admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:28:32 +00:00
parent 12d52b8218
commit 048abb5526
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 4766 additions and 4766 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
2006/0xxx/CVE-2006-0417.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0417", "ID": "CVE-2006-0417",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in login.php in miniBloggie 1.0 and earlier, when gpc_magic_quotes is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060124 [eVuln] miniBloggie Authentication Bypass", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/423126/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in login.php in miniBloggie 1.0 and earlier, when gpc_magic_quotes is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameters."
{ }
"name" : "http://evuln.com/vulns/47/summary.html", ]
"refsource" : "MISC", },
"url" : "http://evuln.com/vulns/47/summary.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16367", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16367" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-0310", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/0310" ]
}, },
{ "references": {
"name" : "22729", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22729" "name": "ADV-2006-0310",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/0310"
"name" : "1015534", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015534" "name": "16367",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/16367"
"name" : "18604", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18604" "name": "http://evuln.com/vulns/47/summary.html",
}, "refsource": "MISC",
{ "url": "http://evuln.com/vulns/47/summary.html"
"name" : "minibloggie-login-sql-injection(24280)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24280" "name": "22729",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/22729"
} },
} {
"name": "18604",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18604"
},
{
"name": "1015534",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015534"
},
{
"name": "minibloggie-login-sql-injection(24280)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24280"
},
{
"name": "20060124 [eVuln] miniBloggie Authentication Bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423126/100/0/threaded"
}
]
}
}

170
2006/0xxx/CVE-2006-0580.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0580", "ID": "CVE-2006-0580",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Lotus Domino Server 7.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted packet to the LDAP port (389/TCP)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[Dailydave] 20060203 ProtoVer vs Lotus Domino Server 7.0", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lists.immunitysec.com/pipermail/dailydave/2006-February/002896.html" "lang": "eng",
}, "value": "IBM Lotus Domino Server 7.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted packet to the LDAP port (389/TCP)."
{ }
"name" : "16523", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/16523" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-0458", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0458" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1015592", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1015592" ]
}, },
{ "references": {
"name" : "18738", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18738" "name": "16523",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/16523"
"name" : "lotus-domino-ldap-dos(24518)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24518" "name": "ADV-2006-0458",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/0458"
} },
} {
"name": "lotus-domino-ldap-dos(24518)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24518"
},
{
"name": "18738",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18738"
},
{
"name": "1015592",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015592"
},
{
"name": "[Dailydave] 20060203 ProtoVer vs Lotus Domino Server 7.0",
"refsource": "MLIST",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2006-February/002896.html"
}
]
}
}

180
2006/0xxx/CVE-2006-0958.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0958", "ID": "CVE-2006-0958",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) subject parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060310 [eVuln] FreeForum PHP Code Execution & Multiple XSS Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/427321/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) subject parameters."
{ }
"name" : "http://evuln.com/vulns/89/summary.html", ]
"refsource" : "MISC", },
"url" : "http://evuln.com/vulns/89/summary.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://soft.zoneo.net/freeForum/changes.php", "description": [
"refsource" : "CONFIRM", {
"url" : "http://soft.zoneo.net/freeForum/changes.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "16877", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/16877" ]
}, },
{ "references": {
"name" : "ADV-2006-0759", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0759" "name": "20060310 [eVuln] FreeForum PHP Code Execution & Multiple XSS Vulnerabilities",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/427321/100/0/threaded"
"name" : "19020", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19020" "name": "ADV-2006-0759",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/0759"
"name" : "freeforum-func-xss(24925)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24925" "name": "freeforum-func-xss(24925)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24925"
} },
} {
"name": "http://evuln.com/vulns/89/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/89/summary.html"
},
{
"name": "16877",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16877"
},
{
"name": "http://soft.zoneo.net/freeForum/changes.php",
"refsource": "CONFIRM",
"url": "http://soft.zoneo.net/freeForum/changes.php"
},
{
"name": "19020",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19020"
}
]
}
}

150
2006/1xxx/CVE-2006-1235.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1235", "ID": "CVE-2006-1235",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in admin/deleteuser.php in HitHost 1.0.0 might allow remote attackers to delete directories (possibly only empty directories) via the $deleteuser variable. NOTE: the initial disclosure for this issue indicated that the researcher was unable to prove this issue; however, this might have been due to certain behaviors of rmdir."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060306 histhost v1.0.0 xss and possible rmdir", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/426931/100/0/threaded" "lang": "eng",
}, "value": "Directory traversal vulnerability in admin/deleteuser.php in HitHost 1.0.0 might allow remote attackers to delete directories (possibly only empty directories) via the $deleteuser variable. NOTE: the initial disclosure for this issue indicated that the researcher was unable to prove this issue; however, this might have been due to certain behaviors of rmdir."
{ }
"name" : "20060314 Re: histhost v1.0.0 xss and possible rmdir", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/427631/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "19155", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19155" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "hithost-deleteuser-directory-deletion(25106)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25106" ]
} },
] "references": {
} "reference_data": [
} {
"name": "19155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19155"
},
{
"name": "hithost-deleteuser-directory-deletion(25106)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25106"
},
{
"name": "20060306 histhost v1.0.0 xss and possible rmdir",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426931/100/0/threaded"
},
{
"name": "20060314 Re: histhost v1.0.0 xss and possible rmdir",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427631/100/0/threaded"
}
]
}
}

290
2006/1xxx/CVE-2006-1342.json
View File

@ -1,147 +1,147 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security-info@sgi.com",
"ID" : "CVE-2006-1342", "ID": "CVE-2006-1342",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain portions of potentially sensitive memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/451404/100/0/threaded" "lang": "eng",
}, "value": "net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain portions of potentially sensitive memory."
{ }
"name" : "20061113 VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/451419/100/200/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/451417/100/200/threaded" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2", ]
"refsource" : "BUGTRAQ", }
"url" : "http://www.securityfocus.com/archive/1/451426/100/200/threaded" ]
}, },
{ "references": {
"name" : "[linux-netdev] 20060304 BUG: Small information leak in SO_ORIGINAL_DST (2.4 and 2.6) and", "reference_data": [
"refsource" : "MLIST", {
"url" : "http://marc.info/?l=linux-netdev&m=114148078223594&w=2" "name": "http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=09d3b3dcfa80c9094f1748c1be064b9326c9ef2b",
}, "refsource": "CONFIRM",
{ "url": "http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=09d3b3dcfa80c9094f1748c1be064b9326c9ef2b"
"name" : "http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=09d3b3dcfa80c9094f1748c1be064b9326c9ef2b", },
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=09d3b3dcfa80c9094f1748c1be064b9326c9ef2b" "name": "ADV-2006-4502",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/4502"
"name" : "http://www.vmware.com/download/esx/esx-202-200610-patch.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/download/esx/esx-202-200610-patch.html" "name": "RHSA-2006:0579",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0579.html"
"name" : "http://www.vmware.com/download/esx/esx-213-200610-patch.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/download/esx/esx-213-200610-patch.html" "name": "22875",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22875"
"name" : "http://www.vmware.com/download/esx/esx-254-200610-patch.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/download/esx/esx-254-200610-patch.html" "name": "http://www.vmware.com/download/esx/esx-202-200610-patch.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/download/esx/esx-202-200610-patch.html"
"name" : "RHSA-2006:0579", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0579.html" "name": "20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/451426/100/200/threaded"
"name" : "RHSA-2006:0580", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0580.html" "name": "21035",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21035"
"name" : "SUSE-SA:2006:028", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2006-05-31.html" "name": "http://www.vmware.com/download/esx/esx-213-200610-patch.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/download/esx/esx-213-200610-patch.html"
"name" : "17203", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17203" "name": "SUSE-SA:2006:028",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2006-05-31.html"
"name" : "ADV-2006-4502", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4502" "name": "RHSA-2006:0580",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0580.html"
"name" : "19357", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19357" "name": "http://www.vmware.com/download/esx/esx-254-200610-patch.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/download/esx/esx-254-200610-patch.html"
"name" : "21035", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21035" "name": "19357",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19357"
"name" : "20398", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20398" "name": "20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/451404/100/0/threaded"
"name" : "22875", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22875" "name": "20398",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/20398"
} },
} {
"name": "20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451417/100/200/threaded"
},
{
"name": "17203",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17203"
},
{
"name": "20061113 VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451419/100/200/threaded"
},
{
"name": "[linux-netdev] 20060304 BUG: Small information leak in SO_ORIGINAL_DST (2.4 and 2.6) and",
"refsource": "MLIST",
"url": "http://marc.info/?l=linux-netdev&m=114148078223594&w=2"
}
]
}
}

150
2006/1xxx/CVE-2006-1619.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1619", "ID": "CVE-2006-1619",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server 4.0.1 through 4.0.3 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a large header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "PQ62144", "description_data": [
"refsource" : "AIXAPAR", {
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21053738" "lang": "eng",
}, "value": "IBM WebSphere Application Server 4.0.1 through 4.0.3 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a large header."
{ }
"name" : "ADV-2006-1214", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2006/1214" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1015857", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015857" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "websphere-http-header-dos(25619)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25619" ]
} },
] "references": {
} "reference_data": [
} {
"name": "websphere-http-header-dos(25619)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25619"
},
{
"name": "ADV-2006-1214",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1214"
},
{
"name": "1015857",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015857"
},
{
"name": "PQ62144",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21053738"
}
]
}
}

180
2006/5xxx/CVE-2006-5121.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5121", "ID": "CVE-2006-5121",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in modules/Downloads/admin.php in the Admin section of PostNuke 0.762 allows remote attackers to execute arbitrary SQL commands via the hits parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060929 Sql injection in PostNuke [Admin section]", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/447361/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in modules/Downloads/admin.php in the Admin section of PostNuke 0.762 allows remote attackers to execute arbitrary SQL commands via the hits parameter."
{ }
"name" : "http://community.postnuke.com/index.php?name=News&file=article&sid=2783", ]
"refsource" : "CONFIRM", },
"url" : "http://community.postnuke.com/index.php?name=News&file=article&sid=2783" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20317", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/20317" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-3886", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/3886" ]
}, },
{ "references": {
"name" : "22197", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22197" "name": "postnuke-admin-sql-injection(29271)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29271"
"name" : "1669", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1669" "name": "1669",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/1669"
"name" : "postnuke-admin-sql-injection(29271)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29271" "name": "http://community.postnuke.com/index.php?name=News&file=article&sid=2783",
} "refsource": "CONFIRM",
] "url": "http://community.postnuke.com/index.php?name=News&file=article&sid=2783"
} },
} {
"name": "22197",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22197"
},
{
"name": "20317",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20317"
},
{
"name": "20060929 Sql injection in PostNuke [Admin section]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447361/100/0/threaded"
},
{
"name": "ADV-2006-3886",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3886"
}
]
}
}

140
2006/5xxx/CVE-2006-5303.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5303", "ID": "CVE-2006-5303",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Secure Computing SafeWord RemoteAccess 2.1 allows local users to obtain the UserCenter webportal password, database encryption keys, and signing keys by reading (1) base-64 encoded data in SERVERS\\Web\\Tomcat\\usercenter\\WEB-INF\\login.conf and (2) plaintext data in SERVERS\\Shared\\signers.cfg. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20509", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/20509" "lang": "eng",
}, "value": "Secure Computing SafeWord RemoteAccess 2.1 allows local users to obtain the UserCenter webportal password, database encryption keys, and signing keys by reading (1) base-64 encoded data in SERVERS\\Web\\Tomcat\\usercenter\\WEB-INF\\login.conf and (2) plaintext data in SERVERS\\Shared\\signers.cfg. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
{ }
"name" : "22081", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/22081" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "safeword-login-signer-information-disclosure(29515)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29515" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "22081",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22081"
},
{
"name": "20509",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20509"
},
{
"name": "safeword-login-signer-information-disclosure(29515)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29515"
}
]
}
}

180
2006/5xxx/CVE-2006-5415.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5415", "ID": "CVE-2006-5415",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in includes/functions_newshr.php in the News Defilante Horizontale 4.1.1 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061012 news defilante horizontale <= 4.1.1 Remote File Include Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/448655/100/0/threaded" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in includes/functions_newshr.php in the News Defilante Horizontale 4.1.1 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter."
{ }
"name" : "2545", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/2545" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20233", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/20233" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-4079", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/4079" ]
}, },
{ "references": {
"name" : "22434", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22434" "name": "2545",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/2545"
"name" : "1749", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1749" "name": "ADV-2006-4079",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/4079"
"name" : "newsdefilante-functionsnewshr-file-include(29570)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29570" "name": "newsdefilante-functionsnewshr-file-include(29570)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29570"
} },
} {
"name": "20233",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20233"
},
{
"name": "22434",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22434"
},
{
"name": "1749",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1749"
},
{
"name": "20061012 news defilante horizontale <= 4.1.1 Remote File Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448655/100/0/threaded"
}
]
}
}

200
2006/5xxx/CVE-2006-5487.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5487", "ID": "CVE-2006-5487",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x, 6.x, and 2006, and MailMarshal for Exchange 5.x, allows remote attackers to write arbitrary files via \"..\" sequences in filenames in an ARJ compressed archive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061110 ZDI-06-039: Marshal MailMarshal ARJ Extraction Directory Traversal Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/451143/100/0/threaded" "lang": "eng",
}, "value": "Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x, 6.x, and 2006, and MailMarshal for Exchange 5.x, allows remote attackers to write arbitrary files via \"..\" sequences in filenames in an ARJ compressed archive."
{ }
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-06-039.html", ]
"refsource" : "MISC", },
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-06-039.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.marshal.com/kb/article.aspx?id=11450", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.marshal.com/kb/article.aspx?id=11450" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20999", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/20999" ]
}, },
{ "references": {
"name" : "ADV-2006-4457", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4457" "name": "1857",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/1857"
"name" : "1017209", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1017209" "name": "mailmarshal-arj-code-execution(30188)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30188"
"name" : "22806", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22806" "name": "22806",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22806"
"name" : "1857", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1857" "name": "20999",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/20999"
"name" : "mailmarshal-arj-code-execution(30188)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30188" "name": "1017209",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1017209"
} },
} {
"name": "20061110 ZDI-06-039: Marshal MailMarshal ARJ Extraction Directory Traversal Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451143/100/0/threaded"
},
{
"name": "ADV-2006-4457",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4457"
},
{
"name": "http://www.marshal.com/kb/article.aspx?id=11450",
"refsource": "CONFIRM",
"url": "http://www.marshal.com/kb/article.aspx?id=11450"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-06-039.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-039.html"
}
]
}
}

34
2006/5xxx/CVE-2006-5580.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5580", "ID": "CVE-2006-5580",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2007/2xxx/CVE-2007-2486.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2486", "ID": "CVE-2007-2486",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in download.asp in Motobit 1.3 and 1.5 (aka PStruh-CZ) allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "3831", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/3831" "lang": "eng",
}, "value": "Directory traversal vulnerability in download.asp in Motobit 1.3 and 1.5 (aka PStruh-CZ) allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter."
{ }
"name" : "23757", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/23757" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2007-1629", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/1629" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "38458", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/38458" ]
}, },
{ "references": {
"name" : "pstruhcz-download-directory-traversal(34005)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34005" "name": "pstruhcz-download-directory-traversal(34005)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34005"
} },
} {
"name": "ADV-2007-1629",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1629"
},
{
"name": "23757",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23757"
},
{
"name": "38458",
"refsource": "OSVDB",
"url": "http://osvdb.org/38458"
},
{
"name": "3831",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3831"
}
]
}
}

190
2007/2xxx/CVE-2007-2809.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2809", "ID": "CVE-2007-2809",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. NOTE: due to the lack of details, it is not clear if this is the same issue as CVE-2007-2274."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://isc.sans.org/diary.html?storyid=2823", "description_data": [
"refsource" : "MISC", {
"url" : "http://isc.sans.org/diary.html?storyid=2823" "lang": "eng",
}, "value": "Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. NOTE: due to the lack of details, it is not clear if this is the same issue as CVE-2007-2274."
{ }
"name" : "http://www.opera.com/support/search/view/860/", ]
"refsource" : "CONFIRM", },
"url" : "http://www.opera.com/support/search/view/860/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "24080", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/24080" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "36229", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/36229" ]
}, },
{ "references": {
"name" : "ADV-2007-1888", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/1888" "name": "ADV-2007-1888",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/1888"
"name" : "1018089", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1018089" "name": "1018089",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1018089"
"name" : "25278", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25278" "name": "http://isc.sans.org/diary.html?storyid=2823",
}, "refsource": "MISC",
{ "url": "http://isc.sans.org/diary.html?storyid=2823"
"name" : "opera-bittorrent-bo(34470)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34470" "name": "http://www.opera.com/support/search/view/860/",
} "refsource": "CONFIRM",
] "url": "http://www.opera.com/support/search/view/860/"
} },
} {
"name": "36229",
"refsource": "OSVDB",
"url": "http://osvdb.org/36229"
},
{
"name": "25278",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25278"
},
{
"name": "24080",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24080"
},
{
"name": "opera-bittorrent-bo(34470)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34470"
}
]
}
}

400
2007/2xxx/CVE-2007-2930.json
View File

@ -1,202 +1,202 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2007-2930", "ID": "CVE-2007-2930",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. NOTE: this issue is different from CVE-2007-2926."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070827 BIND 8 EOL and BIND 8 DNS Cache Poisoning (Amit Klein, Trusteer)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/477870/100/100/threaded" "lang": "eng",
}, "value": "The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. NOTE: this issue is different from CVE-2007-2926."
{ }
"name" : "20071001 Re: BIND 8 EOL and BIND 8 DNS Cache Poisoning (Amit Klein, Trusteer)", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/481424/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20071006 Re: BIND 8 EOL and BIND 8 DNS Cache Poisoning (Amit Klein, Trusteer)", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/481659/100/0/threaded" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.trusteer.com/docs/bind8dns.html", ]
"refsource" : "MISC", }
"url" : "http://www.trusteer.com/docs/bind8dns.html" ]
}, },
{ "references": {
"name" : "http://www.isc.org/index.pl?/sw/bind/bind8-eol.php", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.isc.org/index.pl?/sw/bind/bind8-eol.php" "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-448.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-448.htm"
"name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=653968", },
"refsource" : "CONFIRM", {
"url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=653968" "name": "200859",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200859-1"
"name" : "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/43/022954-01.pdf", },
"refsource" : "CONFIRM", {
"url" : "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/43/022954-01.pdf" "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=653968",
}, "refsource": "CONFIRM",
{ "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=653968"
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-448.htm", },
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-448.htm" "name": "ADV-2007-3936",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/3936"
"name" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3975", },
"refsource" : "CONFIRM", {
"url" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3975" "name": "27433",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/27433"
"name" : "HPSBUX02289", },
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01283837" "name": "20071001 Re: BIND 8 EOL and BIND 8 DNS Cache Poisoning (Amit Klein, Trusteer)",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/481424/100/0/threaded"
"name" : "SSRT071461", },
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01283837" "name": "ADV-2007-3192",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/3192"
"name" : "103063", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103063-1" "name": "ADV-2007-2991",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/2991"
"name" : "200859", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200859-1" "name": "HPSBUX02289",
}, "refsource": "HP",
{ "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01283837"
"name" : "VU#927905", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/927905" "name": "26629",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/26629"
"name" : "R-333", },
"refsource" : "CIAC", {
"url" : "http://www.ciac.org/ciac/bulletins/r-333.shtml" "name": "1018615",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1018615"
"name" : "25459", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/25459" "name": "http://www.trusteer.com/docs/bind8dns.html",
}, "refsource": "MISC",
{ "url": "http://www.trusteer.com/docs/bind8dns.html"
"name" : "ADV-2007-3192", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/3192" "name": "27459",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/27459"
"name" : "ADV-2007-2991", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/2991" "name": "25459",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/25459"
"name" : "ADV-2007-3639", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/3639" "name": "ADV-2007-3668",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/3668"
"name" : "ADV-2007-3668", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/3668" "name": "27696",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/27696"
"name" : "ADV-2007-3936", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/3936" "name": "http://www.isc.org/index.pl?/sw/bind/bind8-eol.php",
}, "refsource": "CONFIRM",
{ "url": "http://www.isc.org/index.pl?/sw/bind/bind8-eol.php"
"name" : "oval:org.mitre.oval:def:2154", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2154" "name": "20070827 BIND 8 EOL and BIND 8 DNS Cache Poisoning (Amit Klein, Trusteer)",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/477870/100/100/threaded"
"name" : "1018615", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1018615" "name": "27465",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/27465"
"name" : "26629", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26629" "name": "ADV-2007-3639",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/3639"
"name" : "26858", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26858" "name": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/43/022954-01.pdf",
}, "refsource": "CONFIRM",
{ "url": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/43/022954-01.pdf"
"name" : "27433", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27433" "name": "26858",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/26858"
"name" : "27459", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27459" "name": "oval:org.mitre.oval:def:2154",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2154"
"name" : "27465", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27465" "name": "VU#927905",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/927905"
"name" : "27696", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27696" "name": "103063",
} "refsource": "SUNALERT",
] "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103063-1"
} },
} {
"name": "SSRT071461",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01283837"
},
{
"name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3975",
"refsource": "CONFIRM",
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3975"
},
{
"name": "R-333",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/r-333.shtml"
},
{
"name": "20071006 Re: BIND 8 EOL and BIND 8 DNS Cache Poisoning (Amit Klein, Trusteer)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/481659/100/0/threaded"
}
]
}
}

180
2010/0xxx/CVE-2010-0108.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-0108", "ID": "CVE-2010-0108",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the cliproxy.objects.1 ActiveX control in the Symantec Client Proxy (CLIproxy.dll) in Symantec AntiVirus 10.0.x, 10.1.x before MR9, and 10.2.x before MR4; and Symantec Client Security 3.0.x and 3.1.x before MR9 allows remote attackers to execute arbitrary code via a long argument to the SetRemoteComputerName function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100219 [DSECRG-09-039] Symantec Antivirus 10.0 ActiveX - buffer Overflow.", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/509681/100/0/threaded" "lang": "eng",
}, "value": "Buffer overflow in the cliproxy.objects.1 ActiveX control in the Symantec Client Proxy (CLIproxy.dll) in Symantec AntiVirus 10.0.x, 10.1.x before MR9, and 10.2.x before MR4; and Symantec Client Security 3.0.x and 3.1.x before MR9 allows remote attackers to execute arbitrary code via a long argument to the SetRemoteComputerName function."
{ }
"name" : "http://dsecrg.com/pages/vul/show.php?id=139", ]
"refsource" : "MISC", },
"url" : "http://dsecrg.com/pages/vul/show.php?id=139" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_02", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_02" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "38222", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/38222" ]
}, },
{ "references": {
"name" : "38651", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38651" "name": "scp-cliproxy-activex-bo(56355)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56355"
"name" : "ADV-2010-0412", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0412" "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_02",
}, "refsource": "CONFIRM",
{ "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_02"
"name" : "scp-cliproxy-activex-bo(56355)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56355" "name": "20100219 [DSECRG-09-039] Symantec Antivirus 10.0 ActiveX - buffer Overflow.",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/509681/100/0/threaded"
} },
} {
"name": "http://dsecrg.com/pages/vul/show.php?id=139",
"refsource": "MISC",
"url": "http://dsecrg.com/pages/vul/show.php?id=139"
},
{
"name": "38651",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38651"
},
{
"name": "38222",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38222"
},
{
"name": "ADV-2010-0412",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0412"
}
]
}
}

130
2010/0xxx/CVE-2010-0152.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-0152", "ID": "CVE-2010-0152",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via (1) the date1 parameter to pvm_messagestore.php, (2) the userfilter parameter to pvm_user_management.php, (3) the ping parameter to sys_tools.php in a sys_ping.php action, (4) the action parameter to pvm_cert_commaction.php, (5) the action parameter to pvm_cert_serveraction.php, (6) the action parameter to pvm_smtpstore.php, (7) the l parameter to sla/index.php, or (8) unspecified stored data; and allow remote authenticated users to inject arbitrary web script or HTML via (9) saved search filters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100912 MVSA-10-007 / CVE-2010-0152 - IBM Proventia Mail Security System - Multiple persistent and reflected XSS vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/513629/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via (1) the date1 parameter to pvm_messagestore.php, (2) the userfilter parameter to pvm_user_management.php, (3) the ping parameter to sys_tools.php in a sys_ping.php action, (4) the action parameter to pvm_cert_commaction.php, (5) the action parameter to pvm_cert_serveraction.php, (6) the action parameter to pvm_smtpstore.php, (7) the l parameter to sla/index.php, or (8) unspecified stored data; and allow remote authenticated users to inject arbitrary web script or HTML via (9) saved search filters."
{ }
"name" : "http://www.ventuneac.net/security-advisories/MVSA-10-007", ]
"refsource" : "MISC", },
"url" : "http://www.ventuneac.net/security-advisories/MVSA-10-007" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ventuneac.net/security-advisories/MVSA-10-007",
"refsource": "MISC",
"url": "http://www.ventuneac.net/security-advisories/MVSA-10-007"
},
{
"name": "20100912 MVSA-10-007 / CVE-2010-0152 - IBM Proventia Mail Security System - Multiple persistent and reflected XSS vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513629/100/0/threaded"
}
]
}
}

320
2010/0xxx/CVE-2010-0160.json
View File

@ -1,162 +1,162 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-0160", "ID": "CVE-2010-0160",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100402 ZDI-10-046: Mozilla Firefox Web Worker Array Remote Code Execution Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/510533/100/0/threaded" "lang": "eng",
}, "value": "The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors."
{ }
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-046", ]
"refsource" : "MISC", },
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-046" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-02.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-02.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=531222", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=531222" ]
}, },
{ "references": {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=533000", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=533000" "name": "USN-895-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-895-1"
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=534051", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=534051" "name": "mozilla-webworkers-code-execution(56360)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56360"
"name" : "DSA-1999", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2010/dsa-1999" "name": "38847",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38847"
"name" : "FEDORA-2010-1727", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html" "name": "SUSE-SA:2010:015",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html"
"name" : "FEDORA-2010-1932", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html" "name": "MDVSA-2010:042",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:042"
"name" : "FEDORA-2010-1936", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html" "name": "FEDORA-2010-1936",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html"
"name" : "MDVSA-2010:042", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:042" "name": "RHSA-2010:0112",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0112.html"
"name" : "RHSA-2010:0112", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0112.html" "name": "FEDORA-2010-1932",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html"
"name" : "SUSE-SA:2010:015", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html" "name": "oval:org.mitre.oval:def:8465",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8465"
"name" : "USN-895-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-895-1" "name": "DSA-1999",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2010/dsa-1999"
"name" : "USN-896-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-896-1" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=534051",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=534051"
"name" : "oval:org.mitre.oval:def:11166", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11166" "name": "FEDORA-2010-1727",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html"
"name" : "oval:org.mitre.oval:def:8465", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8465" "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-02.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-02.html"
"name" : "37242", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37242" "name": "USN-896-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-896-1"
"name" : "38847", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38847" "name": "ADV-2010-0405",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/0405"
"name" : "ADV-2010-0405", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0405" "name": "37242",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37242"
"name" : "mozilla-webworkers-code-execution(56360)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56360" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=533000",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=533000"
} },
} {
"name": "oval:org.mitre.oval:def:11166",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11166"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=531222",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=531222"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-046",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-046"
},
{
"name": "20100402 ZDI-10-046: Mozilla Firefox Web Worker Array Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510533/100/0/threaded"
}
]
}
}

230
2010/0xxx/CVE-2010-0255.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2010-0255", "ID": "CVE-2010-0255",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100203 CORE-2009-0625: Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/509345/100/0/threaded" "lang": "eng",
}, "value": "Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448."
{ }
"name" : "http://isc.sans.org/diary.html?n&storyid=8152", ]
"refsource" : "MISC", },
"url" : "http://isc.sans.org/diary.html?n&storyid=8152" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.coresecurity.com/content/internet-explorer-dynamic-object-tag", "description": [
"refsource" : "MISC", {
"url" : "http://www.coresecurity.com/content/internet-explorer-dynamic-object-tag" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://blogs.technet.com/msrc/archive/2010/02/03/security-advisory-980088-released.aspx", ]
"refsource" : "CONFIRM", }
"url" : "http://blogs.technet.com/msrc/archive/2010/02/03/security-advisory-980088-released.aspx" ]
}, },
{ "references": {
"name" : "http://www.microsoft.com/technet/security/advisory/980088.mspx", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.microsoft.com/technet/security/advisory/980088.mspx" "name": "20100203 CORE-2009-0625: Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/509345/100/0/threaded"
"name" : "http://support.avaya.com/css/P8/documents/100089747", },
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/css/P8/documents/100089747" "name": "http://support.avaya.com/css/P8/documents/100089747",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/css/P8/documents/100089747"
"name" : "MS10-035", },
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-035" "name": "62156",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/62156"
"name" : "TA10-159B", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-159B.html" "name": "38055",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/38055"
"name" : "38055", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/38055" "name": "http://www.microsoft.com/technet/security/advisory/980088.mspx",
}, "refsource": "CONFIRM",
{ "url": "http://www.microsoft.com/technet/security/advisory/980088.mspx"
"name" : "38056", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/38056" "name": "MS10-035",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-035"
"name" : "62156", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/62156" "name": "http://www.coresecurity.com/content/internet-explorer-dynamic-object-tag",
}, "refsource": "MISC",
{ "url": "http://www.coresecurity.com/content/internet-explorer-dynamic-object-tag"
"name" : "oval:org.mitre.oval:def:7145", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7145" "name": "TA10-159B",
} "refsource": "CERT",
] "url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
} },
} {
"name": "http://isc.sans.org/diary.html?n&storyid=8152",
"refsource": "MISC",
"url": "http://isc.sans.org/diary.html?n&storyid=8152"
},
{
"name": "http://blogs.technet.com/msrc/archive/2010/02/03/security-advisory-980088-released.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/msrc/archive/2010/02/03/security-advisory-980088-released.aspx"
},
{
"name": "oval:org.mitre.oval:def:7145",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7145"
},
{
"name": "38056",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38056"
}
]
}
}

140
2010/1xxx/CVE-2010-1050.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-1050", "ID": "CVE-2010-1050",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in AudiStat 1.3 allows remote attackers to execute arbitrary SQL commands via the mday parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/1002-exploits/audistats-sql.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/1002-exploits/audistats-sql.txt" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php in AudiStat 1.3 allows remote attackers to execute arbitrary SQL commands via the mday parameter."
{ }
"name" : "11334", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/11334" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "38494", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38494" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "38494",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38494"
},
{
"name": "http://packetstormsecurity.org/1002-exploits/audistats-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1002-exploits/audistats-sql.txt"
},
{
"name": "11334",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11334"
}
]
}
}

160
2010/3xxx/CVE-2010-3212.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3212", "ID": "CVE-2010-3212",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Seagull 0.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via the frmQuestion parameter in a retrieve action, in conjunction with a user/password PATH_INFO."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "14838", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/14838" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php in Seagull 0.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via the frmQuestion parameter in a retrieve action, in conjunction with a user/password PATH_INFO."
{ }
"name" : "http://packetstormsecurity.org/1008-exploits/seagull-sql.txt", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.org/1008-exploits/seagull-sql.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "67689", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/67689" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "41169", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/41169" ]
}, },
{ "references": {
"name" : "seagull-index-sql-injection(61469)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61469" "name": "67689",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/67689"
} },
} {
"name": "14838",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14838"
},
{
"name": "http://packetstormsecurity.org/1008-exploits/seagull-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1008-exploits/seagull-sql.txt"
},
{
"name": "seagull-index-sql-injection(61469)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61469"
},
{
"name": "41169",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41169"
}
]
}
}

190
2010/3xxx/CVE-2010-3335.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2010-3335", "ID": "CVE-2010-3335",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka \"Drawing Exception Handling Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS10-087", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087" "lang": "eng",
}, "value": "Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka \"Drawing Exception Handling Vulnerability.\""
{ }
"name" : "TA10-313A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-313A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "44659", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/44659" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:11739", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11739" ]
}, },
{ "references": {
"name" : "1024705", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024705" "name": "1024705",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1024705"
"name" : "38521", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38521" "name": "oval:org.mitre.oval:def:11739",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11739"
"name" : "42144", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42144" "name": "42144",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42144"
"name" : "ADV-2010-2923", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2923" "name": "44659",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/44659"
} },
} {
"name": "38521",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38521"
},
{
"name": "ADV-2010-2923",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2923"
},
{
"name": "MS10-087",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087"
},
{
"name": "TA10-313A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-313A.html"
}
]
}
}

220
2010/3xxx/CVE-2010-3824.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2010-3824", "ID": "CVE-2010-3824",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving SVG use elements."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT4455", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4455" "lang": "eng",
}, "value": "Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving SVG use elements."
{ }
"name" : "http://support.apple.com/kb/HT4456", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT4456" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2010-11-18-1", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2010-11-22-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" ]
}, },
{ "references": {
"name" : "SUSE-SR:2011:002", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" "name": "oval:org.mitre.oval:def:12300",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12300"
"name" : "oval:org.mitre.oval:def:12300", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12300" "name": "43068",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43068"
"name" : "42314", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42314" "name": "http://support.apple.com/kb/HT4455",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4455"
"name" : "43068", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43068" "name": "ADV-2011-0212",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0212"
"name" : "ADV-2010-3046", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/3046" "name": "ADV-2010-3046",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/3046"
"name" : "ADV-2011-0212", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0212" "name": "SUSE-SR:2011:002",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
"name" : "safari-use-elements-code-execution(63363)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63363" "name": "APPLE-SA-2010-11-18-1",
} "refsource": "APPLE",
] "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html"
} },
} {
"name": "42314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42314"
},
{
"name": "http://support.apple.com/kb/HT4456",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "safari-use-elements-code-execution(63363)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63363"
},
{
"name": "APPLE-SA-2010-11-22-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
]
}
}

150
2010/3xxx/CVE-2010-3940.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2010-3940", "ID": "CVE-2010-3940",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka \"Win32k PFE Pointer Double Free Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS10-098", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-098" "lang": "eng",
}, "value": "Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka \"Win32k PFE Pointer Double Free Vulnerability.\""
{ }
"name" : "TA10-348A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:12194", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12194" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1024880", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1024880" ]
} },
] "references": {
} "reference_data": [
} {
"name": "TA10-348A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
},
{
"name": "MS10-098",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-098"
},
{
"name": "1024880",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024880"
},
{
"name": "oval:org.mitre.oval:def:12194",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12194"
}
]
}
}

180
2010/4xxx/CVE-2010-4076.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4076", "ID": "CVE-2010-4076",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The rs_ioctl function in drivers/char/amiserial.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[linux-kernel] 20100915 [PATCH] drivers/char/amiserial.c: prevent reading uninitialized stack memory", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lkml.org/lkml/2010/9/15/389" "lang": "eng",
}, "value": "The rs_ioctl function in drivers/char/amiserial.c in the Linux kernel 2.6.36.1 and earlier does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call."
{ }
"name" : "[oss-security] 20100925 CVE request: multiple kernel stack memory disclosures", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2010/09/25/2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20101006 Re: CVE request: multiple kernel stack memory disclosures", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2010/10/07/1" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20101006 Re: CVE request: multiple kernel stack memory disclosures", ]
"refsource" : "MLIST", }
"url" : "http://www.openwall.com/lists/oss-security/2010/10/06/6" ]
}, },
{ "references": {
"name" : "[oss-security] 20101025 Re: CVE request: multiple kernel stack memory disclosures", "reference_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2010/10/25/3" "name": "[oss-security] 20100925 CVE request: multiple kernel stack memory disclosures",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2010/09/25/2"
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d281da7ff6f70efca0553c288bb883e8605b3862", },
"refsource" : "MISC", {
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d281da7ff6f70efca0553c288bb883e8605b3862" "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d281da7ff6f70efca0553c288bb883e8605b3862",
}, "refsource": "MISC",
{ "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d281da7ff6f70efca0553c288bb883e8605b3862"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=648661", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=648661" "name": "[oss-security] 20101006 Re: CVE request: multiple kernel stack memory disclosures",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2010/10/06/6"
} },
} {
"name": "[linux-kernel] 20100915 [PATCH] drivers/char/amiserial.c: prevent reading uninitialized stack memory",
"refsource": "MLIST",
"url": "http://lkml.org/lkml/2010/9/15/389"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=648661",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=648661"
},
{
"name": "[oss-security] 20101006 Re: CVE request: multiple kernel stack memory disclosures",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/10/07/1"
},
{
"name": "[oss-security] 20101025 Re: CVE request: multiple kernel stack memory disclosures",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/10/25/3"
}
]
}
}

140
2010/4xxx/CVE-2010-4085.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2010-4085", "ID": "CVE-2010-4085",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2581, CVE-2010-4084, CVE-2010-4086, and CVE-2010-4088."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-25.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-25.html" "lang": "eng",
}, "value": "dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2581, CVE-2010-4084, CVE-2010-4086, and CVE-2010-4088."
{ }
"name" : "oval:org.mitre.oval:def:11518", ]
"refsource" : "OVAL", },
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11518" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1024664", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024664" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1024664",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024664"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-25.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-25.html"
},
{
"name": "oval:org.mitre.oval:def:11518",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11518"
}
]
}
}

34
2010/4xxx/CVE-2010-4240.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4240", "ID": "CVE-2010-4240",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

180
2010/4xxx/CVE-2010-4444.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2010-4444", "ID": "CVE-2010-4444",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Sun Java System Access Manager and Oracle OpenSSO 7, 7.1, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle Sun Java System Access Manager and Oracle OpenSSO 7, 7.1, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
{ }
"name" : "45884", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/45884" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "70579", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/70579" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "70580", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/70580" ]
}, },
{ "references": {
"name" : "42986", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42986" "name": "45884",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/45884"
"name" : "ADV-2011-0153", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0153" "name": "70580",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/70580"
"name" : "oracle-sso-java-unauth-access(64811)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64811" "name": "42986",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/42986"
} },
} {
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name": "oracle-sso-java-unauth-access(64811)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64811"
},
{
"name": "ADV-2011-0153",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0153"
},
{
"name": "70579",
"refsource": "OSVDB",
"url": "http://osvdb.org/70579"
}
]
}
}

160
2010/4xxx/CVE-2010-4603.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4603", "ID": "CVE-2010-4603",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 does not prevent modification of back-reference fields, which allows remote authenticated users to interfere with intended record relationships, and possibly cause a denial of service (loop) or have unspecified other impact, by (1) adding or (2) removing a back reference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme", "description_data": [
"refsource" : "CONFIRM", {
"url" : "ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme" "lang": "eng",
}, "value": "IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 does not prevent modification of back-reference fields, which allows remote authenticated users to interfere with intended record relationships, and possibly cause a denial of service (loop) or have unspecified other impact, by (1) adding or (2) removing a back reference."
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21125139", ]
"refsource" : "CONFIRM", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21125139" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "PM22186", "description": [
"refsource" : "AIXAPAR", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM22186" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "45648", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/45648" ]
}, },
{ "references": {
"name" : "clearquest-back-reference-sec-bypass(64439)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64439" "name": "clearquest-back-reference-sec-bypass(64439)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64439"
} },
} {
"name": "PM22186",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM22186"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21125139",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21125139"
},
{
"name": "ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme",
"refsource": "CONFIRM",
"url": "ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme"
},
{
"name": "45648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45648"
}
]
}
}

160
2014/0xxx/CVE-2014-0054.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-0054", "ID": "CVE-2014-0054",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://jira.spring.io/browse/SPR-11376", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://jira.spring.io/browse/SPR-11376" "lang": "eng",
}, "value": "The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429."
{ }
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2014:0400", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0400.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "66148", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/66148" ]
}, },
{ "references": {
"name" : "57915", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/57915" "name": "66148",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/66148"
} },
} {
"name": "https://jira.spring.io/browse/SPR-11376",
"refsource": "CONFIRM",
"url": "https://jira.spring.io/browse/SPR-11376"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "RHSA-2014:0400",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0400.html"
},
{
"name": "57915",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57915"
}
]
}
}

310
2014/0xxx/CVE-2014-0207.json
View File

@ -1,157 +1,157 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-0207", "ID": "CVE-2014-0207",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[file] 20140612 file-5.19 is now available", "description_data": [
"refsource" : "MLIST", {
"url" : "http://mx.gw.com/pipermail/file/2014/001553.html" "lang": "eng",
}, "value": "The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file."
{ }
"name" : "http://www.php.net/ChangeLog-5.php", ]
"refsource" : "CONFIRM", },
"url" : "http://www.php.net/ChangeLog-5.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugs.php.net/bug.php?id=67326", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.php.net/bug.php?id=67326" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1091842", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1091842" ]
}, },
{ "references": {
"name" : "https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1091842",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091842"
"name" : "http://support.apple.com/kb/HT6443", },
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT6443" "name": "https://support.apple.com/HT204659",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT204659"
"name" : "https://support.apple.com/HT204659", },
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT204659" "name": "68243",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/68243"
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" "name": "RHSA-2014:1766",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" "name": "DSA-3021",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2014/dsa-3021"
"name" : "APPLE-SA-2015-04-08-2", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" "name": "HPSBUX03102",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=141017844705317&w=2"
"name" : "DSA-2974", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2014/dsa-2974" "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
"name" : "DSA-3021", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2014/dsa-3021" "name": "DSA-2974",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2014/dsa-2974"
"name" : "HPSBUX03102", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=141017844705317&w=2" "name": "59794",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/59794"
"name" : "SSRT101681", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=141017844705317&w=2" "name": "http://www.php.net/ChangeLog-5.php",
}, "refsource": "CONFIRM",
{ "url": "http://www.php.net/ChangeLog-5.php"
"name" : "RHSA-2014:1765", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1765.html" "name": "[file] 20140612 file-5.19 is now available",
}, "refsource": "MLIST",
{ "url": "http://mx.gw.com/pipermail/file/2014/001553.html"
"name" : "RHSA-2014:1766", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1766.html" "name": "https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391"
"name" : "openSUSE-SU-2014:1236", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html" "name": "https://bugs.php.net/bug.php?id=67326",
}, "refsource": "CONFIRM",
{ "url": "https://bugs.php.net/bug.php?id=67326"
"name" : "68243", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/68243" "name": "APPLE-SA-2015-04-08-2",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
"name" : "59794", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/59794" "name": "http://support.apple.com/kb/HT6443",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT6443"
"name" : "59831", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/59831" "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
} "refsource": "CONFIRM",
] "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
} },
} {
"name": "RHSA-2014:1765",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name": "SSRT101681",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=141017844705317&w=2"
},
{
"name": "59831",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59831"
},
{
"name": "openSUSE-SU-2014:1236",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html"
}
]
}
}

34
2014/0xxx/CVE-2014-0265.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-0265", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-0265",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }
} }

34
2014/0xxx/CVE-2014-0696.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-0696", "ID": "CVE-2014-0696",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2014/0xxx/CVE-2014-0898.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-0898", "ID": "CVE-2014-0898",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

250
2014/4xxx/CVE-2014-4027.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-4027", "ID": "CVE-2014-4027",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20140611 Re: CVE request: Linux kernel / target information leak", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2014/06/11/1" "lang": "eng",
}, "value": "The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator."
{ }
"name" : "[target-devel] 20140616 [PATCH] target: Explicitly clear ramdisk_mcp backend pages", ]
"refsource" : "MLIST", },
"url" : "http://permalink.gmane.org/gmane.linux.scsi.target.devel/6618" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc", "description": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1108744", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1108744" ]
}, },
{ "references": {
"name" : "https://github.com/torvalds/linux/commit/4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/torvalds/linux/commit/4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc" "name": "SUSE-SU-2014:1316",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
"name" : "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html", },
"refsource" : "CONFIRM", {
"url" : "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html" "name": "59134",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/59134"
"name" : "SUSE-SU-2014:1316", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html" "name": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html",
}, "refsource": "CONFIRM",
{ "url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15685.html"
"name" : "SUSE-SU-2014:1319", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1108744",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1108744"
"name" : "USN-2334-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2334-1" "name": "USN-2335-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2335-1"
"name" : "USN-2335-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2335-1" "name": "USN-2334-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2334-1"
"name" : "59777", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/59777" "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc"
"name" : "60564", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/60564" "name": "SUSE-SU-2014:1319",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
"name" : "61310", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/61310" "name": "60564",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/60564"
"name" : "59134", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/59134" "name": "https://github.com/torvalds/linux/commit/4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc",
} "refsource": "CONFIRM",
] "url": "https://github.com/torvalds/linux/commit/4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc"
} },
} {
"name": "59777",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59777"
},
{
"name": "61310",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61310"
},
{
"name": "[oss-security] 20140611 Re: CVE request: Linux kernel / target information leak",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/06/11/1"
},
{
"name": "[target-devel] 20140616 [PATCH] target: Explicitly clear ramdisk_mcp backend pages",
"refsource": "MLIST",
"url": "http://permalink.gmane.org/gmane.linux.scsi.target.devel/6618"
}
]
}
}

130
2014/4xxx/CVE-2014-4307.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-4307", "ID": "CVE-2014-4307",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in categories-x.php in WebTitan before 4.04 allows remote attackers to execute arbitrary SQL commands via the sortkey parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.com/files/126984/WebTitan-4.01-Build-68-SQL-Injection-Command-Execution.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/126984/WebTitan-4.01-Build-68-SQL-Injection-Command-Execution.html" "lang": "eng",
}, "value": "SQL injection vulnerability in categories-x.php in WebTitan before 4.04 allows remote attackers to execute arbitrary SQL commands via the sortkey parameter."
{ }
"name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140606-0_WebTitan_Multiple_Vulnerabilities_v10.txt", ]
"refsource" : "MISC", },
"url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140606-0_WebTitan_Multiple_Vulnerabilities_v10.txt" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140606-0_WebTitan_Multiple_Vulnerabilities_v10.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140606-0_WebTitan_Multiple_Vulnerabilities_v10.txt"
},
{
"name": "http://packetstormsecurity.com/files/126984/WebTitan-4.01-Build-68-SQL-Injection-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126984/WebTitan-4.01-Build-68-SQL-Injection-Command-Execution.html"
}
]
}
}

180
2014/4xxx/CVE-2014-4489.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2014-4489", "ID": "CVE-2014-4489",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/HT204244", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/HT204244" "lang": "eng",
}, "value": "IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app."
{ }
"name" : "http://support.apple.com/HT204245", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/HT204245" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/HT204246", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/HT204246" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2015-01-27-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2015-01-27-2", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html" "name": "http://support.apple.com/HT204245",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/HT204245"
"name" : "APPLE-SA-2015-01-27-4", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" "name": "http://support.apple.com/HT204246",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/HT204246"
"name" : "1031650", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031650" "name": "1031650",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1031650"
} },
} {
"name": "APPLE-SA-2015-01-27-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
},
{
"name": "http://support.apple.com/HT204244",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204244"
},
{
"name": "APPLE-SA-2015-01-27-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"
},
{
"name": "APPLE-SA-2015-01-27-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
]
}
}

120
2014/4xxx/CVE-2014-4633.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security_alert@emc.com",
"ID" : "CVE-2014-4633", "ID": "CVE-2014-4633",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20141212 ESA-2014-163: RSA Archer GRC Platform Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-12/0073.html" "lang": "eng",
} "value": "Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141212 ESA-2014-163: RSA Archer GRC Platform Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-12/0073.html"
}
]
}
}

500
2014/8xxx/CVE-2014-8639.json
View File

@ -1,252 +1,252 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2014-8639", "ID": "CVE-2014-8639",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2014/mfsa2015-04.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2014/mfsa2015-04.html" "lang": "eng",
}, "value": "Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1095859", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1095859" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://linux.oracle.com/errata/ELSA-2015-0046.html", ]
"refsource" : "CONFIRM", }
"url" : "http://linux.oracle.com/errata/ELSA-2015-0046.html" ]
}, },
{ "references": {
"name" : "http://linux.oracle.com/errata/ELSA-2015-0047.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://linux.oracle.com/errata/ELSA-2015-0047.html" "name": "RHSA-2015:0046",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-0046.html"
"name" : "DSA-3127", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2015/dsa-3127" "name": "62242",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/62242"
"name" : "DSA-3132", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2015/dsa-3132" "name": "1031533",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1031533"
"name" : "GLSA-201504-01", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201504-01" "name": "USN-2460-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2460-1"
"name" : "RHSA-2015:0046", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0046.html" "name": "openSUSE-SU-2015:0192",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html"
"name" : "RHSA-2015:0047", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0047.html" "name": "62304",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/62304"
"name" : "openSUSE-SU-2015:0133", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html" "name": "http://linux.oracle.com/errata/ELSA-2015-0047.html",
}, "refsource": "CONFIRM",
{ "url": "http://linux.oracle.com/errata/ELSA-2015-0047.html"
"name" : "openSUSE-SU-2015:0077", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html" "name": "62259",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/62259"
"name" : "openSUSE-SU-2015:0192", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html" "name": "62250",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/62250"
"name" : "SUSE-SU-2015:0171", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html" "name": "SUSE-SU-2015:0173",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html"
"name" : "SUSE-SU-2015:0173", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html" "name": "62237",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/62237"
"name" : "SUSE-SU-2015:0180", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html" "name": "openSUSE-SU-2015:0077",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html"
"name" : "openSUSE-SU-2015:1266", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" "name": "62418",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/62418"
"name" : "USN-2460-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2460-1" "name": "SUSE-SU-2015:0171",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html"
"name" : "72046", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/72046" "name": "62316",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/62316"
"name" : "1031533", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031533" "name": "DSA-3132",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2015/dsa-3132"
"name" : "1031534", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031534" "name": "62274",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/62274"
"name" : "62237", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62237" "name": "firefox-cve20148639-session-hijacking(99959)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99959"
"name" : "62242", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62242" "name": "GLSA-201504-01",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201504-01"
"name" : "62250", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62250" "name": "62313",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/62313"
"name" : "62446", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62446" "name": "RHSA-2015:0047",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-0047.html"
"name" : "62657", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62657" "name": "62790",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/62790"
"name" : "62790", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62790" "name": "62293",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/62293"
"name" : "62253", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62253" "name": "62283",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/62283"
"name" : "62273", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62273" "name": "62446",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/62446"
"name" : "62274", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62274" "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
"name" : "62293", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62293" "name": "62657",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/62657"
"name" : "62304", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62304" "name": "62273",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/62273"
"name" : "62313", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62313" "name": "http://www.mozilla.org/security/announce/2014/mfsa2015-04.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2014/mfsa2015-04.html"
"name" : "62315", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62315" "name": "openSUSE-SU-2015:0133",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html"
"name" : "62316", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62316" "name": "openSUSE-SU-2015:1266",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
"name" : "62259", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62259" "name": "DSA-3127",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2015/dsa-3127"
"name" : "62283", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62283" "name": "SUSE-SU-2015:0180",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html"
"name" : "62418", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62418" "name": "62315",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/62315"
"name" : "firefox-cve20148639-session-hijacking(99959)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99959" "name": "http://linux.oracle.com/errata/ELSA-2015-0046.html",
} "refsource": "CONFIRM",
] "url": "http://linux.oracle.com/errata/ELSA-2015-0046.html"
} },
} {
"name": "62253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62253"
},
{
"name": "1031534",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031534"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1095859",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1095859"
},
{
"name": "72046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72046"
}
]
}
}

210
2014/9xxx/CVE-2014-9157.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9157", "ID": "CVE-2014-9157",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20141125 CVE Request: Graphviz format string vuln", "description_data": [
"refsource" : "MLIST", {
"url" : "http://seclists.org/oss-sec/2014/q4/784" "lang": "eng",
}, "value": "Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string."
{ }
"name" : "[oss-security] 20141201 Re: Re: CVE Request: Graphviz format string vuln", ]
"refsource" : "MLIST", },
"url" : "http://seclists.org/oss-sec/2014/q4/872" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://advisories.mageia.org/MGASA-2014-0520.html", ]
"refsource" : "CONFIRM", }
"url" : "http://advisories.mageia.org/MGASA-2014-0520.html" ]
}, },
{ "references": {
"name" : "DSA-3098", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2014/dsa-3098" "name": "MDVSA-2014:248",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:248"
"name" : "MDVSA-2014:248", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:248" "name": "graphviz-format-sting(98949)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98949"
"name" : "MDVSA-2015:187", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:187" "name": "MDVSA-2015:187",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:187"
"name" : "71283", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/71283" "name": "[oss-security] 20141201 Re: Re: CVE Request: Graphviz format string vuln",
}, "refsource": "MLIST",
{ "url": "http://seclists.org/oss-sec/2014/q4/872"
"name" : "60166", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/60166" "name": "http://advisories.mageia.org/MGASA-2014-0520.html",
}, "refsource": "CONFIRM",
{ "url": "http://advisories.mageia.org/MGASA-2014-0520.html"
"name" : "graphviz-format-sting(98949)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98949" "name": "71283",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/71283"
} },
} {
"name": "https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081",
"refsource": "CONFIRM",
"url": "https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081"
},
{
"name": "DSA-3098",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3098"
},
{
"name": "60166",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60166"
},
{
"name": "[oss-security] 20141125 CVE Request: Graphviz format string vuln",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q4/784"
}
]
}
}

130
2014/9xxx/CVE-2014-9355.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9355", "ID": "CVE-2014-9355",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://puppetlabs.com/security/cve/cve-2014-9355", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://puppetlabs.com/security/cve/cve-2014-9355" "lang": "eng",
}, "value": "Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint."
{ }
"name" : "61265", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/61265" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://puppetlabs.com/security/cve/cve-2014-9355",
"refsource": "CONFIRM",
"url": "http://puppetlabs.com/security/cve/cve-2014-9355"
},
{
"name": "61265",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61265"
}
]
}
}

130
2014/9xxx/CVE-2014-9557.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9557", "ID": "CVE-2014-9557",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in SmartCMS v.2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150122 CVE-2014-9557 SmartCMS Multiple XSS (Cross-Site Scripting) Security Vulnerabilities", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2015/Jan/97" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in SmartCMS v.2."
{ }
"name" : "http://packetstormsecurity.com/files/130076/SmartCMS-2-Cross-Site-Scripting.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/130076/SmartCMS-2-Cross-Site-Scripting.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150122 CVE-2014-9557 SmartCMS Multiple XSS (Cross-Site Scripting) Security Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/97"
},
{
"name": "http://packetstormsecurity.com/files/130076/SmartCMS-2-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130076/SmartCMS-2-Cross-Site-Scripting.html"
}
]
}
}

130
2014/9xxx/CVE-2014-9564.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9564", "ID": "CVE-2014-9564",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware before 3.4.1110 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks and resulting web cache poisoning or cross-site scripting (XSS) attacks, or obtain sensitive information via multiple unspecified parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5098173", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5098173" "lang": "eng",
}, "value": "CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware before 3.4.1110 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks and resulting web cache poisoning or cross-site scripting (XSS) attacks, or obtain sensitive information via multiple unspecified parameters."
{ }
"name" : "74931", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/74931" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5098173",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5098173"
},
{
"name": "74931",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74931"
}
]
}
}

180
2014/9xxx/CVE-2014-9735.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9735", "ID": "CVE-2014-9735",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to (1) upload and execute arbitrary files via an update_plugin action; (2) delete arbitrary sliders via a delete_slider action; and (3) create, (4) update, (5) import, or (6) export arbitrary sliders via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20151125 Slider Revolution/Showbiz Pro shell upload exploit", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2014/Nov/78" "lang": "eng",
}, "value": "The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to (1) upload and execute arbitrary files via an update_plugin action; (2) delete arbitrary sliders via a delete_slider action; and (3) create, (4) update, (5) import, or (6) export arbitrary sliders via unspecified vectors."
{ }
"name" : "https://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-massive-wordpress-soaksoak-compromise.html", ]
"refsource" : "MISC", },
"url" : "https://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-massive-wordpress-soaksoak-compromise.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://plugins.trac.wordpress.org/browser/patch-for-revolution-slider/trunk/revsliderpatch.php", "description": [
"refsource" : "MISC", {
"url" : "https://plugins.trac.wordpress.org/browser/patch-for-revolution-slider/trunk/revsliderpatch.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://whatisgon.wordpress.com/2014/11/30/another-revslider-vulnerability/", ]
"refsource" : "MISC", }
"url" : "https://whatisgon.wordpress.com/2014/11/30/another-revslider-vulnerability/" ]
}, },
{ "references": {
"name" : "https://wpvulndb.com/vulnerabilities/7954", "reference_data": [
"refsource" : "MISC", {
"url" : "https://wpvulndb.com/vulnerabilities/7954" "name": "https://wpvulndb.com/vulnerabilities/7954",
}, "refsource": "MISC",
{ "url": "https://wpvulndb.com/vulnerabilities/7954"
"name" : "http://www.themepunch.com/products/old-revolution-slider-pre-4-2-vulnerabilty-explained/", },
"refsource" : "CONFIRM", {
"url" : "http://www.themepunch.com/products/old-revolution-slider-pre-4-2-vulnerabilty-explained/" "name": "https://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-massive-wordpress-soaksoak-compromise.html",
}, "refsource": "MISC",
{ "url": "https://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-massive-wordpress-soaksoak-compromise.html"
"name" : "71306", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/71306" "name": "http://www.themepunch.com/products/old-revolution-slider-pre-4-2-vulnerabilty-explained/",
} "refsource": "CONFIRM",
] "url": "http://www.themepunch.com/products/old-revolution-slider-pre-4-2-vulnerabilty-explained/"
} },
} {
"name": "20151125 Slider Revolution/Showbiz Pro shell upload exploit",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/78"
},
{
"name": "71306",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71306"
},
{
"name": "https://plugins.trac.wordpress.org/browser/patch-for-revolution-slider/trunk/revsliderpatch.php",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/browser/patch-for-revolution-slider/trunk/revsliderpatch.php"
},
{
"name": "https://whatisgon.wordpress.com/2014/11/30/another-revslider-vulnerability/",
"refsource": "MISC",
"url": "https://whatisgon.wordpress.com/2014/11/30/another-revslider-vulnerability/"
}
]
}
}

190
2014/9xxx/CVE-2014-9848.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9848", "ID": "CVE-2014-9848",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160602 Re: ImageMagick CVEs", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13" "lang": "eng",
}, "value": "Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption)."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343507", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343507" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SU-2016:1784", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SUSE-SU-2016:3258", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00093.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2016:1748", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html" "name": "openSUSE-SU-2016:1833",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html"
"name" : "openSUSE-SU-2016:1833", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html" "name": "openSUSE-SU-2017:0023",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00006.html"
"name" : "openSUSE-SU-2017:0023", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00006.html" "name": "[oss-security] 20160602 Re: ImageMagick CVEs",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13"
"name" : "USN-3131-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-3131-1" "name": "openSUSE-SU-2016:1748",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html"
} },
} {
"name": "SUSE-SU-2016:1784",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html"
},
{
"name": "SUSE-SU-2016:3258",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00093.html"
},
{
"name": "USN-3131-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3131-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343507",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343507"
}
]
}
}

140
2016/3xxx/CVE-2016-3409.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-3409", "ID": "CVE-2016-3409",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 102637."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 102637."
{ }
"name" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", ]
"refsource" : "CONFIRM", },
"url" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "95896", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/95896" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0"
},
{
"name": "95896",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95896"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
]
}
}

140
2016/3xxx/CVE-2016-3835.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-3835", "ID": "CVE-2016-3835",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 28920116."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://source.android.com/security/bulletin/2016-08-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://source.android.com/security/bulletin/2016-08-01.html" "lang": "eng",
}, "value": "The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 28920116."
{ }
"name" : "https://android.googlesource.com/platform/hardware/qcom/media/+/7558d03e6498e970b761aa44fff6b2c659202d95", ]
"refsource" : "CONFIRM", },
"url" : "https://android.googlesource.com/platform/hardware/qcom/media/+/7558d03e6498e970b761aa44fff6b2c659202d95" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "92233", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/92233" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name": "https://android.googlesource.com/platform/hardware/qcom/media/+/7558d03e6498e970b761aa44fff6b2c659202d95",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/hardware/qcom/media/+/7558d03e6498e970b761aa44fff6b2c659202d95"
},
{
"name": "92233",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92233"
}
]
}
}

140
2016/6xxx/CVE-2016-6127.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6127", "ID": "CVE-2016-6127",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script or HTML via a file upload with an unspecified content type."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script or HTML via a file upload with an unspecified content type."
{ }
"name" : "DSA-3882", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2017/dsa-3882" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "99375", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99375" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016",
"refsource": "CONFIRM",
"url": "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016"
},
{
"name": "99375",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99375"
},
{
"name": "DSA-3882",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3882"
}
]
}
}

200
2016/6xxx/CVE-2016-6252.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6252", "ID": "CVE-2016-6252",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160719 Re: subuid security patches for shadow package", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/07/19/7" "lang": "eng",
}, "value": "Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap."
{ }
"name" : "[oss-security] 20160719 subuid security patches for shadow package", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2016/07/19/6" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20160720 Re: subuid security patches for shadow package", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/07/20/2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20160725 Re: Re: [Pkg-shadow-devel] subuid security patches for shadow package", ]
"refsource" : "MLIST", }
"url" : "http://www.openwall.com/lists/oss-security/2016/07/25/7" ]
}, },
{ "references": {
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=979282", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=979282" "name": "[oss-security] 20160719 Re: subuid security patches for shadow package",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2016/07/19/7"
"name" : "https://github.com/shadow-maint/shadow/issues/27", },
"refsource" : "CONFIRM", {
"url" : "https://github.com/shadow-maint/shadow/issues/27" "name": "92055",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/92055"
"name" : "DSA-3793", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3793" "name": "GLSA-201706-02",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201706-02"
"name" : "GLSA-201706-02", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201706-02" "name": "https://github.com/shadow-maint/shadow/issues/27",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/shadow-maint/shadow/issues/27"
"name" : "92055", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/92055" "name": "https://bugzilla.suse.com/show_bug.cgi?id=979282",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.suse.com/show_bug.cgi?id=979282"
} },
} {
"name": "[oss-security] 20160725 Re: Re: [Pkg-shadow-devel] subuid security patches for shadow package",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/25/7"
},
{
"name": "[oss-security] 20160719 subuid security patches for shadow package",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/19/6"
},
{
"name": "[oss-security] 20160720 Re: subuid security patches for shadow package",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/2"
},
{
"name": "DSA-3793",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3793"
}
]
}
}

140
2016/6xxx/CVE-2016-6336.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2016-6336", "ID": "CVE-2016-6336",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html" "lang": "eng",
}, "value": "MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1369613", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1369613" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://phabricator.wikimedia.org/T132926", "description": [
"refsource" : "CONFIRM", {
"url" : "https://phabricator.wikimedia.org/T132926" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "[MediaWiki-announce] 20160823 Security Release - 1.27.1, 1.26.4, 1.23.15",
"refsource": "MLIST",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613"
},
{
"name": "https://phabricator.wikimedia.org/T132926",
"refsource": "CONFIRM",
"url": "https://phabricator.wikimedia.org/T132926"
}
]
}
}

140
2016/6xxx/CVE-2016-6466.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2016-6466", "ID": "CVE-2016-6466",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco StarOS 20.0.0 through 21.0.M0.64246", "product_name": "Cisco StarOS 20.0.0 through 21.0.M0.64246",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco StarOS 20.0.0 through 21.0.M0.64246" "version_value": "Cisco StarOS 20.0.0 through 21.0.M0.64246"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. This vulnerability affects the following Cisco products: Cisco ASR 5000/5500 Series routers, Cisco Virtualized Packet Core (VPC). More Information: CSCva13631. Known Affected Releases: 20.0.0 20.1.0 20.2.0 20.2.3 20.2.v1 21.0.0 21.0.M0.64246. Known Fixed Releases: 20.2.3 20.2.3.65026 20.2.a4.65307 20.2.v1 20.2.v1.65353 20.3.M0.65037 20.3.T0.65043 21.0.0 21.0.0.65256 21.0.M0.64595 21.0.M0.64860 21.0.M0.65140 21.0.V0.65052 21.0.V0.65150 21.0.V0.65366 21.0.VC0.64639 21.1.A0.64861 21.1.A0.65145 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.R0.65154 21.1.VC0.64898 21.1.VC0.65203 21.2.A0.65147."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unspecified"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asr", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asr" "lang": "eng",
}, "value": "A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. This vulnerability affects the following Cisco products: Cisco ASR 5000/5500 Series routers, Cisco Virtualized Packet Core (VPC). More Information: CSCva13631. Known Affected Releases: 20.0.0 20.1.0 20.2.0 20.2.3 20.2.v1 21.0.0 21.0.M0.64246. Known Fixed Releases: 20.2.3 20.2.3.65026 20.2.a4.65307 20.2.v1 20.2.v1.65353 20.3.M0.65037 20.3.T0.65043 21.0.0 21.0.0.65256 21.0.M0.64595 21.0.M0.64860 21.0.M0.65140 21.0.V0.65052 21.0.V0.65150 21.0.V0.65366 21.0.VC0.64639 21.1.A0.64861 21.1.A0.65145 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.R0.65154 21.1.VC0.64898 21.1.VC0.65203 21.2.A0.65147."
{ }
"name" : "94361", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/94361" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037308", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037308" "lang": "eng",
} "value": "unspecified"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asr",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asr"
},
{
"name": "1037308",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037308"
},
{
"name": "94361",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94361"
}
]
}
}

140
2016/6xxx/CVE-2016-6621.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6621", "ID": "CVE-2016-6621",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180706 [SECURITY] [DLA 1415-1] phpmyadmin security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html" "lang": "eng",
}, "value": "The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors."
{ }
"name" : "https://www.phpmyadmin.net/security/PMASA-2016-44/", ]
"refsource" : "CONFIRM", },
"url" : "https://www.phpmyadmin.net/security/PMASA-2016-44/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "95914", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/95914" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://www.phpmyadmin.net/security/PMASA-2016-44/",
"refsource": "CONFIRM",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-44/"
},
{
"name": "[debian-lts-announce] 20180706 [SECURITY] [DLA 1415-1] phpmyadmin security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html"
},
{
"name": "95914",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95914"
}
]
}
}

140
2016/7xxx/CVE-2016-7013.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2016-7013", "ID": "CVE-2016-7013",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" "lang": "eng",
}, "value": "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019."
{ }
"name" : "93496", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/93496" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1036986", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036986" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1036986",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036986"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
},
{
"name": "93496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93496"
}
]
}
}

34
2016/7xxx/CVE-2016-7309.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-7309", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-7309",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

180
2016/7xxx/CVE-2016-7632.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2016-7632", "ID": "CVE-2016-7632",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT207421", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207421" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
{ }
"name" : "https://support.apple.com/HT207422", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT207422" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT207424", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207424" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://support.apple.com/HT207427", ]
"refsource" : "CONFIRM", }
"url" : "https://support.apple.com/HT207427" ]
}, },
{ "references": {
"name" : "GLSA-201706-15", "reference_data": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201706-15" "name": "https://support.apple.com/HT207427",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT207427"
"name" : "94907", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/94907" "name": "94907",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/94907"
"name" : "1037459", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037459" "name": "https://support.apple.com/HT207421",
} "refsource": "CONFIRM",
] "url": "https://support.apple.com/HT207421"
} },
} {
"name": "1037459",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037459"
},
{
"name": "https://support.apple.com/HT207422",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207422"
},
{
"name": "GLSA-201706-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-15"
},
{
"name": "https://support.apple.com/HT207424",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207424"
}
]
}
}

34
2016/7xxx/CVE-2016-7691.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-7691", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-7691",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

190
2016/7xxx/CVE-2016-7800.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-7800", "ID": "CVE-2016-7800",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20161001 Re: GraphicsMagick CVE request: 8BIM/8BIMW unsigned underflow leads to heap overflow", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/10/01/7" "lang": "eng",
}, "value": "Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1381148", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1381148" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://sourceforge.net/p/graphicsmagick/code/ci/5c7b6d6094a25e99c57f8b18343914ebfd8213ef/", "description": [
"refsource" : "CONFIRM", {
"url" : "https://sourceforge.net/p/graphicsmagick/code/ci/5c7b6d6094a25e99c57f8b18343914ebfd8213ef/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-3746", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2016/dsa-3746" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2016:2641", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html" "name": "https://sourceforge.net/p/graphicsmagick/code/ci/5c7b6d6094a25e99c57f8b18343914ebfd8213ef/",
}, "refsource": "CONFIRM",
{ "url": "https://sourceforge.net/p/graphicsmagick/code/ci/5c7b6d6094a25e99c57f8b18343914ebfd8213ef/"
"name" : "openSUSE-SU-2016:2644", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html" "name": "openSUSE-SU-2016:2641",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html"
"name" : "96135", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96135" "name": "[oss-security] 20161001 Re: GraphicsMagick CVE request: 8BIM/8BIMW unsigned underflow leads to heap overflow",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2016/10/01/7"
"name" : "93262", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/93262" "name": "93262",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/93262"
} },
} {
"name": "DSA-3746",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3746"
},
{
"name": "openSUSE-SU-2016:2644",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1381148",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1381148"
},
{
"name": "96135",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96135"
}
]
}
}

34
2016/8xxx/CVE-2016-8251.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-8251", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-8251",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

130
2016/8xxx/CVE-2016-8470.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-8470", "ID": "CVE-2016-8470",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31528889. References: MT-ALPS02961395."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-01-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-01-01.html" "lang": "eng",
}, "value": "An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31528889. References: MT-ALPS02961395."
{ }
"name" : "95235", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95235" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-01-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-01-01.html"
},
{
"name": "95235",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95235"
}
]
}
}