE functions in CATINDEXMETHODS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html",
"refsource" : "MISC",
"url" : "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name" : "VU#545804",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/545804"
},
{
"name" : "16287",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16287"
},
{
"name" : "ADV-2006-0243",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0243"
},
{
"name" : "ADV-2006-0323",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name" : "22555",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22555"
},
{
"name" : "22639",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22639"
},
{
"name" : "22640",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22640"
},
{
"name" : "22641",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22641"
},
{
"name" : "22642",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22642"
},
{
"name" : "1015499",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015499"
},
{
"name" : "18493",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18493"
},
{
"name" : "18608",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18608"
},
{
"name" : "oracle-january2006-update(24321)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB17 in the Oracle Text component and (2) DB18 in the Program Interface Network component. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that DB17 involves SQL injection in the (a) VALIDATE_STATEMENT and BUILD_DML functions in CTXSYS.DRILOAD; (b) CLEAN_DML function in CTXSYS.DRIDML; (c) GET_ROWID function in CTXSYS.CTX_DOC; (d) BROWSE_WORDS function in CTXSYS.CTX_QUERY; and (e) ODCIINDEXTRUNCATE, ODCIINDEXDROP, and ODCIINDEXDELETE functions in CATINDEXMETHODS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22555",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22555"
},
{
"name": "oracle-january2006-update(24321)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html"
},
{
"name": "18493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "16287",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16287"
},
{
"name": "22640",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22640"
},
{
"name": "VU#545804",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"name": "1015499",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015499"
},
{
"name": "ADV-2006-0243",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"name": "22642",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22642"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18608"
},
{
"name": "22639",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22639"
},
{
"name": "22641",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22641"
}
]
}
}

198
2006/0xxx/CVE-2006-0280.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0280",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle PeopleSoft Enterprise Portal 8.4 Bundle 15, 8.8 Bundle 10, and 8.9 Bundle 2 has unspecified impact and attack vectors, as identified by Oracle Vuln# PSE01."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0280",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name" : "VU#545804",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/545804"
},
{
"name" : "16287",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16287"
},
{
"name" : "ADV-2006-0243",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0243"
},
{
"name" : "ADV-2006-0323",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name" : "1015499",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015499"
},
{
"name" : "18493",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18493"
},
{
"name" : "18608",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18608"
},
{
"name" : "oracle-january2006-update(24321)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle PeopleSoft Enterprise Portal 8.4 Bundle 15, 8.8 Bundle 10, and 8.9 Bundle 2 has unspecified impact and attack vectors, as identified by Oracle Vuln# PSE01."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-january2006-update(24321)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "18493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "16287",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16287"
},
{
"name": "VU#545804",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"name": "1015499",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015499"
},
{
"name": "ADV-2006-0243",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18608"
}
]
}
}

278
2006/0xxx/CVE-2006-0755.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0755",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Multiple PHP remote file include vulnerabilities in dotProject 2.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary commands via the baseDir parameter in (1) db_adodb.php, (2) db_connect.php, (3) session.php, (4) vw_usr_roles.php, (5) calendar.php, (6) date_format.php, and (7) tasks/gantt.php; and the dPconfig[root_dir] parameter in (8) projects/gantt.php, (9) gantt2.php, and (10) vw_files.php. NOTE: the vendor disputes this issue, stating that the product documentation clearly recommends that the system administrator disable register_globals, and that the check.php script warns against this setting. Also, the vendor says that the protection.php/siteurl vector is incorrect because protection.php does not exist in the product."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0755",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060214 dotproject <= 2.0.1 remote code execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/424957/100/0/threaded"
},
{
"name" : "20060215 Re: dotproject <= 2.0.1 remote code execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/425285/100/0/threaded"
},
{
"name" : "16648",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16648"
},
{
"name" : "ADV-2006-0604",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0604"
},
{
"name" : "23209",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23209"
},
{
"name" : "23212",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23212"
},
{
"name" : "23210",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23210"
},
{
"name" : "23211",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23211"
},
{
"name" : "23213",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23213"
},
{
"name" : "23214",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23214"
},
{
"name" : "23215",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23215"
},
{
"name" : "23216",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23216"
},
{
"name" : "23217",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23217"
},
{
"name" : "23218",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23218"
},
{
"name" : "23219",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23219"
},
{
"name" : "18879",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18879"
},
{
"name" : "dotproject-multiple-basedir-file-include(24738)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24738"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Multiple PHP remote file include vulnerabilities in dotProject 2.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary commands via the baseDir parameter in (1) db_adodb.php, (2) db_connect.php, (3) session.php, (4) vw_usr_roles.php, (5) calendar.php, (6) date_format.php, and (7) tasks/gantt.php; and the dPconfig[root_dir] parameter in (8) projects/gantt.php, (9) gantt2.php, and (10) vw_files.php. NOTE: the vendor disputes this issue, stating that the product documentation clearly recommends that the system administrator disable register_globals, and that the check.php script warns against this setting. Also, the vendor says that the protection.php/siteurl vector is incorrect because protection.php does not exist in the product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060214 dotproject <= 2.0.1 remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424957/100/0/threaded"
},
{
"name": "23210",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23210"
},
{
"name": "23216",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23216"
},
{
"name": "23217",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23217"
},
{
"name": "18879",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18879"
},
{
"name": "23209",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23209"
},
{
"name": "16648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16648"
},
{
"name": "23212",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23212"
},
{
"name": "23215",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23215"
},
{
"name": "dotproject-multiple-basedir-file-include(24738)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24738"
},
{
"name": "23213",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23213"
},
{
"name": "ADV-2006-0604",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0604"
},
{
"name": "23214",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23214"
},
{
"name": "23218",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23218"
},
{
"name": "23211",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23211"
},
{
"name": "23219",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23219"
},
{
"name": "20060215 Re: dotproject <= 2.0.1 remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425285/100/0/threaded"
}
]
}
}

218
2006/1xxx/CVE-2006-1237.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1237",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in DSNewsletter 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the email parameter to (1) include/sub.php, (2) include/confirm.php, or (3) include/unconfirm.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060324 [eVuln] DSNewsletter SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/428664/100/0/threaded"
},
{
"name" : "http://evuln.com/vulns/97/summary.html",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/97/summary.html"
},
{
"name" : "17111",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17111"
},
{
"name" : "ADV-2006-0931",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0931"
},
{
"name" : "23883",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23883"
},
{
"name" : "23884",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23884"
},
{
"name" : "23885",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23885"
},
{
"name" : "1015757",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015757"
},
{
"name" : "19207",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19207"
},
{
"name" : "623",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/623"
},
{
"name" : "dsnewsletter-email-sql-injection(25188)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25188"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in DSNewsletter 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the email parameter to (1) include/sub.php, (2) include/confirm.php, or (3) include/unconfirm.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19207",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19207"
},
{
"name": "ADV-2006-0931",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0931"
},
{
"name": "17111",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17111"
},
{
"name": "623",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/623"
},
{
"name": "23883",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23883"
},
{
"name": "http://evuln.com/vulns/97/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/97/summary.html"
},
{
"name": "dsnewsletter-email-sql-injection(25188)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25188"
},
{
"name": "1015757",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015757"
},
{
"name": "20060324 [eVuln] DSNewsletter SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/428664/100/0/threaded"
},
{
"name": "23885",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23885"
},
{
"name": "23884",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23884"
}
]
}
}

208
2006/1xxx/CVE-2006-1464.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1464",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickTime MPEG4 (M4P) video format file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1464",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060512 Apple QuickDraw/QuickTime Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/433831/100/0/threaded"
},
{
"name" : "APPLE-SA-2006-05-11",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2006/May/msg00002.html"
},
{
"name" : "TA06-132B",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-132B.html"
},
{
"name" : "VU#587937",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/587937"
},
{
"name" : "17953",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17953"
},
{
"name" : "ADV-2006-1778",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1778"
},
{
"name" : "1016067",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016067"
},
{
"name" : "20069",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20069"
},
{
"name" : "887",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/887"
},
{
"name" : "quicktime-mpeg4-bo(26397)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26397"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickTime MPEG4 (M4P) video format file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#587937",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/587937"
},
{
"name": "20069",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20069"
},
{
"name": "APPLE-SA-2006-05-11",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/May/msg00002.html"
},
{
"name": "1016067",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016067"
},
{
"name": "TA06-132B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-132B.html"
},
{
"name": "quicktime-mpeg4-bo(26397)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26397"
},
{
"name": "887",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/887"
},
{
"name": "17953",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17953"
},
{
"name": "ADV-2006-1778",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1778"
},
{
"name": "20060512 Apple QuickDraw/QuickTime Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433831/100/0/threaded"
}
]
}
}

168
2006/1xxx/CVE-2006-1709.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1709",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in shop_main.cgi in interaktiv.shop 5 allows remote attackers to inject arbitrary web script or HTML via the (1) pn and (2) sbeg parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/04/interaktivshop-v5-xss-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/04/interaktivshop-v5-xss-vuln.html"
},
{
"name" : "17485",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17485"
},
{
"name" : "ADV-2006-1326",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1326"
},
{
"name" : "24557",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24557"
},
{
"name" : "19622",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19622"
},
{
"name" : "interaktiv-shopmain-xss(25739)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25739"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in shop_main.cgi in interaktiv.shop 5 allows remote attackers to inject arbitrary web script or HTML via the (1) pn and (2) sbeg parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "interaktiv-shopmain-xss(25739)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25739"
},
{
"name": "http://pridels0.blogspot.com/2006/04/interaktivshop-v5-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/04/interaktivshop-v5-xss-vuln.html"
},
{
"name": "24557",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24557"
},
{
"name": "19622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19622"
},
{
"name": "ADV-2006-1326",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1326"
},
{
"name": "17485",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17485"
}
]
}
}

268
2006/1xxx/CVE-2006-1856.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1856",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Certain modifications to the Linux kernel 2.6.16 and earlier do not add the appropriate Linux Security Modules (LSM) file_permission hooks to the (1) readv and (2) writev functions, which might allow attackers to bypass intended access restrictions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-1856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[linux-security-module] 20050928 readv/writev syscalls are not checked by lsm",
"refsource" : "MLIST",
"url" : "http://lists.jammed.com/linux-security-module/2005/09/0019.html"
},
{
"name" : "[linux-kernel] 20060426 [PATCH] LSM: add missing hook to do_compat_readv_writev()",
"refsource" : "MLIST",
"url" : "http://www.ussg.iu.edu/hypermail/linux/kernel/0604.3/0777.html"
},
{
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191524",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191524"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm"
},
{
"name" : "DSA-1184",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1184"
},
{
"name" : "MDKSA-2006:123",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:123"
},
{
"name" : "RHSA-2006:0493",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0493.html"
},
{
"name" : "USN-302-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-302-1"
},
{
"name" : "18105",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18105"
},
{
"name" : "25747",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25747"
},
{
"name" : "oval:org.mitre.oval:def:9927",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9927"
},
{
"name" : "20237",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20237"
},
{
"name" : "20716",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20716"
},
{
"name" : "21045",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21045"
},
{
"name" : "21745",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21745"
},
{
"name" : "22093",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22093"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain modifications to the Linux kernel 2.6.16 and earlier do not add the appropriate Linux Security Modules (LSM) file_permission hooks to the (1) readv and (2) writev functions, which might allow attackers to bypass intended access restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm"
},
{
"name": "RHSA-2006:0493",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0493.html"
},
{
"name": "oval:org.mitre.oval:def:9927",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9927"
},
{
"name": "[linux-security-module] 20050928 readv/writev syscalls are not checked by lsm",
"refsource": "MLIST",
"url": "http://lists.jammed.com/linux-security-module/2005/09/0019.html"
},
{
"name": "20716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20716"
},
{
"name": "21745",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21745"
},
{
"name": "USN-302-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-302-1"
},
{
"name": "MDKSA-2006:123",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:123"
},
{
"name": "[linux-kernel] 20060426 [PATCH] LSM: add missing hook to do_compat_readv_writev()",
"refsource": "MLIST",
"url": "http://www.ussg.iu.edu/hypermail/linux/kernel/0604.3/0777.html"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191524",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191524"
},
{
"name": "25747",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25747"
},
{
"name": "21045",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21045"
},
{
"name": "20237",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20237"
},
{
"name": "22093",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22093"
},
{
"name": "DSA-1184",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1184"
},
{
"name": "18105",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18105"
}
]
}
}

188
2006/1xxx/CVE-2006-1878.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1878",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopSites allows remote attackers to inject arbitrary web script or HTML via the page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060415 phpFaber TopSites Script Cross-Site Scripting",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/431073/100/0/threaded"
},
{
"name" : "17542",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17542"
},
{
"name" : "ADV-2006-1394",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1394"
},
{
"name" : "1015945",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015945"
},
{
"name" : "19652",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19652"
},
{
"name" : "719",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/719"
},
{
"name" : "760",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/760"
},
{
"name" : "phpfabertopsites-index-xss(25804)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25804"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopSites allows remote attackers to inject arbitrary web script or HTML via the page parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015945",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015945"
},
{
"name": "760",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/760"
},
{
"name": "719",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/719"
},
{
"name": "19652",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19652"
},
{
"name": "ADV-2006-1394",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1394"
},
{
"name": "phpfabertopsites-index-xss(25804)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25804"
},
{
"name": "17542",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17542"
},
{
"name": "20060415 phpFaber TopSites Script Cross-Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431073/100/0/threaded"
}
]
}
}

208
2006/3xxx/CVE-2006-3817.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3817",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess 6.5 and 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via an encoded SCRIPT element in an e-mail message with the UTF-7 character set, as demonstrated by the \"+ADw-SCRIPT+AD4-\" sequence."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060808 [ISR] - Novell Groupwise Webaccess (Cross-Site Scripting)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/442719/100/100/threaded"
},
{
"name" : "20060808 [ISR] - Novell Groupwise Webaccess (Cross-Site Scripting)",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048593.html"
},
{
"name" : "http://www.infobyte.com.ar/adv/ISR-14.html",
"refsource" : "MISC",
"url" : "http://www.infobyte.com.ar/adv/ISR-14.html"
},
{
"name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974176.htm",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974176.htm"
},
{
"name" : "http://www.novell.com/support/search.do?cmd=displayKC&externalId=3701584&sliceId=SAL_Public",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/search.do?cmd=displayKC&externalId=3701584&sliceId=SAL_Public"
},
{
"name" : "19297",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19297"
},
{
"name" : "ADV-2006-3098",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3098"
},
{
"name" : "1016648",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016648"
},
{
"name" : "21411",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21411"
},
{
"name" : "groupwise-utf7-xss(28211)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28211"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess 6.5 and 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via an encoded SCRIPT element in an e-mail message with the UTF-7 character set, as demonstrated by the \"+ADw-SCRIPT+AD4-\" sequence."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060808 [ISR] - Novell Groupwise Webaccess (Cross-Site Scripting)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442719/100/100/threaded"
},
{
"name": "19297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19297"
},
{
"name": "groupwise-utf7-xss(28211)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28211"
},
{
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974176.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974176.htm"
},
{
"name": "20060808 [ISR] - Novell Groupwise Webaccess (Cross-Site Scripting)",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048593.html"
},
{
"name": "21411",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21411"
},
{
"name": "http://www.novell.com/support/search.do?cmd=displayKC&externalId=3701584&sliceId=SAL_Public",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/search.do?cmd=displayKC&externalId=3701584&sliceId=SAL_Public"
},
{
"name": "ADV-2006-3098",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3098"
},
{
"name": "http://www.infobyte.com.ar/adv/ISR-14.html",
"refsource": "MISC",
"url": "http://www.infobyte.com.ar/adv/ISR-14.html"
},
{
"name": "1016648",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016648"
}
]
}
}

208
2006/4xxx/CVE-2006-4188.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4188",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the LP subsystem in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-184.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-184.htm"
},
{
"name" : "HPSBUX02139",
"refsource" : "HP",
"url" : "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00746980"
},
{
"name" : "SSRT5981",
"refsource" : "HP",
"url" : "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00746980"
},
{
"name" : "19535",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19535"
},
{
"name" : "oval:org.mitre.oval:def:5500",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5500"
},
{
"name" : "ADV-2006-3291",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3291"
},
{
"name" : "1016698",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/alerts/2006/Aug/1016698.html"
},
{
"name" : "21499",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21499"
},
{
"name" : "21898",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21898"
},
{
"name" : "hpux-lpsubsystem-dos(28440)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28440"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the LP subsystem in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT5981",
"refsource": "HP",
"url": "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00746980"
},
{
"name": "hpux-lpsubsystem-dos(28440)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28440"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-184.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-184.htm"
},
{
"name": "21499",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21499"
},
{
"name": "HPSBUX02139",
"refsource": "HP",
"url": "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00746980"
},
{
"name": "21898",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21898"
},
{
"name": "ADV-2006-3291",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3291"
},
{
"name": "19535",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19535"
},
{
"name": "1016698",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/alerts/2006/Aug/1016698.html"
},
{
"name": "oval:org.mitre.oval:def:5500",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5500"
}
]
}
}

188
2006/4xxx/CVE-2006-4191.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4191",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060813 XMB <= 1.9.6 Final basename()/'langfilenew' arbitrary local inclusion / remote commands execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/443167/100/0/threaded"
},
{
"name" : "http://retrogod.altervista.org/xmb_196_sql.html",
"refsource" : "MISC",
"url" : "http://retrogod.altervista.org/xmb_196_sql.html"
},
{
"name" : "2178",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2178"
},
{
"name" : "19501",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19501"
},
{
"name" : "19494",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19494"
},
{
"name" : "21293",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21293"
},
{
"name" : "1411",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1411"
},
{
"name" : "xmb-memcp-file-include(28356)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28356"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21293",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21293"
},
{
"name": "1411",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1411"
},
{
"name": "2178",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2178"
},
{
"name": "19501",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19501"
},
{
"name": "20060813 XMB <= 1.9.6 Final basename()/'langfilenew' arbitrary local inclusion / remote commands execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443167/100/0/threaded"
},
{
"name": "http://retrogod.altervista.org/xmb_196_sql.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/xmb_196_sql.html"
},
{
"name": "xmb-memcp-file-include(28356)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28356"
},
{
"name": "19494",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19494"
}
]
}
}

178
2006/4xxx/CVE-2006-4244.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4244",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-4244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060830 SQL-Ledger serious security vulnerability and workaround",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/444741/100/0/threaded"
},
{
"name" : "20060907 Full Disclosure for SQL-Ledger vulnerability CVE-2006-4244",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445512"
},
{
"name" : "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html&title=What's%20New",
"refsource" : "CONFIRM",
"url" : "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html&title=What's%20New"
},
{
"name" : "19758",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19758"
},
{
"name" : "21689",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21689"
},
{
"name" : "1472",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1472"
},
{
"name" : "sql-ledger-session-unauth-access(28671)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28671"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html&title=What's%20New",
"refsource": "CONFIRM",
"url": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html&title=What's%20New"
},
{
"name": "sql-ledger-session-unauth-access(28671)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28671"
},
{
"name": "19758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19758"
},
{
"name": "21689",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21689"
},
{
"name": "20060830 SQL-Ledger serious security vulnerability and workaround",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444741/100/0/threaded"
},
{
"name": "20060907 Full Disclosure for SQL-Ledger vulnerability CVE-2006-4244",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445512"
},
{
"name": "1472",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1472"
}
]
}
}

148
2010/2xxx/CVE-2010-2042.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2042",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in search.php in ECShop 2.7.2 allows remote attackers to execute arbitrary SQL commands via the encode parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "12702",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/12702"
},
{
"name" : "http://packetstormsecurity.org/1005-exploits/ecshopsearch-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1005-exploits/ecshopsearch-sql.txt"
},
{
"name" : "40338",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40338"
},
{
"name" : "39930",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39930"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in search.php in ECShop 2.7.2 allows remote attackers to execute arbitrary SQL commands via the encode parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/1005-exploits/ecshopsearch-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1005-exploits/ecshopsearch-sql.txt"
},
{
"name": "39930",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39930"
},
{
"name": "40338",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40338"
},
{
"name": "12702",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12702"
}
]
}
}

148
2010/2xxx/CVE-2010-2071.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2071",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the Linux kernel 2.6.34 and earlier does not check file ownership before setting an ACL, which allows local users to bypass file permissions by setting arbitrary ACLs, as demonstrated using setfacl."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[linux-kernel] 20100518 [PATCH] btrfs: should add a permission check for setfacl",
"refsource" : "MLIST",
"url" : "http://lkml.org/lkml/2010/5/17/544"
},
{
"name" : "[oss-security] 20100611 CVE request - kernel: btrfs: prevent users from setting ACLs on files they do not own",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/06/11/3"
},
{
"name" : "[oss-security] 20100614 Re: CVE request - kernel: btrfs: prevent users from setting ACLs on files they do not own",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/06/14/2"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=2f26afba",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=2f26afba"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the Linux kernel 2.6.34 and earlier does not check file ownership before setting an ACL, which allows local users to bypass file permissions by setting arbitrary ACLs, as demonstrated using setfacl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=2f26afba",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=2f26afba"
},
{
"name": "[linux-kernel] 20100518 [PATCH] btrfs: should add a permission check for setfacl",
"refsource": "MLIST",
"url": "http://lkml.org/lkml/2010/5/17/544"
},
{
"name": "[oss-security] 20100614 Re: CVE request - kernel: btrfs: prevent users from setting ACLs on files they do not own",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/06/14/2"
},
{
"name": "[oss-security] 20100611 CVE request - kernel: btrfs: prevent users from setting ACLs on files they do not own",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/06/11/3"
}
]
}
}

148
2010/2xxx/CVE-2010-2584.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2584",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Upload method in the RealPage Module Upload ActiveX control in Realpage.dll 1.0.0.9 in RealPage Module ActiveX Controls does not properly restrict certain property values, which allows remote attackers to read arbitrary files via a filename in the SourceFile property in conjunction with an http URL in the DestURL property."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2010-2584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://secunia.com/secunia_research/2010-118/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2010-118/"
},
{
"name" : "44302",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44302"
},
{
"name" : "68813",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/68813"
},
{
"name" : "41392",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41392"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Upload method in the RealPage Module Upload ActiveX control in Realpage.dll 1.0.0.9 in RealPage Module ActiveX Controls does not properly restrict certain property values, which allows remote attackers to read arbitrary files via a filename in the SourceFile property in conjunction with an http URL in the DestURL property."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41392",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41392"
},
{
"name": "44302",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44302"
},
{
"name": "http://secunia.com/secunia_research/2010-118/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-118/"
},
{
"name": "68813",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/68813"
}
]
}
}

128
2010/2xxx/CVE-2010-2730.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2730",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka \"Request Header Buffer Overflow Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-2730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS10-065",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-065"
},
{
"name" : "oval:org.mitre.oval:def:6933",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6933"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka \"Request Header Buffer Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS10-065",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-065"
},
{
"name": "oval:org.mitre.oval:def:6933",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6933"
}
]
}
}

298
2010/2xxx/CVE-2010-2796.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2796",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when proxy mode is enabled, allows remote attackers to inject arbitrary web script or HTML via a callback URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2796",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://issues.jasig.org/browse/PHPCAS-67",
"refsource" : "CONFIRM",
"url" : "https://issues.jasig.org/browse/PHPCAS-67"
},
{
"name" : "https://wiki.jasig.org/display/CASC/phpCAS+ChangeLog",
"refsource" : "CONFIRM",
"url" : "https://wiki.jasig.org/display/CASC/phpCAS+ChangeLog"
},
{
"name" : "https://forge.indepnet.net/projects/glpi/repository/revisions/12601",
"refsource" : "CONFIRM",
"url" : "https://forge.indepnet.net/projects/glpi/repository/revisions/12601"
},
{
"name" : "DSA-2172",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2172"
},
{
"name" : "FEDORA-2010-12247",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046584.html"
},
{
"name" : "FEDORA-2010-12258",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046576.html"
},
{
"name" : "FEDORA-2010-16905",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html"
},
{
"name" : "FEDORA-2010-16912",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html"
},
{
"name" : "42160",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/42160"
},
{
"name" : "40845",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40845"
},
{
"name" : "41240",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41240"
},
{
"name" : "42149",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42149"
},
{
"name" : "42184",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42184"
},
{
"name" : "43427",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43427"
},
{
"name" : "ADV-2010-2234",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2234"
},
{
"name" : "ADV-2010-2261",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2261"
},
{
"name" : "ADV-2010-2909",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2909"
},
{
"name" : "ADV-2011-0456",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0456"
},
{
"name" : "phpcas-callback-url-xss(60895)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60895"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when proxy mode is enabled, allows remote attackers to inject arbitrary web script or HTML via a callback URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2172",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2172"
},
{
"name": "ADV-2011-0456",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0456"
},
{
"name": "https://issues.jasig.org/browse/PHPCAS-67",
"refsource": "CONFIRM",
"url": "https://issues.jasig.org/browse/PHPCAS-67"
},
{
"name": "41240",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41240"
},
{
"name": "40845",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40845"
},
{
"name": "FEDORA-2010-12258",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046576.html"
},
{
"name": "42160",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42160"
},
{
"name": "ADV-2010-2909",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2909"
},
{
"name": "https://wiki.jasig.org/display/CASC/phpCAS+ChangeLog",
"refsource": "CONFIRM",
"url": "https://wiki.jasig.org/display/CASC/phpCAS+ChangeLog"
},
{
"name": "ADV-2010-2261",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2261"
},
{
"name": "42149",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42149"
},
{
"name": "https://forge.indepnet.net/projects/glpi/repository/revisions/12601",
"refsource": "CONFIRM",
"url": "https://forge.indepnet.net/projects/glpi/repository/revisions/12601"
},
{
"name": "FEDORA-2010-12247",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046584.html"
},
{
"name": "43427",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43427"
},
{
"name": "phpcas-callback-url-xss(60895)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60895"
},
{
"name": "ADV-2010-2234",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2234"
},
{
"name": "FEDORA-2010-16912",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html"
},
{
"name": "FEDORA-2010-16905",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html"
},
{
"name": "42184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42184"
}
]
}
}

168
2010/2xxx/CVE-2010-2928.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2928",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name" : "70859",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70859"
},
{
"name" : "43307",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43307"
},
{
"name" : "8079",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8079"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vCenter Tomcat Management Application in VMware vCenter Server 4.1 before Update 1 stores log-on credentials in a configuration file, which allows local users to gain privileges by reading this file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70859",
"refsource": "OSVDB",
"url": "http://osvdb.org/70859"
},
{
"name": "43307",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43307"
},
{
"name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "8079",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8079"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
}
]
}
}

138
2010/3xxx/CVE-2010-3380.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3380",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) init.d/slurm and (2) init.d/slurmdbd scripts in SLURM before 2.1.14 place the . (dot) directory in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/projects/slurm/files//slurm/version_2.1/2.1.14/RELEASE_NOTES_2.1.14/view",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/projects/slurm/files//slurm/version_2.1/2.1.14/RELEASE_NOTES_2.1.14/view"
},
{
"name" : "43537",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43537"
},
{
"name" : "41614",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41614"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) init.d/slurm and (2) init.d/slurmdbd scripts in SLURM before 2.1.14 place the . (dot) directory in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41614",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41614"
},
{
"name": "43537",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43537"
},
{
"name": "http://sourceforge.net/projects/slurm/files//slurm/version_2.1/2.1.14/RELEASE_NOTES_2.1.14/view",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/slurm/files//slurm/version_2.1/2.1.14/RELEASE_NOTES_2.1.14/view"
}
]
}
}

248
2010/3xxx/CVE-2010-3407.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3407",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar-invitation e-mail message, aka SPR NRBY7ZPJ9V."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100914 ZDI-10-177: IBM Lotus Domino iCalendar MAILTO Stack Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/513706/100/0/threaded"
},
{
"name" : "15005",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15005"
},
{
"name" : "http://labs.mwrinfosecurity.com/files/Advisories/mwri_lotus-domino-ical-stack-overflow_2010-09-14.pdf",
"refsource" : "MISC",
"url" : "http://labs.mwrinfosecurity.com/files/Advisories/mwri_lotus-domino-ical-stack-overflow_2010-09-14.pdf"
},
{
"name" : "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/52f9218288b51dcb852576c600741f72?OpenDocument",
"refsource" : "MISC",
"url" : "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/52f9218288b51dcb852576c600741f72?OpenDocument"
},
{
"name" : "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/613a204806e3f211852576e2006afa3d?OpenDocument",
"refsource" : "MISC",
"url" : "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/613a204806e3f211852576e2006afa3d?OpenDocument"
},
{
"name" : "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/af36678d60bd74288525778400534d7c?OpenDocument",
"refsource" : "MISC",
"url" : "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/af36678d60bd74288525778400534d7c?OpenDocument"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-177/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-177/"
},
{
"name" : "http://labs.mwrinfosecurity.com/advisories/lotus_domino_ical_stack_buffer_overflow/",
"refsource" : "CONFIRM",
"url" : "http://labs.mwrinfosecurity.com/advisories/lotus_domino_ical_stack_buffer_overflow/"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21446515",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21446515"
},
{
"name" : "43219",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43219"
},
{
"name" : "1024448",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024448"
},
{
"name" : "41433",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41433"
},
{
"name" : "ADV-2010-2381",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2381"
},
{
"name" : "lotus-domino-icalendar-bo(61790)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61790"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar-invitation e-mail message, aka SPR NRBY7ZPJ9V."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "lotus-domino-icalendar-bo(61790)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61790"
},
{
"name": "ADV-2010-2381",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2381"
},
{
"name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/af36678d60bd74288525778400534d7c?OpenDocument",
"refsource": "MISC",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/af36678d60bd74288525778400534d7c?OpenDocument"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-177/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-177/"
},
{
"name": "43219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43219"
},
{
"name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/52f9218288b51dcb852576c600741f72?OpenDocument",
"refsource": "MISC",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/52f9218288b51dcb852576c600741f72?OpenDocument"
},
{
"name": "41433",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41433"
},
{
"name": "http://labs.mwrinfosecurity.com/files/Advisories/mwri_lotus-domino-ical-stack-overflow_2010-09-14.pdf",
"refsource": "MISC",
"url": "http://labs.mwrinfosecurity.com/files/Advisories/mwri_lotus-domino-ical-stack-overflow_2010-09-14.pdf"
},
{
"name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/613a204806e3f211852576e2006afa3d?OpenDocument",
"refsource": "MISC",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/613a204806e3f211852576e2006afa3d?OpenDocument"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21446515",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21446515"
},
{
"name": "1024448",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024448"
},
{
"name": "15005",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15005"
},
{
"name": "http://labs.mwrinfosecurity.com/advisories/lotus_domino_ical_stack_buffer_overflow/",
"refsource": "CONFIRM",
"url": "http://labs.mwrinfosecurity.com/advisories/lotus_domino_ical_stack_buffer_overflow/"
},
{
"name": "20100914 ZDI-10-177: IBM Lotus Domino iCalendar MAILTO Stack Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513706/100/0/threaded"
}
]
}
}

138
2010/3xxx/CVE-2010-3412.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3412",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the console implementation in Google Chrome before 6.0.472.59 has unspecified impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3412",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=51919",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=51919"
},
{
"name" : "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html"
},
{
"name" : "oval:org.mitre.oval:def:7354",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7354"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the console implementation in Google Chrome before 6.0.472.59 has unspecified impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/chromium/issues/detail?id=51919",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=51919"
},
{
"name": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html"
},
{
"name": "oval:org.mitre.oval:def:7354",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7354"
}
]
}
}

32
2010/3xxx/CVE-2010-3825.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3825",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3825",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

328
2010/3xxx/CVE-2010-3837.json
View File

@ -1,167 +1,167 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3837",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.mysql.com/bug.php?id=54476",
"refsource" : "CONFIRM",
"url" : "http://bugs.mysql.com/bug.php?id=54476"
},
{
"name" : "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html",
"refsource" : "CONFIRM",
"url" : "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html"
},
{
"name" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html",
"refsource" : "CONFIRM",
"url" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html"
},
{
"name" : "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html",
"refsource" : "CONFIRM",
"url" : "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=640856",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=640856"
},
{
"name" : "http://support.apple.com/kb/HT4723",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4723"
},
{
"name" : "APPLE-SA-2011-06-23-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
},
{
"name" : "DSA-2143",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2143"
},
{
"name" : "MDVSA-2010:222",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:222"
},
{
"name" : "MDVSA-2010:223",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:223"
},
{
"name" : "RHSA-2010:0825",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0825.html"
},
{
"name" : "RHSA-2011:0164",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0164.html"
},
{
"name" : "TLSA-2011-3",
"refsource" : "TURBO",
"url" : "http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt"
},
{
"name" : "USN-1017-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1017-1"
},
{
"name" : "USN-1397-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1397-1"
},
{
"name" : "43676",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43676"
},
{
"name" : "42875",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42875"
},
{
"name" : "42936",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42936"
},
{
"name" : "ADV-2011-0105",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0105"
},
{
"name" : "ADV-2011-0170",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0170"
},
{
"name" : "ADV-2011-0345",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0345"
},
{
"name" : "mysql-prepared-statement-dos(64841)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64841"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html",
"refsource": "CONFIRM",
"url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html"
},
{
"name": "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html",
"refsource": "CONFIRM",
"url": "http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html"
},
{
"name": "USN-1397-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1397-1"
},
{
"name": "http://support.apple.com/kb/HT4723",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4723"
},
{
"name": "42875",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42875"
},
{
"name": "USN-1017-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1017-1"
},
{
"name": "APPLE-SA-2011-06-23-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
},
{
"name": "TLSA-2011-3",
"refsource": "TURBO",
"url": "http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt"
},
{
"name": "ADV-2011-0105",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0105"
},
{
"name": "MDVSA-2010:222",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:222"
},
{
"name": "RHSA-2011:0164",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0164.html"
},
{
"name": "http://bugs.mysql.com/bug.php?id=54476",
"refsource": "CONFIRM",
"url": "http://bugs.mysql.com/bug.php?id=54476"
},
{
"name": "ADV-2011-0170",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0170"
},
{
"name": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html",
"refsource": "CONFIRM",
"url": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html"
},
{
"name": "DSA-2143",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2143"
},
{
"name": "43676",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43676"
},
{
"name": "ADV-2011-0345",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0345"
},
{
"name": "42936",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42936"
},
{
"name": "mysql-prepared-statement-dos(64841)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64841"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=640856",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=640856"
},
{
"name": "RHSA-2010:0825",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0825.html"
},
{
"name": "MDVSA-2010:223",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:223"
}
]
}
}

168
2010/3xxx/CVE-2010-3888.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3888",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.computerworld.com/s/article/9185919/Is_Stuxnet_the_best_malware_ever_",
"refsource" : "MISC",
"url" : "http://www.computerworld.com/s/article/9185919/Is_Stuxnet_the_best_malware_ever_"
},
{
"name" : "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100716",
"refsource" : "MISC",
"url" : "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100716"
},
{
"name" : "http://www.securelist.com/en/blog/2291/Myrtus_and_Guava_Episode_MS10_061",
"refsource" : "MISC",
"url" : "http://www.securelist.com/en/blog/2291/Myrtus_and_Guava_Episode_MS10_061"
},
{
"name" : "http://www.symantec.com/connect/blogs/stuxnet-using-three-additional-zero-day-vulnerabilities",
"refsource" : "MISC",
"url" : "http://www.symantec.com/connect/blogs/stuxnet-using-three-additional-zero-day-vulnerabilities"
},
{
"name" : "http://www.virusbtn.com/conference/vb2010/abstracts/LastMinute7.xml",
"refsource" : "MISC",
"url" : "http://www.virusbtn.com/conference/vb2010/abstracts/LastMinute7.xml"
},
{
"name" : "http://www.virusbtn.com/conference/vb2010/abstracts/LastMinute8.xml",
"refsource" : "MISC",
"url" : "http://www.virusbtn.com/conference/vb2010/abstracts/LastMinute8.xml"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.virusbtn.com/conference/vb2010/abstracts/LastMinute7.xml",
"refsource": "MISC",
"url": "http://www.virusbtn.com/conference/vb2010/abstracts/LastMinute7.xml"
},
{
"name": "http://www.symantec.com/connect/blogs/stuxnet-using-three-additional-zero-day-vulnerabilities",
"refsource": "MISC",
"url": "http://www.symantec.com/connect/blogs/stuxnet-using-three-additional-zero-day-vulnerabilities"
},
{
"name": "http://www.computerworld.com/s/article/9185919/Is_Stuxnet_the_best_malware_ever_",
"refsource": "MISC",
"url": "http://www.computerworld.com/s/article/9185919/Is_Stuxnet_the_best_malware_ever_"
},
{
"name": "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100716",
"refsource": "MISC",
"url": "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100716"
},
{
"name": "http://www.virusbtn.com/conference/vb2010/abstracts/LastMinute8.xml",
"refsource": "MISC",
"url": "http://www.virusbtn.com/conference/vb2010/abstracts/LastMinute8.xml"
},
{
"name": "http://www.securelist.com/en/blog/2291/Myrtus_and_Guava_Episode_MS10_061",
"refsource": "MISC",
"url": "http://www.securelist.com/en/blog/2291/Myrtus_and_Guava_Episode_MS10_061"
}
]
}
}

338
2010/4xxx/CVE-2010-4300.json
View File

@ -1,172 +1,172 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4300",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an LDSS packet with a long digest line that triggers memory corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15676",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15676"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2010-14.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2010-14.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5318",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5318"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2010-13.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2010-13.html"
},
{
"name" : "http://blogs.sun.com/security/entry/buffer_overflow_vulnerability_in_wireshark",
"refsource" : "CONFIRM",
"url" : "http://blogs.sun.com/security/entry/buffer_overflow_vulnerability_in_wireshark"
},
{
"name" : "MDVSA-2010:242",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:242"
},
{
"name" : "RHSA-2010:0924",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0924.html"
},
{
"name" : "SUSE-SR:2011:001",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
},
{
"name" : "SUSE-SR:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name" : "44987",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44987"
},
{
"name" : "69354",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/69354"
},
{
"name" : "oval:org.mitre.oval:def:14287",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14287"
},
{
"name" : "1024762",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024762"
},
{
"name" : "42290",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42290"
},
{
"name" : "42411",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42411"
},
{
"name" : "42877",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42877"
},
{
"name" : "43068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43068"
},
{
"name" : "ADV-2010-3038",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3038"
},
{
"name" : "ADV-2010-3068",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3068"
},
{
"name" : "ADV-2010-3093",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3093"
},
{
"name" : "ADV-2011-0076",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0076"
},
{
"name" : "ADV-2011-0212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name" : "ADV-2011-0404",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0404"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an LDSS packet with a long digest line that triggers memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5318",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5318"
},
{
"name": "SUSE-SR:2011:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
},
{
"name": "http://blogs.sun.com/security/entry/buffer_overflow_vulnerability_in_wireshark",
"refsource": "CONFIRM",
"url": "http://blogs.sun.com/security/entry/buffer_overflow_vulnerability_in_wireshark"
},
{
"name": "ADV-2010-3093",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3093"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "42290",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42290"
},
{
"name": "1024762",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024762"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "ADV-2010-3068",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3068"
},
{
"name": "69354",
"refsource": "OSVDB",
"url": "http://osvdb.org/69354"
},
{
"name": "42877",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42877"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "RHSA-2010:0924",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0924.html"
},
{
"name": "15676",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15676"
},
{
"name": "ADV-2011-0404",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0404"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2010-14.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2010-14.html"
},
{
"name": "ADV-2011-0076",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0076"
},
{
"name": "oval:org.mitre.oval:def:14287",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14287"
},
{
"name": "MDVSA-2010:242",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:242"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2010-13.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2010-13.html"
},
{
"name": "ADV-2010-3038",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3038"
},
{
"name": "42411",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42411"
},
{
"name": "44987",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44987"
}
]
}
}

178
2010/4xxx/CVE-2010-4399.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4399",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the CHG_DYNPG_SET_LANGUAGE parameter to index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15646",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15646"
},
{
"name" : "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt"
},
{
"name" : "http://www.htbridge.ch/advisory/lfi_in_dynpg.html",
"refsource" : "MISC",
"url" : "http://www.htbridge.ch/advisory/lfi_in_dynpg.html"
},
{
"name" : "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update&read_article=226",
"refsource" : "CONFIRM",
"url" : "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update&read_article=226"
},
{
"name" : "45115",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45115"
},
{
"name" : "69539",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/69539"
},
{
"name" : "42380",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42380"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in languages.inc.php in DynPG CMS 4.1.1 and 4.2.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the CHG_DYNPG_SET_LANGUAGE parameter to index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update&read_article=226",
"refsource": "CONFIRM",
"url": "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update&read_article=226"
},
{
"name": "45115",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45115"
},
{
"name": "42380",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42380"
},
{
"name": "69539",
"refsource": "OSVDB",
"url": "http://osvdb.org/69539"
},
{
"name": "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt"
},
{
"name": "http://www.htbridge.ch/advisory/lfi_in_dynpg.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/lfi_in_dynpg.html"
},
{
"name": "15646",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15646"
}
]
}
}

148
2010/4xxx/CVE-2010-4491.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4491",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 8.0.552.215 does not properly restrict privileged extensions, which allows remote attackers to cause a denial of service (memory corruption) via a crafted extension."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=62168",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=62168"
},
{
"name" : "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html"
},
{
"name" : "oval:org.mitre.oval:def:11991",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11991"
},
{
"name" : "42472",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42472"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 8.0.552.215 does not properly restrict privileged extensions, which allows remote attackers to cause a denial of service (memory corruption) via a crafted extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:11991",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11991"
},
{
"name": "42472",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42472"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=62168",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=62168"
},
{
"name": "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html"
}
]
}
}

148
2010/4xxx/CVE-2010-4808.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4808",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Webmatic allows remote attackers to execute arbitrary SQL commands via the p parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15517",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15517"
},
{
"name" : "http://packetstormsecurity.org/files/view/95827/webmatic-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/view/95827/webmatic-sql.txt"
},
{
"name" : "44863",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44863"
},
{
"name" : "webmatic-index-sql-injection(63241)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63241"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Webmatic allows remote attackers to execute arbitrary SQL commands via the p parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "webmatic-index-sql-injection(63241)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63241"
},
{
"name": "15517",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15517"
},
{
"name": "44863",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44863"
},
{
"name": "http://packetstormsecurity.org/files/view/95827/webmatic-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/95827/webmatic-sql.txt"
}
]
}
}

32
2011/1xxx/CVE-2011-1614.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1614",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1614",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2011/1xxx/CVE-2011-1644.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1644",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1644",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

148
2011/1xxx/CVE-2011-1662.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1662",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/1111174",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1111174"
},
{
"name" : "47098",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47098"
},
{
"name" : "43950",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43950"
},
{
"name" : "transalation-unspecified-xss(66475)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66475"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "transalation-unspecified-xss(66475)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66475"
},
{
"name": "http://drupal.org/node/1111174",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1111174"
},
{
"name": "43950",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43950"
},
{
"name": "47098",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47098"
}
]
}
}

198
2011/1xxx/CVE-2011-1736.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1736",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to read arbitrary files via directory traversal sequences in a filename in a GET_FILE message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2011-1736",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110429 ZDI-11-152: HP Data Protector Backup Client Service GET_FILE Directory Traversal Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/517772/100/0/threaded"
},
{
"name" : "http://zerodayinitiative.com/advisories/ZDI-11-152/",
"refsource" : "MISC",
"url" : "http://zerodayinitiative.com/advisories/ZDI-11-152/"
},
{
"name" : "HPSBMA02668",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240"
},
{
"name" : "SSRT100474",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240"
},
{
"name" : "47638",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47638"
},
{
"name" : "72195",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/72195"
},
{
"name" : "1025454",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025454"
},
{
"name" : "44402",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44402"
},
{
"name" : "openview-data-code-exec(67209)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67209"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to read arbitrary files via directory traversal sequences in a filename in a GET_FILE message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110429 ZDI-11-152: HP Data Protector Backup Client Service GET_FILE Directory Traversal Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517772/100/0/threaded"
},
{
"name": "72195",
"refsource": "OSVDB",
"url": "http://osvdb.org/72195"
},
{
"name": "47638",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47638"
},
{
"name": "HPSBMA02668",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240"
},
{
"name": "SSRT100474",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240"
},
{
"name": "openview-data-code-exec(67209)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67209"
},
{
"name": "44402",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44402"
},
{
"name": "1025454",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025454"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-152/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-152/"
}
]
}
}

188
2011/1xxx/CVE-2011-1769.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1769",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SystemTap 1.4 and earlier, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs context variable access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110520 systemtap divide-by-zero issues (CVE-2011-1769, CVE-2011-1781)",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/05/20/2"
},
{
"name" : "http://sourceware.org/git/?p=systemtap.git;a=commit;h=fa2e3415185a28542d419a641ecd6cddd52e3cd9",
"refsource" : "CONFIRM",
"url" : "http://sourceware.org/git/?p=systemtap.git;a=commit;h=fa2e3415185a28542d419a641ecd6cddd52e3cd9"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=702687",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=702687"
},
{
"name" : "MDVSA-2011:154",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:154"
},
{
"name" : "MDVSA-2011:155",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:155"
},
{
"name" : "RHSA-2011:0842",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2011-0842.html"
},
{
"name" : "47934",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47934"
},
{
"name" : "44802",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44802"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SystemTap 1.4 and earlier, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs context variable access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44802",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44802"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=702687",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=702687"
},
{
"name": "http://sourceware.org/git/?p=systemtap.git;a=commit;h=fa2e3415185a28542d419a641ecd6cddd52e3cd9",
"refsource": "CONFIRM",
"url": "http://sourceware.org/git/?p=systemtap.git;a=commit;h=fa2e3415185a28542d419a641ecd6cddd52e3cd9"
},
{
"name": "47934",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47934"
},
{
"name": "MDVSA-2011:154",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:154"
},
{
"name": "MDVSA-2011:155",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:155"
},
{
"name": "RHSA-2011:0842",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2011-0842.html"
},
{
"name": "[oss-security] 20110520 systemtap divide-by-zero issues (CVE-2011-1769, CVE-2011-1781)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/05/20/2"
}
]
}
}

128
2011/5xxx/CVE-2011-5115.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5115",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in DLGuard, possibly 4.6 and earlier, allows remote attackers to inject arbitrary web script or HTML via the searchCart parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5115",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/files/106859/dlguardshoppingcart-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/106859/dlguardshoppingcart-xss.txt"
},
{
"name" : "46855",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46855"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in DLGuard, possibly 4.6 and earlier, allows remote attackers to inject arbitrary web script or HTML via the searchCart parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46855",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46855"
},
{
"name": "http://packetstormsecurity.org/files/106859/dlguardshoppingcart-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/106859/dlguardshoppingcart-xss.txt"
}
]
}
}

148
2011/5xxx/CVE-2011-5219.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5219",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in examples/show_code.php in mPDF 5.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18248",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18248"
},
{
"name" : "77939",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/77939"
},
{
"name" : "47262",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47262"
},
{
"name" : "mpdf-showcode-dir-traversal(71862)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71862"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in examples/show_code.php in mPDF 5.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "77939",
"refsource": "OSVDB",
"url": "http://osvdb.org/77939"
},
{
"name": "47262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47262"
},
{
"name": "18248",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18248"
},
{
"name": "mpdf-showcode-dir-traversal(71862)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71862"
}
]
}
}

148
2014/3xxx/CVE-2014-3296.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3296",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The XML programmatic interface (XML PI) in Cisco WebEx Meeting Server 1.5(.1.131) and earlier allows remote authenticated users to obtain sensitive meeting information via a crafted URL, aka Bug ID CSCum03527."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34663",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34663"
},
{
"name" : "20140619 Cisco WebEx Meeting Server Sensitive Information Disclosure Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3296"
},
{
"name" : "68118",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68118"
},
{
"name" : "59263",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59263"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XML programmatic interface (XML PI) in Cisco WebEx Meeting Server 1.5(.1.131) and earlier allows remote authenticated users to obtain sensitive meeting information via a crafted URL, aka Bug ID CSCum03527."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34663",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34663"
},
{
"name": "59263",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59263"
},
{
"name": "68118",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68118"
},
{
"name": "20140619 Cisco WebEx Meeting Server Sensitive Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3296"
}
]
}
}

168
2014/3xxx/CVE-2014-3343.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3343",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (DHCPv6 daemon crash) via a malformed DHCPv6 packet, aka Bug ID CSCuo59052."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35651",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35651"
},
{
"name" : "20140908 Cisco IOS XR Software DHCPv6 Denial Of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3343"
},
{
"name" : "69667",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69667"
},
{
"name" : "1030816",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030816"
},
{
"name" : "60122",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60122"
},
{
"name" : "ciscoiosxr-cve20143343-dos(95781)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95781"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (DHCPv6 daemon crash) via a malformed DHCPv6 packet, aka Bug ID CSCuo59052."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35651",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35651"
},
{
"name": "60122",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60122"
},
{
"name": "20140908 Cisco IOS XR Software DHCPv6 Denial Of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3343"
},
{
"name": "1030816",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030816"
},
{
"name": "69667",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69667"
},
{
"name": "ciscoiosxr-cve20143343-dos(95781)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95781"
}
]
}
}

32
2014/3xxx/CVE-2014-3592.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3592",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3592",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

158
2014/3xxx/CVE-2014-3810.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3810",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-4333."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140618 SQL Injection in Dolphin",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/532468/100/0/threaded"
},
{
"name" : "https://www.htbridge.com/advisory/HTB23216",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23216"
},
{
"name" : "http://packetstormsecurity.com/files/127148/Dolphin-7.1.4-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127148/Dolphin-7.1.4-SQL-Injection.html"
},
{
"name" : "http://www.boonex.com/forums/topic/Medium-Risk-Security-Vulnerability-in-Dolphin-7-1.htm",
"refsource" : "CONFIRM",
"url" : "http://www.boonex.com/forums/topic/Medium-Risk-Security-Vulnerability-in-Dolphin-7-1.htm"
},
{
"name" : "68091",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68091"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-4333."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127148/Dolphin-7.1.4-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127148/Dolphin-7.1.4-SQL-Injection.html"
},
{
"name": "68091",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68091"
},
{
"name": "20140618 SQL Injection in Dolphin",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532468/100/0/threaded"
},
{
"name": "https://www.htbridge.com/advisory/HTB23216",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23216"
},
{
"name": "http://www.boonex.com/forums/topic/Medium-Risk-Security-Vulnerability-in-Dolphin-7-1.htm",
"refsource": "CONFIRM",
"url": "http://www.boonex.com/forums/topic/Medium-Risk-Security-Vulnerability-in-Dolphin-7-1.htm"
}
]
}
}

138
2014/7xxx/CVE-2014-7393.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7393",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The 100 Beauty Tips (aka com.ww100BeautyTipsApp) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#613121",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/613121"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The 100 Beauty Tips (aka com.ww100BeautyTipsApp) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#613121",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/613121"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

138
2014/7xxx/CVE-2014-7763.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7763",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Listen up! mirucho (aka jp.ameba.kiiteyo.android) application 1.1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#446977",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/446977"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Listen up! mirucho (aka jp.ameba.kiiteyo.android) application 1.1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#446977",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/446977"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

158
2014/8xxx/CVE-2014-8068.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8068",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Digital Editions (DE) 4 does not use encryption for transmission of data to adelogs.adobe.com, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by book-navigation information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2014-8068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://the-digital-reader.com/2014/10/06/adobe-spying-users-collecting-data-ebook-libraries/",
"refsource" : "MISC",
"url" : "http://the-digital-reader.com/2014/10/06/adobe-spying-users-collecting-data-ebook-libraries/"
},
{
"name" : "http://arstechnica.com/security/2014/10/adobes-e-book-reader-sends-your-reading-logs-back-to-adobe-in-plain-text/",
"refsource" : "CONFIRM",
"url" : "http://arstechnica.com/security/2014/10/adobes-e-book-reader-sends-your-reading-logs-back-to-adobe-in-plain-text/"
},
{
"name" : "http://twitter.com/AdobeSecurity/statuses/519826275008282624",
"refsource" : "CONFIRM",
"url" : "http://twitter.com/AdobeSecurity/statuses/519826275008282624"
},
{
"name" : "61551",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61551"
},
{
"name" : "adobe-digital-cve20148068-info-disc(97696)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97696"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Digital Editions (DE) 4 does not use encryption for transmission of data to adelogs.adobe.com, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by book-navigation information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "adobe-digital-cve20148068-info-disc(97696)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97696"
},
{
"name": "http://the-digital-reader.com/2014/10/06/adobe-spying-users-collecting-data-ebook-libraries/",
"refsource": "MISC",
"url": "http://the-digital-reader.com/2014/10/06/adobe-spying-users-collecting-data-ebook-libraries/"
},
{
"name": "http://twitter.com/AdobeSecurity/statuses/519826275008282624",
"refsource": "CONFIRM",
"url": "http://twitter.com/AdobeSecurity/statuses/519826275008282624"
},
{
"name": "http://arstechnica.com/security/2014/10/adobes-e-book-reader-sends-your-reading-logs-back-to-adobe-in-plain-text/",
"refsource": "CONFIRM",
"url": "http://arstechnica.com/security/2014/10/adobes-e-book-reader-sends-your-reading-logs-back-to-adobe-in-plain-text/"
},
{
"name": "61551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61551"
}
]
}
}

32
2014/8xxx/CVE-2014-8161.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8161",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8161",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2014/8xxx/CVE-2014-8285.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8285",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-8285",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

32
2014/8xxx/CVE-2014-8322.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8322",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8322",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2014/9xxx/CVE-2014-9080.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9080",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9080",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2014/9xxx/CVE-2014-9132.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9132",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9132",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2014/9xxx/CVE-2014-9214.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9214",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9214",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2016/2xxx/CVE-2016-2239.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2239",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2239",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

298
2016/2xxx/CVE-2016-2549.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2549",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160119 Security bugs in Linux kernel sound subsystem",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/01/19/1"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2ba1fe7a06d3624f9a7586d672b55f08f7c670f3",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2ba1fe7a06d3624f9a7586d672b55f08f7c670f3"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1311570",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1311570"
},
{
"name" : "https://github.com/torvalds/linux/commit/2ba1fe7a06d3624f9a7586d672b55f08f7c670f3",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/2ba1fe7a06d3624f9a7586d672b55f08f7c670f3"
},
{
"name" : "DSA-3503",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3503"
},
{
"name" : "SUSE-SU-2016:2074",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name" : "SUSE-SU-2016:0911",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html"
},
{
"name" : "SUSE-SU-2016:1102",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html"
},
{
"name" : "USN-2967-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2967-1"
},
{
"name" : "USN-2967-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2967-2"
},
{
"name" : "USN-2929-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2929-1"
},
{
"name" : "USN-2929-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2929-2"
},
{
"name" : "USN-2930-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2930-1"
},
{
"name" : "USN-2930-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2930-2"
},
{
"name" : "USN-2930-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2930-3"
},
{
"name" : "USN-2931-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2931-1"
},
{
"name" : "USN-2932-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2932-1"
},
{
"name" : "83382",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/83382"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2930-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2930-1"
},
{
"name": "83382",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83382"
},
{
"name": "USN-2967-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2967-1"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1"
},
{
"name": "USN-2930-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2930-2"
},
{
"name": "https://github.com/torvalds/linux/commit/2ba1fe7a06d3624f9a7586d672b55f08f7c670f3",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/2ba1fe7a06d3624f9a7586d672b55f08f7c670f3"
},
{
"name": "DSA-3503",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3503"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1311570",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311570"
},
{
"name": "USN-2967-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2967-2"
},
{
"name": "[oss-security] 20160119 Security bugs in Linux kernel sound subsystem",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/19/1"
},
{
"name": "USN-2930-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2930-3"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2ba1fe7a06d3624f9a7586d672b55f08f7c670f3",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2ba1fe7a06d3624f9a7586d672b55f08f7c670f3"
},
{
"name": "SUSE-SU-2016:1102",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html"
},
{
"name": "USN-2929-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2929-1"
},
{
"name": "USN-2932-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2932-1"
},
{
"name": "SUSE-SU-2016:2074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name": "USN-2931-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2931-1"
},
{
"name": "USN-2929-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2929-2"
},
{
"name": "SUSE-SU-2016:0911",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html"
}
]
}
}

32
2016/2xxx/CVE-2016-2602.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2602",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2602",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

32
2016/6xxx/CVE-2016-6196.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6196",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6196",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2016/6xxx/CVE-2016-6867.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6867",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6867",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

200
2016/7xxx/CVE-2016-7078.json
View File

@ -1,103 +1,103 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "anemec@redhat.com",
"ID" : "CVE-2016-7078",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "foreman",
"version" : {
"version_data" : [
{
"version_value" : "1.15.0"
}
]
}
}
]
},
"vendor_name" : "Foreman"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_ organizations/locations, they are able to view all resources instead of none (mirroring an administrator's view). The user's actions are still limited by their assigned permissions, e.g. to control viewing, editing and deletion."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version" : "3.0"
}
],
[
{
"vectorString" : "3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version" : "2.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-285"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-7078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "foreman",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
}
]
},
"vendor_name": "Foreman"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170222 CVE-2016-7078: Foreman organization/location authorization vulnerability",
"refsource" : "MLIST",
"url" : "https://seclists.org/oss-sec/2017/q1/470"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7078",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7078"
},
{
"name" : "https://github.com/theforeman/foreman/commit/5f606e11cf39719bf62f8b1f3396861b32387905",
"refsource" : "CONFIRM",
"url" : "https://github.com/theforeman/foreman/commit/5f606e11cf39719bf62f8b1f3396861b32387905"
},
{
"name" : "https://projects.theforeman.org/issues/16982",
"refsource" : "CONFIRM",
"url" : "https://projects.theforeman.org/issues/16982"
},
{
"name" : "https://theforeman.org/security.html#2016-7078",
"refsource" : "CONFIRM",
"url" : "https://theforeman.org/security.html#2016-7078"
},
{
"name" : "96385",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96385"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_ organizations/locations, they are able to view all resources instead of none (mirroring an administrator's view). The user's actions are still limited by their assigned permissions, e.g. to control viewing, editing and deletion."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
[
{
"vectorString": "3.5/AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/theforeman/foreman/commit/5f606e11cf39719bf62f8b1f3396861b32387905",
"refsource": "CONFIRM",
"url": "https://github.com/theforeman/foreman/commit/5f606e11cf39719bf62f8b1f3396861b32387905"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7078",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7078"
},
{
"name": "96385",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96385"
},
{
"name": "https://theforeman.org/security.html#2016-7078",
"refsource": "CONFIRM",
"url": "https://theforeman.org/security.html#2016-7078"
},
{
"name": "https://projects.theforeman.org/issues/16982",
"refsource": "CONFIRM",
"url": "https://projects.theforeman.org/issues/16982"
},
{
"name": "[oss-security] 20170222 CVE-2016-7078: Foreman organization/location authorization vulnerability",
"refsource": "MLIST",
"url": "https://seclists.org/oss-sec/2017/q1/470"
}
]
}
}

148
2016/7xxx/CVE-2016-7233.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2016-7233",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20161108 Microsoft Office Out-of-Bounds Read Information Leak Vulnerability",
"refsource" : "IDEFENSE",
"url" : "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1232"
},
{
"name" : "MS16-133",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name" : "94031",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94031"
},
{
"name" : "1037246",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037246"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka \"Microsoft Office Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20161108 Microsoft Office Out-of-Bounds Read Information Leak Vulnerability",
"refsource": "IDEFENSE",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1232"
},
{
"name": "MS16-133",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-133"
},
{
"name": "94031",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94031"
},
{
"name": "1037246",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037246"
}
]
}
}

138
2016/7xxx/CVE-2016-7468.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "f5sirt@f5.com",
"ID" : "CVE-2016-7468",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, PEM, PSM,",
"version" : {
"version_data" : [
{
"version_value" : "11.4.1 - 11.5.4"
}
]
}
}
]
},
"vendor_name" : "F5 Networks"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An unauthenticated remote attacker may be able to disrupt services on F5 BIG-IP 11.4.1 - 11.5.4 devices with maliciously crafted network traffic. This vulnerability affects virtual servers associated with TCP profiles when the BIG-IP system's tm.tcpprogressive db variable value is set to non-default setting \"enabled\". The default value for the tm.tcpprogressive db variable is \"negotiate\". An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "denial of service"
}
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2016-7468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, PEM, PSM,",
"version": {
"version_data": [
{
"version_value": "11.4.1 - 11.5.4"
}
]
}
}
]
},
"vendor_name": "F5 Networks"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.f5.com/csp/article/K13053402",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/csp/article/K13053402"
},
{
"name" : "97119",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97119"
},
{
"name" : "1038121",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038121"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unauthenticated remote attacker may be able to disrupt services on F5 BIG-IP 11.4.1 - 11.5.4 devices with maliciously crafted network traffic. This vulnerability affects virtual servers associated with TCP profiles when the BIG-IP system's tm.tcpprogressive db variable value is set to non-default setting \"enabled\". The default value for the tm.tcpprogressive db variable is \"negotiate\". An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97119",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97119"
},
{
"name": "1038121",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038121"
},
{
"name": "https://support.f5.com/csp/article/K13053402",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K13053402"
}
]
}
}

178
2016/7xxx/CVE-2016-7843.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2016-7843",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "AttacheCase for Java",
"version" : {
"version_data" : [
{
"version_value" : "Ver0.60 and earlier"
}
]
}
},
{
"product_name" : "AttacheCase Lite",
"version" : {
"version_data" : [
{
"version_value" : "Ver1.4.6 and earlier"
}
]
}
},
{
"product_name" : "AttacheCase Pro",
"version" : {
"version_data" : [
{
"version_value" : "Ver1.5.7 and earlier"
}
]
}
}
]
},
"vendor_name" : "MaruUo Factory"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in AttacheCase for Java 0.60 and earlier, AttacheCase Lite 1.4.6 and earlier, and AttacheCase Pro 1.5.7 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Directory traversal"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AttacheCase for Java",
"version": {
"version_data": [
{
"version_value": "Ver0.60 and earlier"
}
]
}
},
{
"product_name": "AttacheCase Lite",
"version": {
"version_data": [
{
"version_value": "Ver1.4.6 and earlier"
}
]
}
},
{
"product_name": "AttacheCase Pro",
"version": {
"version_data": [
{
"version_value": "Ver1.5.7 and earlier"
}
]
}
}
]
},
"vendor_name": "MaruUo Factory"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://maruuofactory.life.coocan.jp/attachecase/#pathTraversal",
"refsource" : "MISC",
"url" : "http://maruuofactory.life.coocan.jp/attachecase/#pathTraversal"
},
{
"name" : "JVN#28331227",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN28331227/index.html"
},
{
"name" : "95445",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95445"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in AttacheCase for Java 0.60 and earlier, AttacheCase Lite 1.4.6 and earlier, and AttacheCase Pro 1.5.7 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#28331227",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN28331227/index.html"
},
{
"name": "95445",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95445"
},
{
"name": "http://maruuofactory.life.coocan.jp/attachecase/#pathTraversal",
"refsource": "MISC",
"url": "http://maruuofactory.life.coocan.jp/attachecase/#pathTraversal"
}
]
}
}

174
2017/5xxx/CVE-2017-5650.json
View File

@ -1,90 +1,90 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"ID" : "CVE-2017-5650",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Tomcat",
"version" : {
"version_data" : [
{
"version_value" : "9.0.0.M1 to 9.0.0.M18"
},
{
"version_value" : "8.5.0 to 8.5.12"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These waiting streams each consumed a thread. A malicious client could therefore construct a series of HTTP/2 requests that would consume all available processing threads."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2017-5650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Tomcat",
"version": {
"version_data": [
{
"version_value": "9.0.0.M1 to 9.0.0.M18"
},
{
"version_value": "8.5.0 to 8.5.12"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[users] 20170410 [SECURITY] CVE-2017-5650 Apache Tomcat Denial of Service",
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/d24303fb095db072740d8154b0f0db3f2b8f67bc91a0562dbe89c738@%3Cannounce.tomcat.apache.org%3E"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180614-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180614-0001/"
},
{
"name" : "GLSA-201705-09",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201705-09"
},
{
"name" : "97531",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97531"
},
{
"name" : "1038217",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038217"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These waiting streams each consumed a thread. A malicious client could therefore construct a series of HTTP/2 requests that would consume all available processing threads."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97531",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97531"
},
{
"name": "GLSA-201705-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-09"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180614-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180614-0001/"
},
{
"name": "1038217",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038217"
},
{
"name": "[users] 20170410 [SECURITY] CVE-2017-5650 Apache Tomcat Denial of Service",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/d24303fb095db072740d8154b0f0db3f2b8f67bc91a0562dbe89c738@%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}
}

32
2017/5xxx/CVE-2017-5724.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5724",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5724",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}