admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:00:51 +00:00
parent 4e63ba113d
commit ffe709393d
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 3782 additions and 3782 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2006/5xxx/CVE-2006-5814.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5814",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Novell eDirectory allows remote attackers to execute arbitrary code, as demonstrated by vd_novell.pm, a \"Novell eDirectory remote exploit.\" NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://gleg.net/vulndisco_meta.shtml",
"refsource" : "MISC",
"url" : "http://gleg.net/vulndisco_meta.shtml"
},
{
"name" : "1017169",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017169"
},
{
"name" : "novell-edirectory-code-execution(30150)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30150"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Novell eDirectory allows remote attackers to execute arbitrary code, as demonstrated by vd_novell.pm, a \"Novell eDirectory remote exploit.\" NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://gleg.net/vulndisco_meta.shtml",
"refsource": "MISC",
"url": "http://gleg.net/vulndisco_meta.shtml"
},
{
"name": "1017169",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017169"
},
{
"name": "novell-edirectory-code-execution(30150)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30150"
}
]
}
}

130
2007/2xxx/CVE-2007-2095.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2095",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in chat.php in MySpeach 1.9 allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter, a different vector than CVE-2007-0498."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070414 MySpeach v1.9",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/465721/100/0/threaded"
},
{
"name" : "2592",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2592"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in chat.php in MySpeach 1.9 allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter, a different vector than CVE-2007-0498."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070414 MySpeach v1.9",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465721/100/0/threaded"
},
{
"name": "2592",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2592"
}
]
}
}

290
2007/2xxx/CVE-2007-2244.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2244",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator CS3, and GoLive 9 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) BMP, (2) DIB, or (3) RLE file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3793",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3793"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb07-13.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb07-13.html"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb07-16.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb07-16.html"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb07-17.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb07-17.html"
},
{
"name" : "23621",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23621"
},
{
"name" : "ADV-2007-1523",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1523"
},
{
"name" : "ADV-2007-3442",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3442"
},
{
"name" : "ADV-2007-3443",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3443"
},
{
"name" : "35370",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/35370"
},
{
"name" : "38064",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38064"
},
{
"name" : "38065",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38065"
},
{
"name" : "38066",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38066"
},
{
"name" : "1017962",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1017962"
},
{
"name" : "1018792",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1018792"
},
{
"name" : "25023",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25023"
},
{
"name" : "26846",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26846"
},
{
"name" : "26864",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26864"
},
{
"name" : "adobe-multiple-files-bo(33838)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33838"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator CS3, and GoLive 9 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) BMP, (2) DIB, or (3) RLE file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23621",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23621"
},
{
"name": "1018792",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018792"
},
{
"name": "35370",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/35370"
},
{
"name": "25023",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25023"
},
{
"name": "adobe-multiple-files-bo(33838)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33838"
},
{
"name": "ADV-2007-3442",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3442"
},
{
"name": "3793",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3793"
},
{
"name": "38065",
"refsource": "OSVDB",
"url": "http://osvdb.org/38065"
},
{
"name": "38064",
"refsource": "OSVDB",
"url": "http://osvdb.org/38064"
},
{
"name": "26864",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26864"
},
{
"name": "26846",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26846"
},
{
"name": "ADV-2007-1523",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1523"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb07-17.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb07-17.html"
},
{
"name": "38066",
"refsource": "OSVDB",
"url": "http://osvdb.org/38066"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb07-13.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb07-13.html"
},
{
"name": "ADV-2007-3443",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3443"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb07-16.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb07-16.html"
},
{
"name": "1017962",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017962"
}
]
}
}

170
2007/3xxx/CVE-2007-3459.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3459",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax Vector 1.3 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the WriteMovie method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070626 [GOODFELLAS - VULN ] Avaxswf.dll v.1.0.0.1 from Avax Vectorsoftware ActiveX Arbitrary Data Write",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/472296/100/0/threaded"
},
{
"name" : "4110",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4110"
},
{
"name" : "24659",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24659"
},
{
"name" : "38037",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38037"
},
{
"name" : "2844",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2844"
},
{
"name" : "avax-writemovie-file-overwrite(35089)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35089"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax Vector 1.3 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the WriteMovie method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "avax-writemovie-file-overwrite(35089)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35089"
},
{
"name": "4110",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4110"
},
{
"name": "24659",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24659"
},
{
"name": "38037",
"refsource": "OSVDB",
"url": "http://osvdb.org/38037"
},
{
"name": "2844",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2844"
},
{
"name": "20070626 [GOODFELLAS - VULN ] Avaxswf.dll v.1.0.0.1 from Avax Vectorsoftware ActiveX Arbitrary Data Write",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472296/100/0/threaded"
}
]
}
}

160
2007/3xxx/CVE-2007-3492.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3492",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Conti FtpServer 1.0 allows remote authenticated users to cause a denial of service (daemon crash) via a certain string containing \"//A:\" in the argument to the LIST command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070627 Conti FTP Server v1.0 DoS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/472346/100/0/threaded"
},
{
"name" : "24672",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24672"
},
{
"name" : "40776",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/40776"
},
{
"name" : "2847",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2847"
},
{
"name" : "conti-ftpserver-list-dos(35106)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35106"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Conti FtpServer 1.0 allows remote authenticated users to cause a denial of service (daemon crash) via a certain string containing \"//A:\" in the argument to the LIST command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2847",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2847"
},
{
"name": "20070627 Conti FTP Server v1.0 DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472346/100/0/threaded"
},
{
"name": "conti-ftpserver-list-dos(35106)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35106"
},
{
"name": "40776",
"refsource": "OSVDB",
"url": "http://osvdb.org/40776"
},
{
"name": "24672",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24672"
}
]
}
}

180
2007/3xxx/CVE-2007-3608.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3608",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to create certain files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070705 EnjoySAP, SAP GUI for Windows - Stack Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/472887/100/0/threaded"
},
{
"name" : "4148",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4148"
},
{
"name" : "4149",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4149"
},
{
"name" : "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-enjoysap-stack-overflow/",
"refsource" : "MISC",
"url" : "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-enjoysap-stack-overflow/"
},
{
"name" : "24776",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24776"
},
{
"name" : "37687",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37687"
},
{
"name" : "2873",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2873"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to create certain files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37687",
"refsource": "OSVDB",
"url": "http://osvdb.org/37687"
},
{
"name": "2873",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2873"
},
{
"name": "24776",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24776"
},
{
"name": "4148",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4148"
},
{
"name": "20070705 EnjoySAP, SAP GUI for Windows - Stack Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472887/100/0/threaded"
},
{
"name": "4149",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4149"
},
{
"name": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-enjoysap-stack-overflow/",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-enjoysap-stack-overflow/"
}
]
}
}

190
2007/3xxx/CVE-2007-3755.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3755",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to force the iPhone user to make calls to arbitrary telephone numbers via a \"tel:\" link, which does not prompt the user before dialing the number."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3755",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://docs.info.apple.com/article.html?artnum=306586",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=306586"
},
{
"name" : "APPLE-SA-2007-09-27",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"
},
{
"name" : "25862",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25862"
},
{
"name" : "ADV-2007-3287",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3287"
},
{
"name" : "38536",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/38536"
},
{
"name" : "1018752",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1018752"
},
{
"name" : "26983",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26983"
},
{
"name" : "iphone-tellink-phone-hijacking(36853)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36853"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to force the iPhone user to make calls to arbitrary telephone numbers via a \"tel:\" link, which does not prompt the user before dialing the number."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2007-09-27",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"
},
{
"name": "iphone-tellink-phone-hijacking(36853)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36853"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=306586",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=306586"
},
{
"name": "25862",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25862"
},
{
"name": "38536",
"refsource": "OSVDB",
"url": "http://osvdb.org/38536"
},
{
"name": "26983",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26983"
},
{
"name": "ADV-2007-3287",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3287"
},
{
"name": "1018752",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018752"
}
]
}
}

140
2007/3xxx/CVE-2007-3840.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3840",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in referralUrl.php in Traffic Stats allows remote attackers to execute arbitrary SQL commands via the offset parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4187",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4187"
},
{
"name" : "24925",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24925"
},
{
"name" : "36258",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/36258"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in referralUrl.php in Traffic Stats allows remote attackers to execute arbitrary SQL commands via the offset parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4187",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4187"
},
{
"name": "36258",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/36258"
},
{
"name": "24925",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24925"
}
]
}
}

230
2007/3xxx/CVE-2007-3897.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3897",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2007-3897",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071009 Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607"
},
{
"name" : "20071010 Re: iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/481983/100/100/threaded"
},
{
"name" : "HPSBST02280",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
},
{
"name" : "SSRT071480",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
},
{
"name" : "MS07-056",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-056"
},
{
"name" : "TA07-282A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
},
{
"name" : "25908",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25908"
},
{
"name" : "ADV-2007-3436",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3436"
},
{
"name" : "oval:org.mitre.oval:def:1706",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1706"
},
{
"name" : "1018785",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1018785"
},
{
"name" : "1018786",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1018786"
},
{
"name" : "27112",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27112"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1018785",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018785"
},
{
"name": "HPSBST02280",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
},
{
"name": "SSRT071480",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/482366/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:1706",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1706"
},
{
"name": "MS07-056",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-056"
},
{
"name": "20071010 Re: iDefense Security Advisory 10.09.07: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/481983/100/100/threaded"
},
{
"name": "20071009 Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607"
},
{
"name": "ADV-2007-3436",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3436"
},
{
"name": "1018786",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018786"
},
{
"name": "25908",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25908"
},
{
"name": "TA07-282A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-282A.html"
},
{
"name": "27112",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27112"
}
]
}
}

130
2007/6xxx/CVE-2007-6090.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6090",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/26458.txt",
"refsource" : "MISC",
"url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/26458.txt"
},
{
"name" : "26458",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26458"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/26458.txt",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/26458.txt"
},
{
"name": "26458",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26458"
}
]
}
}

150
2007/6xxx/CVE-2007-6486.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6486",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in shout.php (aka the shoutbox) in LineShout 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username (nickname) or (2) message parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://davidsopas.com/blog/2007/12/17/lineshout-v10-software-html-injection/",
"refsource" : "MISC",
"url" : "http://davidsopas.com/blog/2007/12/17/lineshout-v10-software-html-injection/"
},
{
"name" : "26906",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26906"
},
{
"name" : "28137",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28137"
},
{
"name" : "lineshout-shout-xss(39090)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39090"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in shout.php (aka the shoutbox) in LineShout 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username (nickname) or (2) message parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28137",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28137"
},
{
"name": "26906",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26906"
},
{
"name": "lineshout-shout-xss(39090)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39090"
},
{
"name": "http://davidsopas.com/blog/2007/12/17/lineshout-v10-software-html-injection/",
"refsource": "MISC",
"url": "http://davidsopas.com/blog/2007/12/17/lineshout-v10-software-html-injection/"
}
]
}
}

200
2007/6xxx/CVE-2007-6581.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6581",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in Social Engine 2.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the global_lang parameter to (1) header_album.php, (2) header_blog.php, or (3) header_group.php; or (4) admin_header_album.php, (5) admin_header_blog.php, or (6) admin_header_group.php in admin/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4767",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4767"
},
{
"name" : "http://www.inj3ct-it.org/exploit/socialengine2.txt",
"refsource" : "MISC",
"url" : "http://www.inj3ct-it.org/exploit/socialengine2.txt"
},
{
"name" : "26990",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26990"
},
{
"name" : "40370",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/40370"
},
{
"name" : "40371",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/40371"
},
{
"name" : "40372",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/40372"
},
{
"name" : "40373",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/40373"
},
{
"name" : "40374",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/40374"
},
{
"name" : "40375",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/40375"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in Social Engine 2.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the global_lang parameter to (1) header_album.php, (2) header_blog.php, or (3) header_group.php; or (4) admin_header_album.php, (5) admin_header_blog.php, or (6) admin_header_group.php in admin/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40371",
"refsource": "OSVDB",
"url": "http://osvdb.org/40371"
},
{
"name": "4767",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4767"
},
{
"name": "40373",
"refsource": "OSVDB",
"url": "http://osvdb.org/40373"
},
{
"name": "40370",
"refsource": "OSVDB",
"url": "http://osvdb.org/40370"
},
{
"name": "40374",
"refsource": "OSVDB",
"url": "http://osvdb.org/40374"
},
{
"name": "40375",
"refsource": "OSVDB",
"url": "http://osvdb.org/40375"
},
{
"name": "40372",
"refsource": "OSVDB",
"url": "http://osvdb.org/40372"
},
{
"name": "26990",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26990"
},
{
"name": "http://www.inj3ct-it.org/exploit/socialengine2.txt",
"refsource": "MISC",
"url": "http://www.inj3ct-it.org/exploit/socialengine2.txt"
}
]
}
}

340
2007/6xxx/CVE-2007-6725.json
View File

@ -1,172 +1,172 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6725",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090417 rPSA-2009-0060-1 ghostscript",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"name" : "[oss-security] 20090401 CVE request -- ghostscript",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/04/01/10"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=229174",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=229174"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=493442",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=493442"
},
{
"name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0060",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm"
},
{
"name" : "FEDORA-2008-5699",
"refsource" : "FEDORA",
"url" : "http://www.mail-archive.com/fedora-package-announce@redhat.com/msg11830.html"
},
{
"name" : "MDVSA-2009:095",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name" : "MDVSA-2009:096",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"name" : "RHSA-2009:0420",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0420.html"
},
{
"name" : "RHSA-2009:0421",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"name" : "262288",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name" : "SUSE-SR:2009:011",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name" : "USN-757-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/757-1/"
},
{
"name" : "34337",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34337"
},
{
"name" : "oval:org.mitre.oval:def:9507",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9507"
},
{
"name" : "34726",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34726"
},
{
"name" : "34732",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34732"
},
{
"name" : "34729",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34729"
},
{
"name" : "35416",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35416"
},
{
"name" : "35559",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35559"
},
{
"name" : "35569",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35569"
},
{
"name" : "ADV-2009-1708",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1708"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2009:0421",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"name": "RHSA-2009:0420",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0420.html"
},
{
"name": "FEDORA-2008-5699",
"refsource": "FEDORA",
"url": "http://www.mail-archive.com/fedora-package-announce@redhat.com/msg11830.html"
},
{
"name": "262288",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "20090417 rPSA-2009-0060-1 ghostscript",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"name": "34729",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34729"
},
{
"name": "SUSE-SR:2009:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=229174",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=229174"
},
{
"name": "MDVSA-2009:095",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "34337",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34337"
},
{
"name": "34732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34732"
},
{
"name": "35569",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"name": "oval:org.mitre.oval:def:9507",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9507"
},
{
"name": "MDVSA-2009:096",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"name": "35559",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35559"
},
{
"name": "35416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35416"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0060",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=493442",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=493442"
},
{
"name": "USN-757-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/757-1/"
},
{
"name": "[oss-security] 20090401 CVE request -- ghostscript",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/04/01/10"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm"
},
{
"name": "34726",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34726"
}
]
}
}

160
2010/0xxx/CVE-2010-0286.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0286",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the OpenID Identity Authentication extension in TYPO3 4.3.0 allows remote attackers to bypass authentication and gain access to a backend user account via unknown attack vectors in which both the attacker and victim have an OpenID provider that discards identities during authentication."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-001/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-001/"
},
{
"name" : "61680",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/61680"
},
{
"name" : "38206",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38206"
},
{
"name" : "ADV-2010-0127",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0127"
},
{
"name" : "typo3-openid-security-bypass(55609)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55609"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the OpenID Identity Authentication extension in TYPO3 4.3.0 allows remote attackers to bypass authentication and gain access to a backend user account via unknown attack vectors in which both the attacker and victim have an OpenID provider that discards identities during authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-0127",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0127"
},
{
"name": "typo3-openid-security-bypass(55609)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55609"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-001/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-001/"
},
{
"name": "38206",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38206"
},
{
"name": "61680",
"refsource": "OSVDB",
"url": "http://osvdb.org/61680"
}
]
}
}

140
2010/0xxx/CVE-2010-0428.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0428",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=568699",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=568699"
},
{
"name" : "RHSA-2010:0622",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0622.html"
},
{
"name" : "RHSA-2010:0633",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0633.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2010:0622",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0622.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=568699",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=568699"
},
{
"name": "RHSA-2010:0633",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0633.html"
}
]
}
}

180
2010/0xxx/CVE-2010-0955.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0955",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Bild Flirt Community 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://4004securityproject.wordpress.com/2010/03/07/bild-flirt-system-v2-0-index-php-id-sql-injection/",
"refsource" : "MISC",
"url" : "http://4004securityproject.wordpress.com/2010/03/07/bild-flirt-system-v2-0-index-php-id-sql-injection/"
},
{
"name" : "http://packetstormsecurity.org/1003-exploits/bildflirt-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1003-exploits/bildflirt-sql.txt"
},
{
"name" : "11648",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/11648"
},
{
"name" : "38585",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38585"
},
{
"name" : "62780",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/62780"
},
{
"name" : "38870",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38870"
},
{
"name" : "bildflirt-index-sql-injection(56727)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56727"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Bild Flirt Community 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/1003-exploits/bildflirt-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1003-exploits/bildflirt-sql.txt"
},
{
"name": "62780",
"refsource": "OSVDB",
"url": "http://osvdb.org/62780"
},
{
"name": "bildflirt-index-sql-injection(56727)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56727"
},
{
"name": "http://4004securityproject.wordpress.com/2010/03/07/bild-flirt-system-v2-0-index-php-id-sql-injection/",
"refsource": "MISC",
"url": "http://4004securityproject.wordpress.com/2010/03/07/bild-flirt-system-v2-0-index-php-id-sql-injection/"
},
{
"name": "38585",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38585"
},
{
"name": "11648",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11648"
},
{
"name": "38870",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38870"
}
]
}
}

130
2010/1xxx/CVE-2010-1018.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1018",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Book Reviews (sk_bookreview) extension 0.0.12 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name" : "38803",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38803"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Book Reviews (sk_bookreview) extension 0.0.12 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38803",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38803"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
}
]
}
}

210
2010/1xxx/CVE-2010-1141.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1141",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name" : "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
},
{
"name" : "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource" : "MLIST",
"url" : "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2010-0007.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name" : "GLSA-201209-25",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name" : "oval:org.mitre.oval:def:7020",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7020"
},
{
"name" : "1023832",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023832"
},
{
"name" : "1023833",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023833"
},
{
"name" : "39198",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39198"
},
{
"name" : "39206",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39206"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"name": "39206",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39206"
},
{
"name": "[security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"name": "1023833",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023833"
},
{
"name": "39198",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39198"
},
{
"name": "1023832",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023832"
},
{
"name": "oval:org.mitre.oval:def:7020",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7020"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2010-0007.html"
},
{
"name": "20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
}
]
}
}

150
2010/1xxx/CVE-2010-1466.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1466",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in scr/soustab.php in openUrgence Vaccin 1.03 allows remote attackers to read arbitrary files via the dsn[phptype] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "12193",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/12193"
},
{
"name" : "39412",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39412"
},
{
"name" : "39400",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39400"
},
{
"name" : "vaccin-soustab-file-include(57816)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57816"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in scr/soustab.php in openUrgence Vaccin 1.03 allows remote attackers to read arbitrary files via the dsn[phptype] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39400"
},
{
"name": "39412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39412"
},
{
"name": "12193",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12193"
},
{
"name": "vaccin-soustab-file-include(57816)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57816"
}
]
}
}

160
2014/0xxx/CVE-2014-0016.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0016",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC (ECDSA) or DSA certificates."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140305 libssh and stunnel PRNG flaws",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/03/05/1"
},
{
"name" : "https://bugzilla.redhat.com/attachment.cgi?id=870826&action=diff",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/attachment.cgi?id=870826&action=diff"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1072180",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1072180"
},
{
"name" : "https://www.stunnel.org/sdf_ChangeLog.html",
"refsource" : "CONFIRM",
"url" : "https://www.stunnel.org/sdf_ChangeLog.html"
},
{
"name" : "65964",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65964"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC (ECDSA) or DSA certificates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.stunnel.org/sdf_ChangeLog.html",
"refsource": "CONFIRM",
"url": "https://www.stunnel.org/sdf_ChangeLog.html"
},
{
"name": "https://bugzilla.redhat.com/attachment.cgi?id=870826&action=diff",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/attachment.cgi?id=870826&action=diff"
},
{
"name": "[oss-security] 20140305 libssh and stunnel PRNG flaws",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/03/05/1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1072180",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1072180"
},
{
"name": "65964",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65964"
}
]
}
}

120
2014/0xxx/CVE-2014-0629.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0629",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote authenticated users to obtain sensitive information and gain privileges in opportunistic circumstances by leveraging an incorrect group-addition implementation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-0629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140305 ESA-2014-012: EMC Documentum TaskSpace Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://seclists.org/bugtraq/2014/Mar/33"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote authenticated users to obtain sensitive information and gain privileges in opportunistic circumstances by leveraging an incorrect group-addition implementation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140305 ESA-2014-012: EMC Documentum TaskSpace Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2014/Mar/33"
}
]
}
}

34
2014/1xxx/CVE-2014-1630.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1630",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1630",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

260
2014/1xxx/CVE-2014-1636.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1636",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html"
},
{
"name" : "64707",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64707"
},
{
"name" : "101874",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/101874"
},
{
"name" : "101875",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/101875"
},
{
"name" : "101876",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/101876"
},
{
"name" : "101877",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/101877"
},
{
"name" : "101878",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/101878"
},
{
"name" : "101879",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/101879"
},
{
"name" : "101880",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/101880"
},
{
"name" : "101881",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/101881"
},
{
"name" : "101882",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/101882"
},
{
"name" : "101883",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/101883"
},
{
"name" : "101884",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/101884"
},
{
"name" : "101885",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/101885"
},
{
"name" : "commandschool-id-sql-injection(90175)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90175"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101879",
"refsource": "OSVDB",
"url": "http://osvdb.org/101879"
},
{
"name": "101884",
"refsource": "OSVDB",
"url": "http://osvdb.org/101884"
},
{
"name": "101883",
"refsource": "OSVDB",
"url": "http://osvdb.org/101883"
},
{
"name": "101885",
"refsource": "OSVDB",
"url": "http://osvdb.org/101885"
},
{
"name": "101874",
"refsource": "OSVDB",
"url": "http://osvdb.org/101874"
},
{
"name": "101881",
"refsource": "OSVDB",
"url": "http://osvdb.org/101881"
},
{
"name": "101878",
"refsource": "OSVDB",
"url": "http://osvdb.org/101878"
},
{
"name": "commandschool-id-sql-injection(90175)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90175"
},
{
"name": "101877",
"refsource": "OSVDB",
"url": "http://osvdb.org/101877"
},
{
"name": "64707",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64707"
},
{
"name": "101880",
"refsource": "OSVDB",
"url": "http://osvdb.org/101880"
},
{
"name": "101882",
"refsource": "OSVDB",
"url": "http://osvdb.org/101882"
},
{
"name": "101876",
"refsource": "OSVDB",
"url": "http://osvdb.org/101876"
},
{
"name": "http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html"
},
{
"name": "101875",
"refsource": "OSVDB",
"url": "http://osvdb.org/101875"
}
]
}
}

170
2014/1xxx/CVE-2014-1736.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1736",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in api.cc in Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-1736",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=359802",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=359802"
},
{
"name" : "https://code.google.com/p/v8/source/detail?r=20519",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/v8/source/detail?r=20519"
},
{
"name" : "https://code.google.com/p/v8/source/detail?r=20525",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/v8/source/detail?r=20525"
},
{
"name" : "DSA-2920",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2920"
},
{
"name" : "58301",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58301"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in api.cc in Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.google.com/p/v8/source/detail?r=20519",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/v8/source/detail?r=20519"
},
{
"name": "58301",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58301"
},
{
"name": "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html"
},
{
"name": "DSA-2920",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2920"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=359802",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=359802"
},
{
"name": "https://code.google.com/p/v8/source/detail?r=20525",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/v8/source/detail?r=20525"
}
]
}
}

140
2014/1xxx/CVE-2014-1789.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1789",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-1790."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-1789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-035",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035"
},
{
"name" : "67881",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67881"
},
{
"name" : "1030370",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030370"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-1790."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030370",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030370"
},
{
"name": "MS14-035",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035"
},
{
"name": "67881",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67881"
}
]
}
}

220
2014/4xxx/CVE-2014-4624.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4624",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-4624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141022 ESA-2014-096: EMC Avamar Sensitive Information Disclosure Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0147.html"
},
{
"name" : "20141024 NEW VMSA-2014-0011 VMware vSphere Data Protection product update addresses a critical information disclosure vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/533813/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/128843/EMC-Avamar-Sensitive-Information-Disclosure.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128843/EMC-Avamar-Sensitive-Information-Disclosure.html"
},
{
"name" : "http://packetstormsecurity.com/files/128850/VMware-Security-Advisory-2014-0011.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128850/VMware-Security-Advisory-2014-0011.html"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2014-0011.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2014-0011.html"
},
{
"name" : "70709",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70709"
},
{
"name" : "1031114",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031114"
},
{
"name" : "1031118",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031118"
},
{
"name" : "61663",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61663"
},
{
"name" : "61950",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61950"
},
{
"name" : "vsphere-data-cve20144624-info-disc(97729)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97729"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031118",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031118"
},
{
"name": "61663",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61663"
},
{
"name": "61950",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61950"
},
{
"name": "http://packetstormsecurity.com/files/128850/VMware-Security-Advisory-2014-0011.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128850/VMware-Security-Advisory-2014-0011.html"
},
{
"name": "1031114",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031114"
},
{
"name": "70709",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70709"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0011.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0011.html"
},
{
"name": "20141022 ESA-2014-096: EMC Avamar Sensitive Information Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0147.html"
},
{
"name": "vsphere-data-cve20144624-info-disc(97729)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97729"
},
{
"name": "http://packetstormsecurity.com/files/128843/EMC-Avamar-Sensitive-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128843/EMC-Avamar-Sensitive-Information-Disclosure.html"
},
{
"name": "20141024 NEW VMSA-2014-0011 VMware vSphere Data Protection product update addresses a critical information disclosure vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533813/100/0/threaded"
}
]
}
}

140
2014/4xxx/CVE-2014-4750.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4750",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM PowerVC Express Edition 1.2.0 before FixPack3 establishes an FTP session for transferring files to a managed IVM, which allows remote attackers to discover credentials by sniffing the network."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4750",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020223",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020223"
},
{
"name" : "69299",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69299"
},
{
"name" : "ibm-powervc-cve20144750-ftp(94352)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94352"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM PowerVC Express Edition 1.2.0 before FixPack3 establishes an FTP session for transferring files to a managed IVM, which allows remote attackers to discover credentials by sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-powervc-cve20144750-ftp(94352)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94352"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020223",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020223"
},
{
"name": "69299",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69299"
}
]
}
}

34
2014/5xxx/CVE-2014-5133.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5133",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5133",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2014/5xxx/CVE-2014-5258.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5258",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140917 Path Traversal in webEdition",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/533465/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/128301/webEdition-6.3.8.0-Path-Traversal.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128301/webEdition-6.3.8.0-Path-Traversal.html"
},
{
"name" : "http://www.webedition.org/de/aktuelles/webedition-cms/webEdition-6.3.9-Beta-erschienen",
"refsource" : "MISC",
"url" : "http://www.webedition.org/de/aktuelles/webedition-cms/webEdition-6.3.9-Beta-erschienen"
},
{
"name" : "https://www.htbridge.com/advisory/HTB23227",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23227"
},
{
"name" : "http://www.webedition.org/de/webedition-cms/versionshistorie/webedition-6/version-6.3.9.0",
"refsource" : "CONFIRM",
"url" : "http://www.webedition.org/de/webedition-cms/versionshistorie/webedition-6/version-6.3.9.0"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.com/advisory/HTB23227",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23227"
},
{
"name": "http://www.webedition.org/de/aktuelles/webedition-cms/webEdition-6.3.9-Beta-erschienen",
"refsource": "MISC",
"url": "http://www.webedition.org/de/aktuelles/webedition-cms/webEdition-6.3.9-Beta-erschienen"
},
{
"name": "20140917 Path Traversal in webEdition",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533465/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/128301/webEdition-6.3.8.0-Path-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128301/webEdition-6.3.8.0-Path-Traversal.html"
},
{
"name": "http://www.webedition.org/de/webedition-cms/versionshistorie/webedition-6/version-6.3.9.0",
"refsource": "CONFIRM",
"url": "http://www.webedition.org/de/webedition-cms/versionshistorie/webedition-6/version-6.3.9.0"
}
]
}
}

150
2014/5xxx/CVE-2014-5362.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5362",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to (1) ldms/sm_actionfrm.asp or (2) remote/frm_coremainfrm.aspx; or the (3) top parameter to remote/frm_splitfrm.aspx."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150416 [CVE-2014-5361][CVE-2014-5362]Landesk Management Suite RFI & CSRF Security Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/535286/100/1100/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/131496/Landesk-Management-Suite-9.5-RFI-CSRF.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/131496/Landesk-Management-Suite-9.5-RFI-CSRF.html"
},
{
"name" : "74190",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74190"
},
{
"name" : "1032203",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032203"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to (1) ldms/sm_actionfrm.asp or (2) remote/frm_coremainfrm.aspx; or the (3) top parameter to remote/frm_splitfrm.aspx."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032203",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032203"
},
{
"name": "20150416 [CVE-2014-5361][CVE-2014-5362]Landesk Management Suite RFI & CSRF Security Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535286/100/1100/threaded"
},
{
"name": "74190",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74190"
},
{
"name": "http://packetstormsecurity.com/files/131496/Landesk-Management-Suite-9.5-RFI-CSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/131496/Landesk-Management-Suite-9.5-RFI-CSRF.html"
}
]
}
}

190
2014/5xxx/CVE-2014-5391.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5391",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote attackers to inject arbitrary web script or HTML via the hash property (location.hash)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140907 CVE-2014-5391 DOM-based Cross-Site Scripting (XSS) in \"JobScheduler\"",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/533372/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/128180/JobScheduler-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128180/JobScheduler-Cross-Site-Scripting.html"
},
{
"name" : "http://www.christian-schneider.net/advisories/CVE-2014-5391.txt",
"refsource" : "MISC",
"url" : "http://www.christian-schneider.net/advisories/CVE-2014-5391.txt"
},
{
"name" : "http://www.sos-berlin.com/modules/news/article.php?storyid=73",
"refsource" : "CONFIRM",
"url" : "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
},
{
"name" : "http://www.sos-berlin.com/modules/news/article.php?storyid=74",
"refsource" : "CONFIRM",
"url" : "http://www.sos-berlin.com/modules/news/article.php?storyid=74"
},
{
"name" : "https://change.sos-berlin.com/browse/JS-1203",
"refsource" : "CONFIRM",
"url" : "https://change.sos-berlin.com/browse/JS-1203"
},
{
"name" : "69660",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69660"
},
{
"name" : "jobscheduler-cve20145391-xss(95797)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95797"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote attackers to inject arbitrary web script or HTML via the hash property (location.hash)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69660",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69660"
},
{
"name": "http://packetstormsecurity.com/files/128180/JobScheduler-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128180/JobScheduler-Cross-Site-Scripting.html"
},
{
"name": "http://www.sos-berlin.com/modules/news/article.php?storyid=73",
"refsource": "CONFIRM",
"url": "http://www.sos-berlin.com/modules/news/article.php?storyid=73"
},
{
"name": "http://www.sos-berlin.com/modules/news/article.php?storyid=74",
"refsource": "CONFIRM",
"url": "http://www.sos-berlin.com/modules/news/article.php?storyid=74"
},
{
"name": "20140907 CVE-2014-5391 DOM-based Cross-Site Scripting (XSS) in \"JobScheduler\"",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533372/100/0/threaded"
},
{
"name": "https://change.sos-berlin.com/browse/JS-1203",
"refsource": "CONFIRM",
"url": "https://change.sos-berlin.com/browse/JS-1203"
},
{
"name": "jobscheduler-cve20145391-xss(95797)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95797"
},
{
"name": "http://www.christian-schneider.net/advisories/CVE-2014-5391.txt",
"refsource": "MISC",
"url": "http://www.christian-schneider.net/advisories/CVE-2014-5391.txt"
}
]
}
}

140
2014/5xxx/CVE-2014-5784.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5784",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Bouncy Bill Seasons (aka mominis.Generic_Android.Bouncy_Bill_Seasons) application 1.3.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#114865",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/114865"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bouncy Bill Seasons (aka mominis.Generic_Android.Bouncy_Bill_Seasons) application 1.3.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#114865",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/114865"
}
]
}
}

130
2015/2xxx/CVE-2015-2413.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2413",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to determine the existence of local files via a crafted module-resource request, aka \"Internet Explorer Information Disclosure Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-2413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS15-065",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-065"
},
{
"name" : "1032894",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032894"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to determine the existence of local files via a crafted module-resource request, aka \"Internet Explorer Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032894",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032894"
},
{
"name": "MS15-065",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-065"
}
]
}
}

150
2016/10xxx/CVE-2016-10220.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-10220",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ghostscript.com/cgi-bin/findgit.cgi?daf85701dab05f17e924a48a81edc9195b4a04e8",
"refsource" : "CONFIRM",
"url" : "http://www.ghostscript.com/cgi-bin/findgit.cgi?daf85701dab05f17e924a48a81edc9195b4a04e8"
},
{
"name" : "https://bugs.ghostscript.com/show_bug.cgi?id=697450",
"refsource" : "CONFIRM",
"url" : "https://bugs.ghostscript.com/show_bug.cgi?id=697450"
},
{
"name" : "DSA-3838",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3838"
},
{
"name" : "GLSA-201708-06",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201708-06"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3838",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3838"
},
{
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=697450",
"refsource": "CONFIRM",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=697450"
},
{
"name": "GLSA-201708-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201708-06"
},
{
"name": "http://www.ghostscript.com/cgi-bin/findgit.cgi?daf85701dab05f17e924a48a81edc9195b4a04e8",
"refsource": "CONFIRM",
"url": "http://www.ghostscript.com/cgi-bin/findgit.cgi?daf85701dab05f17e924a48a81edc9195b4a04e8"
}
]
}
}

130
2016/10xxx/CVE-2016-10307.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-10307",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.iancaling.com/post/153011925478",
"refsource" : "MISC",
"url" : "http://blog.iancaling.com/post/153011925478"
},
{
"name" : "97242",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97242"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97242",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97242"
},
{
"name": "http://blog.iancaling.com/post/153011925478",
"refsource": "MISC",
"url": "http://blog.iancaling.com/post/153011925478"
}
]
}
}

210
2016/3xxx/CVE-2016-3116.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3116",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160314 CVE-2016-3116 - Dropbear SSH xauth injection",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/Mar/47"
},
{
"name" : "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115",
"refsource" : "MISC",
"url" : "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115"
},
{
"name" : "http://packetstormsecurity.com/files/136251/Dropbear-SSHD-xauth-Command-Injection-Bypass.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/136251/Dropbear-SSHD-xauth-Command-Injection-Bypass.html"
},
{
"name" : "https://matt.ucc.asn.au/dropbear/CHANGES",
"refsource" : "CONFIRM",
"url" : "https://matt.ucc.asn.au/dropbear/CHANGES"
},
{
"name" : "FEDORA-2016-bc45faa824",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179870.html"
},
{
"name" : "FEDORA-2016-332491de28",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179261.html"
},
{
"name" : "FEDORA-2016-40a657cee1",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179269.html"
},
{
"name" : "GLSA-201607-08",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201607-08"
},
{
"name" : "openSUSE-SU-2016:0874",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00105.html"
},
{
"name" : "openSUSE-SU-2016:0882",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00113.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115",
"refsource": "MISC",
"url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115"
},
{
"name": "https://matt.ucc.asn.au/dropbear/CHANGES",
"refsource": "CONFIRM",
"url": "https://matt.ucc.asn.au/dropbear/CHANGES"
},
{
"name": "FEDORA-2016-40a657cee1",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179269.html"
},
{
"name": "http://packetstormsecurity.com/files/136251/Dropbear-SSHD-xauth-Command-Injection-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/136251/Dropbear-SSHD-xauth-Command-Injection-Bypass.html"
},
{
"name": "FEDORA-2016-332491de28",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179261.html"
},
{
"name": "20160314 CVE-2016-3116 - Dropbear SSH xauth injection",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Mar/47"
},
{
"name": "FEDORA-2016-bc45faa824",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179870.html"
},
{
"name": "openSUSE-SU-2016:0882",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00113.html"
},
{
"name": "GLSA-201607-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-08"
},
{
"name": "openSUSE-SU-2016:0874",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00105.html"
}
]
}
}

34
2016/3xxx/CVE-2016-3673.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3673",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-3673",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/3xxx/CVE-2016-3942.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3942",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3942",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2016/3xxx/CVE-2016-3994.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3994",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via a crafted image, which triggers an out-of-bounds read."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[Enlightenment-announce] 20160501 imlib2 1.4.9",
"refsource" : "MLIST",
"url" : "https://sourceforge.net/p/enlightenment/mailman/message/35055012/"
},
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785369",
"refsource" : "CONFIRM",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785369"
},
{
"name" : "https://git.enlightenment.org/legacy/imlib2.git/commit/?id=37a96801663b7b4cd3fbe56cc0eb8b6a17e766a8",
"refsource" : "CONFIRM",
"url" : "https://git.enlightenment.org/legacy/imlib2.git/commit/?id=37a96801663b7b4cd3fbe56cc0eb8b6a17e766a8"
},
{
"name" : "DSA-3555",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3555"
},
{
"name" : "openSUSE-SU-2016:1330",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-05/msg00076.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via a crafted image, which triggers an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.enlightenment.org/legacy/imlib2.git/commit/?id=37a96801663b7b4cd3fbe56cc0eb8b6a17e766a8",
"refsource": "CONFIRM",
"url": "https://git.enlightenment.org/legacy/imlib2.git/commit/?id=37a96801663b7b4cd3fbe56cc0eb8b6a17e766a8"
},
{
"name": "[Enlightenment-announce] 20160501 imlib2 1.4.9",
"refsource": "MLIST",
"url": "https://sourceforge.net/p/enlightenment/mailman/message/35055012/"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785369",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785369"
},
{
"name": "DSA-3555",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3555"
},
{
"name": "openSUSE-SU-2016:1330",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00076.html"
}
]
}
}

142
2016/8xxx/CVE-2016-8511.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"DATE_PUBLIC" : "2016-11-28T00:00:00",
"ID" : "CVE-2016-8511",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Network Automation",
"version" : {
"version_data" : [
{
"version_value" : "v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20 was found."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2016-11-28T00:00:00",
"ID": "CVE-2016-8511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Network Automation",
"version": {
"version_data": [
{
"version_value": "v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.tenable.com/security/research/tra-2016-39",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2016-39"
},
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05344849",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05344849"
},
{
"name" : "94610",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94610"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20 was found."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2016-39",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2016-39"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05344849",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05344849"
},
{
"name": "94610",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94610"
}
]
}
}

242
2016/8xxx/CVE-2016-8617.json
View File

@ -1,123 +1,123 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psampaio@redhat.com",
"ID" : "CVE-2016-8617",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "curl",
"version" : {
"version_data" : [
{
"version_value" : "7.51.0"
}
]
}
}
]
},
"vendor_name" : "The Curl Project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version" : "3.0"
}
],
[
{
"vectorString" : "4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version" : "2.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-787"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "curl",
"version": {
"version_data": [
{
"version_value": "7.51.0"
}
]
}
}
]
},
"vendor_name": "The Curl Project"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://curl.haxx.se/docs/adv_20161102C.html",
"refsource" : "CONFIRM",
"url" : "https://curl.haxx.se/docs/adv_20161102C.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617"
},
{
"name" : "https://curl.haxx.se/CVE-2016-8617.patch",
"refsource" : "CONFIRM",
"url" : "https://curl.haxx.se/CVE-2016-8617.patch"
},
{
"name" : "https://www.tenable.com/security/tns-2016-21",
"refsource" : "CONFIRM",
"url" : "https://www.tenable.com/security/tns-2016-21"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "GLSA-201701-47",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-47"
},
{
"name" : "RHSA-2018:2486",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"name" : "RHSA-2018:3558",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3558"
},
{
"name" : "94097",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94097"
},
{
"name" : "1037192",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037192"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
[
{
"vectorString": "4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://curl.haxx.se/docs/adv_20161102C.html",
"refsource": "CONFIRM",
"url": "https://curl.haxx.se/docs/adv_20161102C.html"
},
{
"name": "RHSA-2018:3558",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3558"
},
{
"name": "https://curl.haxx.se/CVE-2016-8617.patch",
"refsource": "CONFIRM",
"url": "https://curl.haxx.se/CVE-2016-8617.patch"
},
{
"name": "94097",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94097"
},
{
"name": "https://www.tenable.com/security/tns-2016-21",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-21"
},
{
"name": "1037192",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037192"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617"
},
{
"name": "RHSA-2018:2486",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"name": "GLSA-201701-47",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-47"
}
]
}
}

140
2016/8xxx/CVE-2016-8672.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8672",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The integrated web server on Siemens SIMATIC CP 343-1 Advanced prior to version 3.0.53, SIMATIC CP 443-1 Advanced prior to version 3.2.17, SIMATIC S7-300 CPU, and SIMATIC S7-400 CPU devices does not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8672",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-02",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-02"
},
{
"name" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-603476.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-603476.pdf"
},
{
"name" : "94460",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94460"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The integrated web server on Siemens SIMATIC CP 343-1 Advanced prior to version 3.0.53, SIMATIC CP 443-1 Advanced prior to version 3.2.17, SIMATIC S7-300 CPU, and SIMATIC S7-400 CPU devices does not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94460",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94460"
},
{
"name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-603476.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-603476.pdf"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-327-02"
}
]
}
}

178
2016/8xxx/CVE-2016-8935.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-8935",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Kenexa LMS on Cloud",
"version" : {
"version_data" : [
{
"version_value" : "13.0"
},
{
"version_value" : "13.1"
},
{
"version_value" : "13.2"
},
{
"version_value" : "13.2.2"
},
{
"version_value" : "13.2.3"
},
{
"version_value" : "13.2.4"
},
{
"version_value" : "14.0.0"
},
{
"version_value" : "14.1.0"
},
{
"version_value" : "14.2.0"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999483."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-8935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kenexa LMS on Cloud",
"version": {
"version_data": [
{
"version_value": "13.0"
},
{
"version_value": "13.1"
},
{
"version_value": "13.2"
},
{
"version_value": "13.2.2"
},
{
"version_value": "13.2.3"
},
{
"version_value": "13.2.4"
},
{
"version_value": "14.0.0"
},
{
"version_value": "14.1.0"
},
{
"version_value": "14.2.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21999483",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21999483"
},
{
"name" : "97077",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97077"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999483."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21999483",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21999483"
},
{
"name": "97077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97077"
}
]
}
}

130
2016/9xxx/CVE-2016-9354.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2016-9354",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Moxa DACenter 1.4 and older",
"version" : {
"version_data" : [
{
"version_value" : "Moxa DACenter 1.4 and older"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Moxa DACenter Versions 1.4 and older. A specially crafted project file may cause the program to crash because of Uncontrolled Resource Consumption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Moxa DACenter Uncontrolled Resource Consumption"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-9354",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Moxa DACenter 1.4 and older",
"version": {
"version_data": [
{
"version_value": "Moxa DACenter 1.4 and older"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-02",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-02"
},
{
"name" : "94891",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94891"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Moxa DACenter Versions 1.4 and older. A specially crafted project file may cause the program to crash because of Uncontrolled Resource Consumption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Moxa DACenter Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-348-02"
},
{
"name": "94891",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94891"
}
]
}
}

150
2016/9xxx/CVE-2016-9829.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9829",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the parseSWF_DEFINEFONT function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161201 libming: listswf: heap-based buffer overflow in parseSWF_DEFINEFONT (parser.c)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/12/01/5"
},
{
"name" : "[oss-security] 20161204 Re: libming: listswf: heap-based buffer overflow in parseSWF_DEFINEFONT (parser.c)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/12/05/4"
},
{
"name" : "https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_definefont-parser-c/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_definefont-parser-c/"
},
{
"name" : "95133",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95133"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the parseSWF_DEFINEFONT function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20161201 libming: listswf: heap-based buffer overflow in parseSWF_DEFINEFONT (parser.c)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/01/5"
},
{
"name": "[oss-security] 20161204 Re: libming: listswf: heap-based buffer overflow in parseSWF_DEFINEFONT (parser.c)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/4"
},
{
"name": "https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_definefont-parser-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_definefont-parser-c/"
},
{
"name": "95133",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95133"
}
]
}
}

158
2016/9xxx/CVE-2016-9977.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-9977",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Maximo Asset Management",
"version" : {
"version_data" : [
{
"version_value" : "7.1"
},
{
"version_value" : "7.5"
},
{
"version_value" : "7.1.1"
},
{
"version_value" : "7.6"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 120253."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-9977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value": "7.1"
},
{
"version_value": "7.5"
},
{
"version_value": "7.1.1"
},
{
"version_value": "7.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/120253",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/120253"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22003981",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22003981"
},
{
"name" : "98786",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98786"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 120253."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120253",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/120253"
},
{
"name": "98786",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98786"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22003981",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22003981"
}
]
}
}

34
2019/2xxx/CVE-2019-2793.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2793",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2793",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2902.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2902",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2902",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2982.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2982",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2982",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/6xxx/CVE-2019-6433.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6433",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6433",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/6xxx/CVE-2019-6950.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6950",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6950",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/6xxx/CVE-2019-6997.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6997",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6997",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/7xxx/CVE-2019-7211.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7211",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7211",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}