admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:31:07 +00:00
parent fa5e84dff8
commit ff32daf8be
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
56 changed files with 4500 additions and 4500 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

158
2006/0xxx/CVE-2006-0028.json
View File

@ -1,141 +1,141 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0028",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-0028",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers."
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060314 ZDI-06-004: Microsoft Excel File Format Parsing Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/427632/100/0/threaded"
"name": "ADV-2006-0950",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0950"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-06-004.html",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-06-004.html"
"name": "oval:org.mitre.oval:def:1411",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1411"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm"
"name": "oval:org.mitre.oval:def:1509",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1509"
},
{
"name" : "MS06-012",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-012"
"name": "oval:org.mitre.oval:def:1158",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1158"
},
{
"name" : "TA06-073A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-073A.html"
"name": "583",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/583"
},
{
"name" : "VU#339878",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/339878"
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm"
},
{
"name" : "ADV-2006-0950",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0950"
"name": "19238",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19238"
},
{
"name" : "23899",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23899"
"name": "VU#339878",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/339878"
},
{
"name" : "oval:org.mitre.oval:def:1158",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1158"
"name": "TA06-073A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-073A.html"
},
{
"name" : "oval:org.mitre.oval:def:1411",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1411"
"name": "19138",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19138"
},
{
"name" : "oval:org.mitre.oval:def:1509",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1509"
"name": "20060314 ZDI-06-004: Microsoft Excel File Format Parsing Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427632/100/0/threaded"
},
{
"name" : "oval:org.mitre.oval:def:1635",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1635"
"name": "1015766",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015766"
},
{
"name" : "1015766",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015766"
"name": "23899",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23899"
},
{
"name" : "19138",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19138"
"name": "oval:org.mitre.oval:def:1635",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1635"
},
{
"name" : "19238",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19238"
"name": "MS06-012",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-012"
},
{
"name" : "583",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/583"
"name": "excel-parsing-format-file-bo(25225)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25225"
},
{
"name" : "excel-parsing-format-file-bo(25225)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25225"
"name": "http://www.zerodayinitiative.com/advisories/ZDI-06-004.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-004.html"
}
]
}

104
2006/0xxx/CVE-2006-0774.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0774",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0774",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in deleteSession() in DB_eSession library 1.0.2 and earlier, as used in multiple products, allows remote attackers to execute arbitrary SQL commands via the $_sess_id_set variable, which is usually derived from PHPSESSID."
"lang": "eng",
"value": "SQL injection vulnerability in deleteSession() in DB_eSession library 1.0.2 and earlier, as used in multiple products, allows remote attackers to execute arbitrary SQL commands via the $_sess_id_set variable, which is usually derived from PHPSESSID."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060211 DB_eSession deleteSession() SQL injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/424819/100/0/threaded"
"name": "16598",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16598"
},
{
"name" : "20060501 Re: DB_eSession deleteSession() SQL injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/433132/30/5160/threaded"
"name": "20060211 DB_eSession deleteSession() SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424819/100/0/threaded"
},
{
"name" : "http://www.gulftech.org/?node=research&article_id=00099-02112006",
"refsource" : "MISC",
"url" : "http://www.gulftech.org/?node=research&article_id=00099-02112006"
"name": "ADV-2006-0528",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0528"
},
{
"name" : "16598",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16598"
"name": "dbesession-deletesession-sql-injection(24673)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24673"
},
{
"name" : "ADV-2006-0528",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0528"
"name": "20060501 Re: DB_eSession deleteSession() SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433132/30/5160/threaded"
},
{
"name" : "23104",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23104"
"name": "http://www.gulftech.org/?node=research&article_id=00099-02112006",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research&article_id=00099-02112006"
},
{
"name" : "18805",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18805"
"name": "18805",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18805"
},
{
"name" : "dbesession-deletesession-sql-injection(24673)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24673"
"name": "23104",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23104"
}
]
}

92
2006/1xxx/CVE-2006-1351.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1351",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1351",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "BEA WebLogic Server 6.1 SP7 and earlier allows remote attackers to read arbitrary files via unknown attack vectors related to a \"default internal servlet\" accessed through HTTP."
"lang": "eng",
"value": "BEA WebLogic Server 6.1 SP7 and earlier allows remote attackers to read arbitrary files via unknown attack vectors related to a \"default internal servlet\" accessed through HTTP."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "BEA06-120.00",
"refsource" : "BEA",
"url" : "http://dev2dev.bea.com/pub/advisory/180"
"name": "1015792",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015792"
},
{
"name" : "17166",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17166"
"name": "weblogic-server-default-servlet(25347)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25347"
},
{
"name" : "ADV-2006-1021",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1021"
"name": "BEA06-120.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/180"
},
{
"name" : "1015792",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015792"
"name": "19310",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19310"
},
{
"name" : "19310",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19310"
"name": "ADV-2006-1021",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1021"
},
{
"name" : "weblogic-server-default-servlet(25347)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25347"
"name": "17166",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17166"
}
]
}

86
2006/1xxx/CVE-2006-1434.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1434",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1434",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in inscription.php in Annuaire (Directory) 1.0 allows remote attackers to inject arbitrary web script or HTML via the Comment Field (COMMENTAIRE parameter)."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in inscription.php in Annuaire (Directory) 1.0 allows remote attackers to inject arbitrary web script or HTML via the Comment Field (COMMENTAIRE parameter)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://osvdb.org/ref/24/24302-annuaire_directory.txt",
"refsource" : "MISC",
"url" : "http://osvdb.org/ref/24/24302-annuaire_directory.txt"
"name": "24303",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24303"
},
{
"name" : "17393",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17393"
"name": "http://osvdb.org/ref/24/24302-annuaire_directory.txt",
"refsource": "MISC",
"url": "http://osvdb.org/ref/24/24302-annuaire_directory.txt"
},
{
"name" : "24303",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24303"
"name": "19548",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19548"
},
{
"name" : "19548",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19548"
"name": "17393",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17393"
},
{
"name" : "annuaire-inscription-xss(25669)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25669"
"name": "annuaire-inscription-xss(25669)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25669"
}
]
}

158
2006/1xxx/CVE-2006-1626.json
View File

@ -1,141 +1,141 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1626",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1626",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: this is a different vulnerability than CVE-2006-1192."
"lang": "eng",
"value": "Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: this is a different vulnerability than CVE-2006-1192."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060403 Another Internet Explorer Address Bar Spoofing Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/429719/100/0/threaded"
"name": "http://secunia.com/Internet_Explorer_Address_Bar_Spoofing_Vulnerability_Test/",
"refsource": "MISC",
"url": "http://secunia.com/Internet_Explorer_Address_Bar_Spoofing_Vulnerability_Test/"
},
{
"name" : "20060404 Another way to spoof Internet Explorer Address Bar",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/429891/100/0/threaded"
"name": "17404",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17404"
},
{
"name" : "20060721 about bid 17404",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/440851/100/100/threaded"
"name": "ADV-2006-2319",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2319"
},
{
"name" : "http://secunia.com/Internet_Explorer_Address_Bar_Spoofing_Vulnerability_Test/",
"refsource" : "MISC",
"url" : "http://secunia.com/Internet_Explorer_Address_Bar_Spoofing_Vulnerability_Test/"
"name": "1016291",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016291"
},
{
"name" : "MS06-021",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021"
"name": "oval:org.mitre.oval:def:1842",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1842"
},
{
"name" : "17404",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17404"
"name": "oval:org.mitre.oval:def:1881",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1881"
},
{
"name" : "ADV-2006-1218",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1218"
"name": "oval:org.mitre.oval:def:1604",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1604"
},
{
"name" : "ADV-2006-2319",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2319"
"name": "oval:org.mitre.oval:def:1806",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1806"
},
{
"name" : "oval:org.mitre.oval:def:1600",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1600"
"name": "ADV-2006-1218",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1218"
},
{
"name" : "oval:org.mitre.oval:def:1604",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1604"
"name": "MS06-021",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021"
},
{
"name" : "oval:org.mitre.oval:def:1806",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1806"
"name": "19521",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19521"
},
{
"name" : "oval:org.mitre.oval:def:1842",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1842"
"name": "20060403 Another Internet Explorer Address Bar Spoofing Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/429719/100/0/threaded"
},
{
"name" : "oval:org.mitre.oval:def:1881",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1881"
"name": "20060721 about bid 17404",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440851/100/100/threaded"
},
{
"name" : "oval:org.mitre.oval:def:1918",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1918"
"name": "20060404 Another way to spoof Internet Explorer Address Bar",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/429891/100/0/threaded"
},
{
"name" : "1016291",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016291"
"name": "oval:org.mitre.oval:def:1600",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1600"
},
{
"name" : "19521",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19521"
"name": "oval:org.mitre.oval:def:1918",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1918"
},
{
"name" : "ie-swf-addressbar-spoofing(25634)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25634"
"name": "ie-swf-addressbar-spoofing(25634)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25634"
}
]
}

86
2006/5xxx/CVE-2006-5056.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5056",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5056",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in Opial Audio/Video Download Management 1.0 allows remote attackers to inject arbitrary web script or HTML via the destination parameter in the Login view."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Opial Audio/Video Download Management 1.0 allows remote attackers to inject arbitrary web script or HTML via the destination parameter in the Login view."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060923 Opial Audio/Video Download Management - Version 1.0 index.php Xss vulns.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446896/100/0/threaded"
"name": "22092",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22092"
},
{
"name" : "20174",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20174"
"name": "20174",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20174"
},
{
"name" : "ADV-2006-3778",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3778"
"name": "ADV-2006-3778",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3778"
},
{
"name" : "22092",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22092"
"name": "1641",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1641"
},
{
"name" : "1641",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1641"
"name": "20060923 Opial Audio/Video Download Management - Version 1.0 index.php Xss vulns.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446896/100/0/threaded"
}
]
}

86
2006/5xxx/CVE-2006-5222.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5222",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5222",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Dimension of phpBB 0.2.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) includes/themen_portal_mitte.php or (2) includes/logger_engine.php."
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Dimension of phpBB 0.2.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) includes/themen_portal_mitte.php or (2) includes/logger_engine.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "2481",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2481"
"name": "22287",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22287"
},
{
"name" : "20367",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20367"
"name": "ADV-2006-3923",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3923"
},
{
"name" : "ADV-2006-3923",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3923"
"name": "20367",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20367"
},
{
"name" : "22287",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22287"
"name": "dimension-phpbbroot-file-include(29361)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29361"
},
{
"name" : "dimension-phpbbroot-file-include(29361)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29361"
"name": "2481",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2481"
}
]
}

98
2006/5xxx/CVE-2006-5591.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5591",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5591",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Admin/check.asp in PacPoll 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters."
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Admin/check.asp in PacPoll 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20061025 [KAPDA::#61] - PacPoll <= 4.0 Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/449668/100/0/threaded"
"name": "1788",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1788"
},
{
"name" : "http://www.kapda.ir/advisory-445.html",
"refsource" : "MISC",
"url" : "http://www.kapda.ir/advisory-445.html"
"name": "pacpoll-check-sql-injection(29800)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29800"
},
{
"name" : "20746",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20746"
"name": "20746",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20746"
},
{
"name" : "ADV-2006-4208",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4208"
"name": "ADV-2006-4208",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4208"
},
{
"name" : "22576",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22576"
"name": "http://www.kapda.ir/advisory-445.html",
"refsource": "MISC",
"url": "http://www.kapda.ir/advisory-445.html"
},
{
"name" : "1788",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1788"
"name": "20061025 [KAPDA::#61] - PacPoll <= 4.0 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449668/100/0/threaded"
},
{
"name" : "pacpoll-check-sql-injection(29800)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29800"
"name": "22576",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22576"
}
]
}

80
2006/5xxx/CVE-2006-5947.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5947",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5947",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in Conxint FTP Server 2.2.0603, and possibly earlier, allow remote attackers to read arbitrary files and list arbitrary directories via directory traversal sequences in (1) DIR (LIST or NLST) and (2) GET (RETR) commands. NOTE: the provenance of this information is unknown; details are obtained from third party sources."
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in Conxint FTP Server 2.2.0603, and possibly earlier, allow remote attackers to read arbitrary files and list arbitrary directories via directory traversal sequences in (1) DIR (LIST or NLST) and (2) GET (RETR) commands. NOTE: the provenance of this information is unknown; details are obtained from third party sources."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "21081",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21081"
"name": "conxintftp-directory-traversal(30295)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30295"
},
{
"name" : "ADV-2006-4519",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4519"
"name": "22893",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22893"
},
{
"name" : "22893",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22893"
"name": "ADV-2006-4519",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4519"
},
{
"name" : "conxintftp-directory-traversal(30295)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30295"
"name": "21081",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21081"
}
]
}

68
2006/5xxx/CVE-2006-5986.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5986",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5986",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "admin/options.php in Extreme CMS 0.9, and possibly earlier, does not require authentication, which might allow remote attackers to conduct unauthorized activities. NOTE: this issue can be combined with another vulnerability to expand the scope of a cross-site scripting (XSS) attack without authentication. NOTE: the provenance of this information is unknown; details are obtained from third party sources."
"lang": "eng",
"value": "admin/options.php in Extreme CMS 0.9, and possibly earlier, does not require authentication, which might allow remote attackers to conduct unauthorized activities. NOTE: this issue can be combined with another vulnerability to expand the scope of a cross-site scripting (XSS) attack without authentication. NOTE: the provenance of this information is unknown; details are obtained from third party sources."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "ADV-2006-4529",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4529"
"name": "22919",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22919"
},
{
"name" : "22919",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22919"
"name": "ADV-2006-4529",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4529"
}
]
}

146
2006/5xxx/CVE-2006-5989.json
View File

@ -1,131 +1,131 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5989",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-5989",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allows remote attackers to cause a denial of service (crash) via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array."
"lang": "eng",
"value": "Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allows remote attackers to cause a denial of service (crash) via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206736",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206736"
"name": "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=136650",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=136650"
},
{
"name" : "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=136650",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=136650"
"name": "23251",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23251"
},
{
"name" : "DSA-1247",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2007/dsa-1247"
"name": "23681",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23681"
},
{
"name" : "GLSA-200701-14",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200701-14.xml"
"name": "DSA-1247",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1247"
},
{
"name" : "MDKSA-2006:218",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:218"
"name": "21214",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21214"
},
{
"name" : "RHSA-2006:0746",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0746.html"
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206736",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206736"
},
{
"name" : "21214",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21214"
"name": "23023",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23023"
},
{
"name" : "oval:org.mitre.oval:def:10051",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10051"
"name": "23820",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23820"
},
{
"name" : "ADV-2006-4633",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4633"
"name": "RHSA-2006:0746",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0746.html"
},
{
"name" : "1017348",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017348"
"name": "apache-modauthkerb-offbyone-bo(30456)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30456"
},
{
"name" : "23023",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23023"
"name": "MDKSA-2006:218",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:218"
},
{
"name" : "23251",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23251"
"name": "1017348",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017348"
},
{
"name" : "23681",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23681"
"name": "ADV-2006-4633",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4633"
},
{
"name" : "23820",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23820"
"name": "GLSA-200701-14",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200701-14.xml"
},
{
"name" : "apache-modauthkerb-offbyone-bo(30456)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30456"
"name": "oval:org.mitre.oval:def:10051",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10051"
}
]
}

80
2007/2xxx/CVE-2007-2150.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2150",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2150",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "BlueArc-FTPD in BlueArc Titan 2x00 devices with firmware 4.2.944b allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017."
"lang": "eng",
"value": "BlueArc-FTPD in BlueArc Titan 2x00 devices with firmware 4.2.944b allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20070417 BlueArc Firmware 4.2.944b FTP bounce",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/466025/100/0/threaded"
"name": "20070417 BlueArc Firmware 4.2.944b FTP bounce",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466025/100/0/threaded"
},
{
"name" : "23540",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23540"
"name": "35414",
"refsource": "OSVDB",
"url": "http://osvdb.org/35414"
},
{
"name" : "35414",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35414"
"name": "bluearc-port-traffic-hijacking(33721)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33721"
},
{
"name" : "bluearc-port-traffic-hijacking(33721)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33721"
"name": "23540",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23540"
}
]
}

86
2007/2xxx/CVE-2007-2571.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2571",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2571",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in the wfquotes 1.0 0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action."
"lang": "eng",
"value": "SQL injection vulnerability in index.php in the wfquotes 1.0 0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "3862",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3862"
"name": "xoops-wfquotes-index-sql-injection(34101)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34101"
},
{
"name" : "ADV-2007-1677",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1677"
"name": "3862",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3862"
},
{
"name" : "34473",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/34473"
"name": "ADV-2007-1677",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1677"
},
{
"name" : "25171",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25171"
"name": "34473",
"refsource": "OSVDB",
"url": "http://osvdb.org/34473"
},
{
"name" : "xoops-wfquotes-index-sql-injection(34101)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34101"
"name": "25171",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25171"
}
]
}

128
2007/2xxx/CVE-2007-2599.json
View File

@ -1,116 +1,116 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2599",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2599",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or (3) the search parameter to search.php."
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or (3) the search parameter to search.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "3887",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3887"
"name": "tutorialcms-multiple-sql-injection(34214)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34214"
},
{
"name" : "http://www.wavelinkmedia.com/scripts/tutorialcms/",
"refsource" : "CONFIRM",
"url" : "http://www.wavelinkmedia.com/scripts/tutorialcms/"
"name": "35902",
"refsource": "OSVDB",
"url": "http://osvdb.org/35902"
},
{
"name" : "23905",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23905"
"name": "23905",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23905"
},
{
"name" : "ADV-2007-1742",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1742"
"name": "ADV-2007-1742",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1742"
},
{
"name" : "35899",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35899"
"name": "http://www.wavelinkmedia.com/scripts/tutorialcms/",
"refsource": "CONFIRM",
"url": "http://www.wavelinkmedia.com/scripts/tutorialcms/"
},
{
"name" : "35900",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35900"
"name": "35905",
"refsource": "OSVDB",
"url": "http://osvdb.org/35905"
},
{
"name" : "35901",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35901"
"name": "35900",
"refsource": "OSVDB",
"url": "http://osvdb.org/35900"
},
{
"name" : "35902",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35902"
"name": "35899",
"refsource": "OSVDB",
"url": "http://osvdb.org/35899"
},
{
"name" : "35903",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35903"
"name": "35901",
"refsource": "OSVDB",
"url": "http://osvdb.org/35901"
},
{
"name" : "35905",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35905"
"name": "35903",
"refsource": "OSVDB",
"url": "http://osvdb.org/35903"
},
{
"name" : "25222",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25222"
"name": "3887",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3887"
},
{
"name" : "tutorialcms-multiple-sql-injection(34214)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34214"
"name": "25222",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25222"
}
]
}

62
2010/0xxx/CVE-2010-0339.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0339",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0339",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the User Links (vm19_userlinks) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
"lang": "eng",
"value": "SQL injection vulnerability in the User Links (vm19_userlinks) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
}
]
}

86
2010/0xxx/CVE-2010-0693.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0693",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0693",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in products.php in CommodityRentals Trade Manager Script allows remote attackers to execute arbitrary SQL commands via the cid parameter."
"lang": "eng",
"value": "SQL injection vulnerability in products.php in CommodityRentals Trade Manager Script allows remote attackers to execute arbitrary SQL commands via the cid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://packetstormsecurity.org/1002-exploits/trademanager-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1002-exploits/trademanager-sql.txt"
"name": "62294",
"refsource": "OSVDB",
"url": "http://osvdb.org/62294"
},
{
"name" : "11412",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/11412"
"name": "http://packetstormsecurity.org/1002-exploits/trademanager-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1002-exploits/trademanager-sql.txt"
},
{
"name" : "62294",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/62294"
"name": "trade-manager-products-sql-injection(56223)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56223"
},
{
"name" : "38556",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38556"
"name": "38556",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38556"
},
{
"name" : "trade-manager-products-sql-injection(56223)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56223"
"name": "11412",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11412"
}
]
}

116
2010/0xxx/CVE-2010-0827.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0827",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2010-0827",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file."
"lang": "eng",
"value": "Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://security-tracker.debian.org/tracker/CVE-2010-0827",
"refsource" : "CONFIRM",
"url" : "http://security-tracker.debian.org/tracker/CVE-2010-0827"
"name": "http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?view=log",
"refsource": "CONFIRM",
"url": "http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?view=log"
},
{
"name" : "http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?r1=18009&r2=18095",
"refsource" : "CONFIRM",
"url" : "http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?r1=18009&r2=18095"
"name": "39971",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39971"
},
{
"name" : "http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?view=log",
"refsource" : "CONFIRM",
"url" : "http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?view=log"
"name": "GLSA-201206-28",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201206-28.xml"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=572914",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=572914"
"name": "SUSE-SR:2010:013",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name" : "GLSA-201206-28",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201206-28.xml"
"name": "http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?r1=18009&r2=18095",
"refsource": "CONFIRM",
"url": "http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?r1=18009&r2=18095"
},
{
"name" : "SUSE-SR:2010:012",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
"name": "SUSE-SR:2010:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"name" : "SUSE-SR:2010:013",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
"name": "http://security-tracker.debian.org/tracker/CVE-2010-0827",
"refsource": "CONFIRM",
"url": "http://security-tracker.debian.org/tracker/CVE-2010-0827"
},
{
"name" : "USN-937-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-937-1"
"name": "oval:org.mitre.oval:def:10052",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10052"
},
{
"name" : "39971",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39971"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=572914",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=572914"
},
{
"name" : "oval:org.mitre.oval:def:10052",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10052"
"name": "USN-937-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-937-1"
}
]
}

140
2010/0xxx/CVE-2010-0886.json
View File

@ -1,126 +1,126 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0886",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-0886",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE and Java for Business JDK and JRE 6 Update 10 through 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
"lang": "eng",
"value": "Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE and Java for Business JDK and JRE 6 Update 10 through 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
"name": "APPLE-SA-2010-05-18-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
},
{
"name" : "http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0886.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0886.html"
"name": "oval:org.mitre.oval:def:14216",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14216"
},
{
"name" : "http://support.apple.com/kb/HT4170",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4170"
"name": "HPSBMU02799",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name" : "http://support.apple.com/kb/HT4171",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4171"
"name": "39819",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39819"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
"name": "APPLE-SA-2010-05-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
},
{
"name" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
"name": "279590",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-279590-1"
},
{
"name" : "APPLE-SA-2010-05-18-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
"name": "http://support.apple.com/kb/HT4170",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4170"
},
{
"name" : "APPLE-SA-2010-05-18-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
"name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name" : "HPSBMU02799",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
"name": "1022294",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022294.1-1"
},
{
"name" : "279590",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-279590-1"
"name": "http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0886.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0886.html"
},
{
"name" : "1022294",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1022294.1-1"
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name" : "oval:org.mitre.oval:def:14216",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14216"
"name": "http://support.apple.com/kb/HT4171",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4171"
},
{
"name" : "39819",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39819"
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name" : "ADV-2010-1191",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1191"
"name": "ADV-2010-1191",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1191"
}
]
}

62
2010/0xxx/CVE-2010-0898.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0898",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-0898",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
}
]
}

116
2010/1xxx/CVE-2010-1498.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1498",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1498",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in dl_stats before 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) download.php and (2) view_file.php."
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in dl_stats before 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) download.php and (2) view_file.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://packetstormsecurity.org/1004-exploits/dlstats-sqlxssadmin.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1004-exploits/dlstats-sqlxssadmin.txt"
"name": "http://www.xenuser.org/documents/security/dl_stats_multiple_vulnerabilities.txt",
"refsource": "MISC",
"url": "http://www.xenuser.org/documents/security/dl_stats_multiple_vulnerabilities.txt"
},
{
"name" : "12280",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/12280"
"name": "39592",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39592"
},
{
"name" : "http://www.xenuser.org/2010/04/18/dl_stats-multiple-vulnerabilities-sqli-xss-unprotected-admin-panel/",
"refsource" : "MISC",
"url" : "http://www.xenuser.org/2010/04/18/dl_stats-multiple-vulnerabilities-sqli-xss-unprotected-admin-panel/"
"name": "ADV-2010-0939",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0939"
},
{
"name" : "http://www.xenuser.org/documents/security/dl_stats_multiple_vulnerabilities.txt",
"refsource" : "MISC",
"url" : "http://www.xenuser.org/documents/security/dl_stats_multiple_vulnerabilities.txt"
"name": "63908",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/63908"
},
{
"name" : "39592",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39592"
"name": "63907",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/63907"
},
{
"name" : "63907",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/63907"
"name": "12280",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12280"
},
{
"name" : "63908",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/63908"
"name": "http://www.xenuser.org/2010/04/18/dl_stats-multiple-vulnerabilities-sqli-xss-unprotected-admin-panel/",
"refsource": "MISC",
"url": "http://www.xenuser.org/2010/04/18/dl_stats-multiple-vulnerabilities-sqli-xss-unprotected-admin-panel/"
},
{
"name" : "39496",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39496"
"name": "dlstats-id-sql-injection(57917)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57917"
},
{
"name" : "ADV-2010-0939",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0939"
"name": "http://packetstormsecurity.org/1004-exploits/dlstats-sqlxssadmin.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1004-exploits/dlstats-sqlxssadmin.txt"
},
{
"name" : "dlstats-id-sql-injection(57917)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57917"
"name": "39496",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39496"
}
]
}

230
2010/1xxx/CVE-2010-1646.json
View File

@ -1,201 +1,201 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1646",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-1646",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable."
"lang": "eng",
"value": "The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20101027 rPSA-2010-0075-1 sudo",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/514489/100/0/threaded"
"name": "65083",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/65083"
},
{
"name" : "http://www.sudo.ws/repos/sudo/rev/3057fde43cf0",
"refsource" : "CONFIRM",
"url" : "http://www.sudo.ws/repos/sudo/rev/3057fde43cf0"
"name": "FEDORA-2010-9417",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043012.html"
},
{
"name" : "http://www.sudo.ws/repos/sudo/rev/a09c6812eaec",
"refsource" : "CONFIRM",
"url" : "http://www.sudo.ws/repos/sudo/rev/a09c6812eaec"
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name" : "http://www.sudo.ws/sudo/alerts/secure_path.html",
"refsource" : "CONFIRM",
"url" : "http://www.sudo.ws/sudo/alerts/secure_path.html"
"name": "http://www.sudo.ws/sudo/alerts/secure_path.html",
"refsource": "CONFIRM",
"url": "http://www.sudo.ws/sudo/alerts/secure_path.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=598154",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=598154"
"name": "http://www.sudo.ws/repos/sudo/rev/3057fde43cf0",
"refsource": "CONFIRM",
"url": "http://www.sudo.ws/repos/sudo/rev/3057fde43cf0"
},
{
"name" : "http://wiki.rpath.com/Advisories:rPSA-2010-0075",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/Advisories:rPSA-2010-0075"
"name": "oval:org.mitre.oval:def:10580",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10580"
},
{
"name" : "DSA-2062",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2062"
"name": "MDVSA-2010:118",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:118"
},
{
"name" : "FEDORA-2010-9402",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042838.html"
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name" : "FEDORA-2010-9415",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043026.html"
"name": "40188",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40188"
},
{
"name" : "FEDORA-2010-9417",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043012.html"
"name": "40002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40002"
},
{
"name" : "GLSA-201009-03",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201009-03.xml"
"name": "40215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40215"
},
{
"name" : "MDVSA-2010:118",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:118"
"name": "20101027 rPSA-2010-0075-1 sudo",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514489/100/0/threaded"
},
{
"name" : "RHSA-2010:0475",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0475.html"
"name": "1024101",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024101"
},
{
"name" : "SUSE-SR:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
"name": "40538",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40538"
},
{
"name" : "40538",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40538"
"name": "FEDORA-2010-9415",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043026.html"
},
{
"name" : "65083",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/65083"
"name": "http://www.sudo.ws/repos/sudo/rev/a09c6812eaec",
"refsource": "CONFIRM",
"url": "http://www.sudo.ws/repos/sudo/rev/a09c6812eaec"
},
{
"name" : "oval:org.mitre.oval:def:10580",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10580"
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name" : "oval:org.mitre.oval:def:7338",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7338"
"name": "DSA-2062",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2062"
},
{
"name" : "1024101",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024101"
"name": "FEDORA-2010-9402",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042838.html"
},
{
"name" : "40002",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40002"
"name": "http://wiki.rpath.com/Advisories:rPSA-2010-0075",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2010-0075"
},
{
"name" : "40188",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40188"
"name": "GLSA-201009-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201009-03.xml"
},
{
"name" : "40215",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40215"
"name": "ADV-2010-1478",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1478"
},
{
"name" : "40508",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40508"
"name": "RHSA-2010:0475",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0475.html"
},
{
"name" : "43068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43068"
"name": "oval:org.mitre.oval:def:7338",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7338"
},
{
"name" : "ADV-2010-1452",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1452"
"name": "40508",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40508"
},
{
"name" : "ADV-2010-1518",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1518"
"name": "ADV-2010-1518",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1518"
},
{
"name" : "ADV-2010-1519",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1519"
"name": "ADV-2010-1519",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1519"
},
{
"name" : "ADV-2010-1478",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1478"
"name": "ADV-2010-1452",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1452"
},
{
"name" : "ADV-2011-0212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0212"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=598154",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=598154"
}
]
}

182
2010/3xxx/CVE-2010-3316.json
View File

@ -1,161 +1,161 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3316",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3316",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check."
"lang": "eng",
"value": "The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516909/100/0/threaded"
"name": "[oss-security] 20100927 Re: Minor security flaw with pam_xauth",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/09/27/5"
},
{
"name" : "[oss-security] 20100816 Minor security flaw with pam_xauth",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/08/16/2"
"name": "[oss-security] 20100921 Re: Minor security flaw with pam_xauth",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/09/21/3"
},
{
"name" : "[oss-security] 20100921 Re: Minor security flaw with pam_xauth",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/09/21/3"
"name": "GLSA-201206-31",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"name" : "[oss-security] 20100921 Re: Minor security flaw with pam_xauth",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/09/21/8"
"name": "[security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2011/000126.html"
},
{
"name" : "[oss-security] 20100924 Re: Minor security flaw with pam_xauth",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/09/24/2"
"name": "ADV-2011-0606",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0606"
},
{
"name" : "[oss-security] 20100927 Re: Minor security flaw with pam_xauth",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/09/27/4"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=637898",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=637898"
},
{
"name" : "[oss-security] 20100927 Re: Minor security flaw with pam_xauth",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/09/27/5"
"name": "20110308 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516909/100/0/threaded"
},
{
"name" : "[oss-security] 20100928 Re: Minor security flaw with pam_xauth",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/09/27/7"
"name": "https://sourceforge.net/tracker/?func=detail&aid=3028213&group_id=6663&atid=106663",
"refsource": "MISC",
"url": "https://sourceforge.net/tracker/?func=detail&aid=3028213&group_id=6663&atid=106663"
},
{
"name" : "[oss-security] 20100928 Re: Minor security flaw with pam_xauth",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/09/27/10"
"name": "[oss-security] 20100924 Re: Minor security flaw with pam_xauth",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/24/2"
},
{
"name" : "[oss-security] 20101025 Re: Minor security flaw with pam_xauth",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/10/25/2"
"name": "[oss-security] 20100816 Minor security flaw with pam_xauth",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/08/16/2"
},
{
"name" : "[security-announce] 20110307 VMSA-2011-0004 VMware ESX/ESXi SLPD denial of service vulnerability and ESX third party updates for Service Console packages bind, pam, and rpm",
"refsource" : "MLIST",
"url" : "http://lists.vmware.com/pipermail/security-announce/2011/000126.html"
"name": "[oss-security] 20100921 Re: Minor security flaw with pam_xauth",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/09/21/8"
},
{
"name" : "https://sourceforge.net/tracker/?func=detail&aid=3028213&group_id=6663&atid=106663",
"refsource" : "MISC",
"url" : "https://sourceforge.net/tracker/?func=detail&aid=3028213&group_id=6663&atid=106663"
"name": "[oss-security] 20100928 Re: Minor security flaw with pam_xauth",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/09/27/10"
},
{
"name" : "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=06f882f30092a39a1db867c9744b2ca8d60e4ad6",
"refsource" : "CONFIRM",
"url" : "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=06f882f30092a39a1db867c9744b2ca8d60e4ad6"
"name": "[oss-security] 20100927 Re: Minor security flaw with pam_xauth",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/09/27/4"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=637898",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=637898"
"name": "MDVSA-2010:220",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:220"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0004.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0004.html"
"name": "49711",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49711"
},
{
"name" : "GLSA-201206-31",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201206-31.xml"
"name": "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=06f882f30092a39a1db867c9744b2ca8d60e4ad6",
"refsource": "CONFIRM",
"url": "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=06f882f30092a39a1db867c9744b2ca8d60e4ad6"
},
{
"name" : "MDVSA-2010:220",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:220"
"name": "[oss-security] 20100928 Re: Minor security flaw with pam_xauth",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/09/27/7"
},
{
"name" : "RHSA-2010:0819",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0819.html"
"name": "RHSA-2010:0891",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0891.html"
},
{
"name" : "RHSA-2010:0891",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0891.html"
"name": "[oss-security] 20101025 Re: Minor security flaw with pam_xauth",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/10/25/2"
},
{
"name" : "49711",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49711"
"name": "RHSA-2010:0819",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0819.html"
},
{
"name" : "ADV-2011-0606",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0606"
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0004.html"
}
]
}

92
2010/4xxx/CVE-2010-4037.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4037",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4037",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Google Chrome before 7.0.517.41 allows remote attackers to bypass the pop-up blocker via unknown vectors."
"lang": "eng",
"value": "Unspecified vulnerability in Google Chrome before 7.0.517.41 allows remote attackers to bypass the pop-up blocker via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=53002",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=53002"
"name": "ADV-2010-2731",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2731"
},
{
"name" : "http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html"
"name": "oval:org.mitre.oval:def:6790",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6790"
},
{
"name" : "44241",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44241"
"name": "http://code.google.com/p/chromium/issues/detail?id=53002",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=53002"
},
{
"name" : "oval:org.mitre.oval:def:6790",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6790"
"name": "41888",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41888"
},
{
"name" : "41888",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41888"
"name": "44241",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44241"
},
{
"name" : "ADV-2010-2731",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2731"
"name": "http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html"
}
]
}

74
2010/4xxx/CVE-2010-4084.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4084",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-4084",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2581, CVE-2010-4085, CVE-2010-4086, and CVE-2010-4088."
"lang": "eng",
"value": "dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2581, CVE-2010-4085, CVE-2010-4086, and CVE-2010-4088."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-25.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-25.html"
"name": "1024664",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024664"
},
{
"name" : "oval:org.mitre.oval:def:12265",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12265"
"name": "http://www.adobe.com/support/security/bulletins/apsb10-25.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-25.html"
},
{
"name" : "1024664",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024664"
"name": "oval:org.mitre.oval:def:12265",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12265"
}
]
}

98
2010/4xxx/CVE-2010-4622.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4622",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4622",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX allows remote attackers to read arbitrary files via a %uff0e%uff0e (encoded dot dot) in a URI."
"lang": "eng",
"value": "Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX allows remote attackers to read arbitrary files via a %uff0e%uff0e (encoded dot dot) in a URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg24028829",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg24028829"
"name": "ADV-2010-3329",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3329"
},
{
"name" : "45582",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45582"
"name": "45582",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45582"
},
{
"name" : "70158",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/70158"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg24028829",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24028829"
},
{
"name" : "1024927",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024927"
"name": "1024927",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024927"
},
{
"name" : "42727",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42727"
"name": "70158",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70158"
},
{
"name" : "ADV-2010-3329",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3329"
"name": "42727",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42727"
},
{
"name" : "tivoli-ebusiness-unspecified-dir-traversal(64306)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64306"
"name": "tivoli-ebusiness-unspecified-dir-traversal(64306)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64306"
}
]
}

86
2010/4xxx/CVE-2010-4992.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4992",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4992",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Payments Plus component 2.1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the type parameter to add.html."
"lang": "eng",
"value": "SQL injection vulnerability in the Payments Plus component 2.1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the type parameter to add.html."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "14265",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14265"
"name": "41458",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41458"
},
{
"name" : "http://packetstormsecurity.org/1007-exploits/joomlapaymentsplus-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1007-exploits/joomlapaymentsplus-sql.txt"
"name": "8497",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8497"
},
{
"name" : "41458",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41458"
"name": "http://packetstormsecurity.org/1007-exploits/joomlapaymentsplus-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1007-exploits/joomlapaymentsplus-sql.txt"
},
{
"name" : "8497",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8497"
"name": "14265",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14265"
},
{
"name" : "paymentspluscom-add-sql-injection(60166)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60166"
"name": "paymentspluscom-add-sql-injection(60166)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60166"
}
]
}

80
2014/0xxx/CVE-2014-0130.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0130",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0130",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request."
"lang": "eng",
"value": "Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[rubyonrails-security] 20140506 [CVE-2014-0130] Directory Traversal Vulnerability With Certain Route Configurations",
"refsource" : "MLIST",
"url" : "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ"
"name": "RHSA-2014:1863",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html"
},
{
"name" : "http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf",
"refsource" : "MISC",
"url" : "http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf"
"name": "http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf",
"refsource": "MISC",
"url": "http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf"
},
{
"name" : "RHSA-2014:1863",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1863.html"
"name": "[rubyonrails-security] 20140506 [CVE-2014-0130] Directory Traversal Vulnerability With Certain Route Configurations",
"refsource": "MLIST",
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ"
},
{
"name" : "67244",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67244"
"name": "67244",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67244"
}
]
}

74
2014/0xxx/CVE-2014-0853.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0853",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0853",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the (1) ForwardController and (2) AttributeEditor scripts in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the (1) ForwardController and (2) AttributeEditor scripts in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21665005",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21665005"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21665005",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21665005"
},
{
"name" : "65726",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65726"
"name": "ibm-focalpoint-cve20140853-xss(90754)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90754"
},
{
"name" : "ibm-focalpoint-cve20140853-xss(90754)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90754"
"name": "65726",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65726"
}
]
}

74
2014/0xxx/CVE-2014-0908.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0908",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0908",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The User Attribute implementation in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to attribute values, which allows remote authenticated users to obtain sensitive information, configure e-mail notifications, or modify task assignments via REST API calls."
"lang": "eng",
"value": "The User Attribute implementation in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to attribute values, which allows remote authenticated users to obtain sensitive information, configure e-mail notifications, or modify task assignments via REST API calls."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21669330",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21669330"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21669330",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669330"
},
{
"name" : "JR49505",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR49505"
"name": "JR49505",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR49505"
},
{
"name" : "ibm-bpm-cve20140908-priv-escalation(91870)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91870"
"name": "ibm-bpm-cve20140908-priv-escalation(91870)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91870"
}
]
}

74
2014/0xxx/CVE-2014-0911.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0911",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0911",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "inetd in IBM WebSphere MQ 7.1.x before 7.1.0.5 and 7.5.x before 7.5.0.4 allows remote attackers to cause a denial of service (disk or CPU consumption) via unspecified vectors."
"lang": "eng",
"value": "inetd in IBM WebSphere MQ 7.1.x before 7.1.0.5 and 7.5.x before 7.5.0.4 allows remote attackers to cause a denial of service (disk or CPU consumption) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21670374",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21670374"
"name": "IV55886",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV55886"
},
{
"name" : "IV55886",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV55886"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670374",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670374"
},
{
"name" : "ibm-websphere-cve20140911-dos(91876)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91876"
"name": "ibm-websphere-cve20140911-dos(91876)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91876"
}
]
}

122
2014/0xxx/CVE-2014-0930.json
View File

@ -1,111 +1,111 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0930",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0930",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation."
"lang": "eng",
"value": "The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20140506 CVE-2014-0930 - Kernel Memory Leak And Denial Of Service Condition in IBM AIX",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-05/0031.html"
"name": "IV59675",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IV59675"
},
{
"name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0930/",
"refsource" : "MISC",
"url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0930/"
"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0930/",
"refsource": "MISC",
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0930/"
},
{
"name" : "http://aix.software.ibm.com/aix/efixes/security/ptrace_advisory.asc",
"refsource" : "CONFIRM",
"url" : "http://aix.software.ibm.com/aix/efixes/security/ptrace_advisory.asc"
"name": "IV59045",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IV59045"
},
{
"name" : "IV58766",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV58766"
"name": "20140506 CVE-2014-0930 - Kernel Memory Leak And Denial Of Service Condition in IBM AIX",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-05/0031.html"
},
{
"name" : "IV58840",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV58840"
"name": "IV58766",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IV58766"
},
{
"name" : "IV58861",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV58861"
"name": "IV58888",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IV58888"
},
{
"name" : "IV58888",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV58888"
"name": "IV58948",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IV58948"
},
{
"name" : "IV58948",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV58948"
"name": "ibm-aix-cve20140930-dos(92262)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92262"
},
{
"name" : "IV59045",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV59045"
"name": "IV58861",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IV58861"
},
{
"name" : "IV59675",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV59675"
"name": "IV58840",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IV58840"
},
{
"name" : "ibm-aix-cve20140930-dos(92262)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92262"
"name": "http://aix.software.ibm.com/aix/efixes/security/ptrace_advisory.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/ptrace_advisory.asc"
}
]
}

86
2014/4xxx/CVE-2014-4073.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4073",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-4073",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors involving Internet Explorer, aka \".NET ClickOnce Elevation of Privilege Vulnerability.\""
"lang": "eng",
"value": "Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors involving Internet Explorer, aka \".NET ClickOnce Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://blogs.technet.com/b/srd/archive/2014/10/14/more-details-about-cve-2014-4073-elevation-of-privilege-vulnerability.aspx",
"refsource" : "CONFIRM",
"url" : "http://blogs.technet.com/b/srd/archive/2014/10/14/more-details-about-cve-2014-4073-elevation-of-privilege-vulnerability.aspx"
"name": "MS14-057",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-057"
},
{
"name" : "MS14-057",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-057"
"name": "60969",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60969"
},
{
"name" : "70313",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70313"
"name": "1031021",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031021"
},
{
"name" : "1031021",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031021"
"name": "70313",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70313"
},
{
"name" : "60969",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60969"
"name": "http://blogs.technet.com/b/srd/archive/2014/10/14/more-details-about-cve-2014-4073-elevation-of-privilege-vulnerability.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/b/srd/archive/2014/10/14/more-details-about-cve-2014-4073-elevation-of-privilege-vulnerability.aspx"
}
]
}

80
2014/4xxx/CVE-2014-4390.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4390",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4390",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Bluetooth in Apple OS X before 10.9.5 does not properly validate API calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application."
"lang": "eng",
"value": "Bluetooth in Apple OS X before 10.9.5 does not properly validate API calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://support.apple.com/kb/HT6443",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT6443"
"name": "1030868",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030868"
},
{
"name" : "69901",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69901"
"name": "http://support.apple.com/kb/HT6443",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6443"
},
{
"name" : "1030868",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030868"
"name": "69901",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69901"
},
{
"name" : "macosx-cve20144390-code-exec(96052)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96052"
"name": "macosx-cve20144390-code-exec(96052)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96052"
}
]
}

22
2014/4xxx/CVE-2014-4562.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4562",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4562",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2014/4xxx/CVE-2014-4603.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4603",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4603",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in yupdates_application.php in the Yahoo! Updates for WordPress plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) secret, (2) key, or (3) appid parameter."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in yupdates_application.php in the Yahoo! Updates for WordPress plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) secret, (2) key, or (3) appid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://codevigilant.com/disclosure/wp-plugin-yahoo-updates-for-wordpress-a3-cross-site-scripting-xss",
"refsource" : "MISC",
"url" : "http://codevigilant.com/disclosure/wp-plugin-yahoo-updates-for-wordpress-a3-cross-site-scripting-xss"
"name": "68401",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68401"
},
{
"name" : "68401",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68401"
"name": "http://codevigilant.com/disclosure/wp-plugin-yahoo-updates-for-wordpress-a3-cross-site-scripting-xss",
"refsource": "MISC",
"url": "http://codevigilant.com/disclosure/wp-plugin-yahoo-updates-for-wordpress-a3-cross-site-scripting-xss"
}
]
}

86
2014/4xxx/CVE-2014-4737.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4737",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4737",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20141001 Reflected Cross-Site Scripting (XSS) in Textpattern",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/533596/100/0/threaded"
"name": "textpattern-cve20144737-xss(96802)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96802"
},
{
"name" : "http://packetstormsecurity.com/files/128519/Textpattern-4.5.5-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128519/Textpattern-4.5.5-Cross-Site-Scripting.html"
"name": "http://packetstormsecurity.com/files/128519/Textpattern-4.5.5-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128519/Textpattern-4.5.5-Cross-Site-Scripting.html"
},
{
"name" : "http://textpattern.com/weblog/379/textpattern-cms-457-released-ten-years-on",
"refsource" : "MISC",
"url" : "http://textpattern.com/weblog/379/textpattern-cms-457-released-ten-years-on"
"name": "http://textpattern.com/weblog/379/textpattern-cms-457-released-ten-years-on",
"refsource": "MISC",
"url": "http://textpattern.com/weblog/379/textpattern-cms-457-released-ten-years-on"
},
{
"name" : "https://www.htbridge.com/advisory/HTB23223",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23223"
"name": "https://www.htbridge.com/advisory/HTB23223",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23223"
},
{
"name" : "textpattern-cve20144737-xss(96802)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96802"
"name": "20141001 Reflected Cross-Site Scripting (XSS) in Textpattern",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533596/100/0/threaded"
}
]
}

68
2014/8xxx/CVE-2014-8120.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8120",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8120",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The agent in Thermostat before 1.0.6, when using unspecified configurations, allows local users to obtain the JMX management URLs of all local Java virtual machines and gain privileges via unknown vectors."
"lang": "eng",
"value": "The agent in Thermostat before 1.0.6, when using unspecified configurations, allows local users to obtain the JMX management URLs of all local Java virtual machines and gain privileges via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[Thermostat-announce] 20141216 [SECURITY UPDATE] Thermostat 1.0.6 update released!",
"refsource" : "MLIST",
"url" : "http://icedtea.classpath.org/pipermail/thermostat-announce/2014-December/000013.html"
"name": "[Thermostat-announce] 20141216 [SECURITY UPDATE] Thermostat 1.0.6 update released!",
"refsource": "MLIST",
"url": "http://icedtea.classpath.org/pipermail/thermostat-announce/2014-December/000013.html"
},
{
"name" : "RHSA-2014:2000",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-2000.html"
"name": "RHSA-2014:2000",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-2000.html"
}
]
}

22
2014/8xxx/CVE-2014-8300.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8300",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8300",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

74
2014/8xxx/CVE-2014-8489.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8489",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8489",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in startSSO.ping in the SP Endpoints in Ping Identity PingFederate 6.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the TargetResource parameter."
"lang": "eng",
"value": "Open redirect vulnerability in startSSO.ping in the SP Endpoints in Ping Identity PingFederate 6.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the TargetResource parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20141209 CVE-2014-8489 Ping Identity Corporation \"PingFederate 6.10.1 SP Endpoints\" Dest Redirect Privilege Escalation Security Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Dec/35"
"name": "20141209 CVE-2014-8489 Ping Identity Corporation \"PingFederate 6.10.1 SP Endpoints\" Dest Redirect Privilege Escalation Security Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/35"
},
{
"name" : "http://packetstormsecurity.com/files/129454/PingFederate-6.10.1-SP-Endpoints-Open-Redirect.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129454/PingFederate-6.10.1-SP-Endpoints-Open-Redirect.html"
"name": "http://tetraph.com/security/cves/cve-2014-8489-ping-identity-corporation-pingfederate-6-10-1-sp-endpoints-dest-redirect-privilege-escalation-security-vulnerability/",
"refsource": "MISC",
"url": "http://tetraph.com/security/cves/cve-2014-8489-ping-identity-corporation-pingfederate-6-10-1-sp-endpoints-dest-redirect-privilege-escalation-security-vulnerability/"
},
{
"name" : "http://tetraph.com/security/cves/cve-2014-8489-ping-identity-corporation-pingfederate-6-10-1-sp-endpoints-dest-redirect-privilege-escalation-security-vulnerability/",
"refsource" : "MISC",
"url" : "http://tetraph.com/security/cves/cve-2014-8489-ping-identity-corporation-pingfederate-6-10-1-sp-endpoints-dest-redirect-privilege-escalation-security-vulnerability/"
"name": "http://packetstormsecurity.com/files/129454/PingFederate-6.10.1-SP-Endpoints-Open-Redirect.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129454/PingFederate-6.10.1-SP-Endpoints-Open-Redirect.html"
}
]
}

134
2014/8xxx/CVE-2014-8709.json
View File

@ -1,121 +1,121 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8709",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"ID": "CVE-2014-8709",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 does not properly maintain a certain tail pointer, which allows remote attackers to obtain sensitive cleartext information by reading packets."
"lang": "eng",
"value": "The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 does not properly maintain a certain tail pointer, which allows remote attackers to obtain sensitive cleartext information by reading packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20141109 Re: CVE Request: Linux kernel mac80211 plain text leak",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/11/09/1"
"name": "1037968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=338f977f4eb441e69bb9a46eaa0ac715c931a67f",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=338f977f4eb441e69bb9a46eaa0ac715c931a67f"
"name": "SUSE-SU-2015:0652",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.5",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.5"
"name": "https://github.com/torvalds/linux/commit/338f977f4eb441e69bb9a46eaa0ac715c931a67f",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/338f977f4eb441e69bb9a46eaa0ac715c931a67f"
},
{
"name" : "https://github.com/torvalds/linux/commit/338f977f4eb441e69bb9a46eaa0ac715c931a67f",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/338f977f4eb441e69bb9a46eaa0ac715c931a67f"
"name": "RHSA-2015:0290",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0290.html"
},
{
"name" : "https://source.android.com/security/bulletin/2017-03-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-03-01.html"
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.5"
},
{
"name" : "RHSA-2015:0290",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0290.html"
"name": "SUSE-SU-2015:0481",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
},
{
"name" : "RHSA-2015:1272",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1272.html"
"name": "openSUSE-SU-2015:0566",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
},
{
"name" : "SUSE-SU-2015:0481",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
"name": "[oss-security] 20141109 Re: CVE Request: Linux kernel mac80211 plain text leak",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/11/09/1"
},
{
"name" : "openSUSE-SU-2015:0566",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
"name": "linux-kernel-cve20148709-info-disclsoure(98922)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98922"
},
{
"name" : "SUSE-SU-2015:0652",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html"
"name": "RHSA-2015:1272",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1272.html"
},
{
"name" : "70965",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70965"
"name": "70965",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70965"
},
{
"name" : "1037968",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037968"
"name": "https://source.android.com/security/bulletin/2017-03-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01.html"
},
{
"name" : "linux-kernel-cve20148709-info-disclsoure(98922)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98922"
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=338f977f4eb441e69bb9a46eaa0ac715c931a67f",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=338f977f4eb441e69bb9a46eaa0ac715c931a67f"
}
]
}

22
2014/9xxx/CVE-2014-9108.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9108",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9108",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

128
2014/9xxx/CVE-2014-9845.json
View File

@ -1,116 +1,116 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9845",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9845",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file."
"lang": "eng",
"value": "The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20160602 Re: ImageMagick CVEs",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343503",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343503"
},
{
"name" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=a7a7fd3ce95b7b8efb0ce1ce40f43dbbd20d8e03",
"refsource" : "CONFIRM",
"url" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=a7a7fd3ce95b7b8efb0ce1ce40f43dbbd20d8e03"
"name": "openSUSE-SU-2016:2073",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343503",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343503"
"name": "openSUSE-SU-2016:1833",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html"
},
{
"name" : "SUSE-SU-2016:1782",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html"
"name": "openSUSE-SU-2016:3060",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html"
},
{
"name" : "SUSE-SU-2016:1783",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html"
"name": "openSUSE-SU-2016:1724",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html"
},
{
"name" : "SUSE-SU-2016:1784",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html"
"name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=a7a7fd3ce95b7b8efb0ce1ce40f43dbbd20d8e03",
"refsource": "CONFIRM",
"url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=a7a7fd3ce95b7b8efb0ce1ce40f43dbbd20d8e03"
},
{
"name" : "openSUSE-SU-2016:1724",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html"
"name": "SUSE-SU-2016:1782",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html"
},
{
"name" : "openSUSE-SU-2016:1748",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html"
"name": "[oss-security] 20160602 Re: ImageMagick CVEs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name" : "openSUSE-SU-2016:1833",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html"
"name": "openSUSE-SU-2016:1748",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html"
},
{
"name" : "openSUSE-SU-2016:2073",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html"
"name": "SUSE-SU-2016:1784",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html"
},
{
"name" : "openSUSE-SU-2016:3060",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html"
"name": "SUSE-SU-2016:1783",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html"
},
{
"name" : "USN-3131-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3131-1"
"name": "USN-3131-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3131-1"
}
]
}

62
2016/2xxx/CVE-2016-2465.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2465",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-2465",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Qualcomm video driver in Android before 2016-06-01 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 27407865."
"lang": "eng",
"value": "The Qualcomm video driver in Android before 2016-06-01 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 27407865."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://source.android.com/security/bulletin/2016-06-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-06-01.html"
"name": "http://source.android.com/security/bulletin/2016-06-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-06-01.html"
}
]
}

80
2016/3xxx/CVE-2016-3723.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3723",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3723",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints."
"lang": "eng",
"value": "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
"refsource" : "CONFIRM",
"url" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
"name": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
"refsource": "CONFIRM",
"url": "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11"
},
{
"name" : "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11",
"refsource" : "CONFIRM",
"url" : "https://www.cloudbees.com/jenkins-security-advisory-2016-05-11"
"name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
"refsource": "CONFIRM",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
},
{
"name" : "RHSA-2016:1206",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:1206"
"name": "RHSA-2016:1206",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1206"
},
{
"name" : "RHSA-2016:1773",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
"name": "RHSA-2016:1773",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
}
]
}

68
2016/3xxx/CVE-2016-3761.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3761",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3761",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "NfcService.java in NFC in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to obtain sensitive foreground-application information via a crafted background application, aka internal bug 28300969."
"lang": "eng",
"value": "NfcService.java in NFC in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to obtain sensitive foreground-application information via a crafted background application, aka internal bug 28300969."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-07-01.html"
"name": "https://android.googlesource.com/platform/packages/apps/Nfc/+/9ea802b5456a36f1115549b645b65c791eff3c2c",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/packages/apps/Nfc/+/9ea802b5456a36f1115549b645b65c791eff3c2c"
},
{
"name" : "https://android.googlesource.com/platform/packages/apps/Nfc/+/9ea802b5456a36f1115549b645b65c791eff3c2c",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/packages/apps/Nfc/+/9ea802b5456a36f1115549b645b65c791eff3c2c"
"name": "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
}
]
}

68
2016/3xxx/CVE-2016-3939.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3939",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3939",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "drivers/video/msm/mdss/mdss_debug.c in the Qualcomm video driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 30874196 and Qualcomm internal bug CR 1001224."
"lang": "eng",
"value": "drivers/video/msm/mdss/mdss_debug.c in the Qualcomm video driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 30874196 and Qualcomm internal bug CR 1001224."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-10-01.html"
"name": "93336",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93336"
},
{
"name" : "93336",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93336"
"name": "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-10-01.html"
}
]
}

68
2016/6xxx/CVE-2016-6342.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"ID" : "CVE-2016-6342",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-6342",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "elog 3.1.1 allows remote attackers to post data as any username in the logbook."
"lang": "eng",
"value": "elog 3.1.1 allows remote attackers to post data as any username in the logbook."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1371328",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1371328"
"name": "FEDORA-2016-348a7b6285",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4ZQOPXSMJAJIXH5MRPQS2ZISYJPSLQK/"
},
{
"name" : "FEDORA-2016-348a7b6285",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4ZQOPXSMJAJIXH5MRPQS2ZISYJPSLQK/"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1371328",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1371328"
}
]
}

68
2016/6xxx/CVE-2016-6430.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2016-6430",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6430",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Cisco IP Interoperability and Collaboration System before 5.0(1)",
"version" : {
"version_data" : [
"product_name": "Cisco IP Interoperability and Collaboration System before 5.0(1)",
"version": {
"version_data": [
{
"version_value" : "Cisco IP Interoperability and Collaboration System before 5.0(1)"
"version_value": "Cisco IP Interoperability and Collaboration System before 5.0(1)"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated with their session. More Information: CSCva38636. Known Affected Releases: 4.10(1). Known Fixed Releases: 5.0(1)."
"lang": "eng",
"value": "A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated with their session. More Information: CSCva38636. Known Affected Releases: 4.10(1). Known Fixed Releases: 5.0(1)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "unspecified"
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics2",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics2"
"name": "93919",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93919"
},
{
"name" : "93919",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93919"
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics2",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics2"
}
]
}

74
2016/6xxx/CVE-2016-6942.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6942",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-6942",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019."
"lang": "eng",
"value": "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
"name": "1036986",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036986"
},
{
"name" : "93496",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93496"
"name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
},
{
"name" : "1036986",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036986"
"name": "93496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93496"
}
]
}

22
2016/7xxx/CVE-2016-7503.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7503",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7503",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2016/7xxx/CVE-2016-7681.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7681",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7681",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}

62
2016/7xxx/CVE-2016-7761.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2016-7761",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-7761",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"WiFi\" component, which allows local users to obtain sensitive network-configuration information by leveraging global storage."
"lang": "eng",
"value": "An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"WiFi\" component, which allows local users to obtain sensitive network-configuration information by leveraging global storage."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://support.apple.com/HT207423",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207423"
"name": "https://support.apple.com/HT207423",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207423"
}
]
}

22
2016/7xxx/CVE-2016-7769.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7769",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7769",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}

110
2016/7xxx/CVE-2016-7795.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7795",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7795",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket."
"lang": "eng",
"value": "The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20160928 CVE Request: systemd v209+: local denial-of-service attack",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/09/28/9"
"name": "[oss-security] 20160930 Re: CVE Request: systemd v209+: local denial-of-service attack",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/30/1"
},
{
"name" : "[oss-security] 20160930 Re: CVE Request: systemd v209+: local denial-of-service attack",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/09/30/1"
"name": "[oss-security] 20160928 CVE Request: systemd v209+: local denial-of-service attack",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/28/9"
},
{
"name" : "https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet",
"refsource" : "MISC",
"url" : "https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet"
"name": "93223",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93223"
},
{
"name" : "https://github.com/systemd/systemd/issues/4234",
"refsource" : "CONFIRM",
"url" : "https://github.com/systemd/systemd/issues/4234"
"name": "RHSA-2016:2610",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2610.html"
},
{
"name" : "RHSA-2016:2610",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2610.html"
"name": "https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet",
"refsource": "MISC",
"url": "https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet"
},
{
"name" : "RHSA-2016:2694",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2694.html"
"name": "USN-3094-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3094-1"
},
{
"name" : "USN-3094-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3094-1"
"name": "https://github.com/systemd/systemd/issues/4234",
"refsource": "CONFIRM",
"url": "https://github.com/systemd/systemd/issues/4234"
},
{
"name" : "93223",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93223"
"name": "1037320",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037320"
},
{
"name" : "1037320",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037320"
"name": "RHSA-2016:2694",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2694.html"
}
]
}

82
2016/8xxx/CVE-2016-8319.json
View File

@ -1,83 +1,83 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2016-8319",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-8319",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "FLEXCUBE Investor Servicing",
"version" : {
"version_data" : [
"product_name": "FLEXCUBE Investor Servicing",
"version": {
"version_data": [
{
"version_value" : "12.0.1"
"version_value": "12.0.1"
},
{
"version_value" : "12.0.2"
"version_value": "12.0.2"
},
{
"version_value" : "12.0.4"
"version_value": "12.0.4"
},
{
"version_value" : "12.1.0"
"version_value": "12.1.0"
},
{
"version_value" : "12.3.0"
"version_value": "12.3.0"
}
]
}
}
]
},
"vendor_name" : "Oracle"
"vendor_name": "Oracle"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Investor Servicing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts)."
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Investor Servicing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
"name": "95514",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95514"
},
{
"name" : "95514",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95514"
"name": "1037636",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037636"
},
{
"name" : "1037636",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037636"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}

82
2016/8xxx/CVE-2016-8640.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"DATE_PUBLIC" : "2016-11-11T00:00:00",
"ID" : "CVE-2016-8640",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2016-11-11T00:00:00",
"ID": "CVE-2016-8640",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "pycsw",
"version" : {
"version_data" : [
"product_name": "pycsw",
"version": {
"version_data": [
{
"version_value" : "all versions before 2.0.2, 1.10.5 and 1.8.6"
"version_value": "all versions before 2.0.2, 1.10.5 and 1.8.6"
}
]
}
}
]
},
"vendor_name" : "https://github.com/geopython"
"vendor_name": "https://github.com/geopython"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL (at least) it is possible to perform updates/inserts/deletes and database modifications to any table the database user has access to."
"lang": "eng",
"value": "A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL (at least) it is possible to perform updates/inserts/deletes and database modifications to any table the database user has access to."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-89"
"lang": "eng",
"value": "CWE-89"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20161111 CVE-2016-8640 pycsw SQL injection issue",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2016/q4/406"
"name": "94302",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94302"
},
{
"name" : "https://github.com/geopython/pycsw/pull/474/files",
"refsource" : "CONFIRM",
"url" : "https://github.com/geopython/pycsw/pull/474/files"
"name": "https://github.com/geopython/pycsw/pull/474/files",
"refsource": "CONFIRM",
"url": "https://github.com/geopython/pycsw/pull/474/files"
},
{
"name" : "https://patch-diff.githubusercontent.com/raw/geopython/pycsw/pull/474.patch",
"refsource" : "CONFIRM",
"url" : "https://patch-diff.githubusercontent.com/raw/geopython/pycsw/pull/474.patch"
"name": "[oss-security] 20161111 CVE-2016-8640 pycsw SQL injection issue",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2016/q4/406"
},
{
"name" : "94302",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94302"
"name": "https://patch-diff.githubusercontent.com/raw/geopython/pycsw/pull/474.patch",
"refsource": "CONFIRM",
"url": "https://patch-diff.githubusercontent.com/raw/geopython/pycsw/pull/474.patch"
}
]
}