admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:30:12 +00:00
parent 5e5da33835
commit 0d83dde74f
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
45 changed files with 3170 additions and 3170 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

178
2006/0xxx/CVE-2006-0250.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0250", "ID": "CVE-2006-0250",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in the snmp_input function in snmptrapd in CMU SNMP utilities (cmu-snmp) allows remote attackers to execute arbitrary code by sending crafted SNMP messages to UDP port 162."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060116 Digital Armaments Security Advisory 01.16.2006: CMU SNMP utilities snmptrad Format String Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/422086/100/0/threaded" "lang": "eng",
}, "value": "Format string vulnerability in the snmp_input function in snmptrapd in CMU SNMP utilities (cmu-snmp) allows remote attackers to execute arbitrary code by sending crafted SNMP messages to UDP port 162."
{ }
"name" : "http://www.digitalarmaments.com/2006040164883273.html", ]
"refsource" : "MISC", },
"url" : "http://www.digitalarmaments.com/2006040164883273.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16267", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16267" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-0234", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/0234" ]
}, },
{ "references": {
"name" : "22493", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22493" "name": "16267",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/16267"
"name" : "18525", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18525" "name": "22493",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/22493"
"name" : "cmusnmp-snmpinput-format-string(24178)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24178" "name": "http://www.digitalarmaments.com/2006040164883273.html",
} "refsource": "MISC",
] "url": "http://www.digitalarmaments.com/2006040164883273.html"
} },
{
"name": "18525",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18525"
},
{
"name": "ADV-2006-0234",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0234"
},
{
"name": "cmusnmp-snmpinput-format-string(24178)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24178"
},
{
"name": "20060116 Digital Armaments Security Advisory 01.16.2006: CMU SNMP utilities snmptrad Format String Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422086/100/0/threaded"
}
]
}
} }

118
2006/0xxx/CVE-2006-0546.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0546", "ID": "CVE-2006-0546",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in index.php in a certain application available from /v1/tr/portfoy.php on www.egeinternet.com allows remote attackers to execute arbitrary code via \"evilcode\" in the key parameter, possibly a PHP remote file include vulnerability in which the attack vector is a URL in the key parameter. NOTE: it is not clear whether this vulnerability is associated with an online service or application service provider. If so, then it should not be included in CVE."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060128 Ege Internet Web Desing Remote Command Exucetion", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/423365/100/0/threaded" "lang": "eng",
} "value": "Unspecified vulnerability in index.php in a certain application available from /v1/tr/portfoy.php on www.egeinternet.com allows remote attackers to execute arbitrary code via \"evilcode\" in the key parameter, possibly a PHP remote file include vulnerability in which the attack vector is a URL in the key parameter. NOTE: it is not clear whether this vulnerability is associated with an online service or application service provider. If so, then it should not be included in CVE."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060128 Ege Internet Web Desing Remote Command Exucetion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423365/100/0/threaded"
}
]
}
} }

168
2006/1xxx/CVE-2006-1355.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1355", "ID": "CVE-2006-1355",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "avast! Antivirus 4.6.763 and earlier sets \"BUILTIN\\Everyone\" permissions to critical system files in the installation folder, which allows local users to gain privileges or disable protection by modifying those files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.dslreports.com/forum/remark,15601404~days=9999~start=20", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.dslreports.com/forum/remark,15601404~days=9999~start=20" "lang": "eng",
}, "value": "avast! Antivirus 4.6.763 and earlier sets \"BUILTIN\\Everyone\" permissions to critical system files in the installation folder, which allows local users to gain privileges or disable protection by modifying those files."
{ }
"name" : "http://forum.avast.com/index.php?topic=19862.0", ]
"refsource" : "CONFIRM", },
"url" : "http://forum.avast.com/index.php?topic=19862.0" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "17158", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17158" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-1011", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/1011" ]
}, },
{ "references": {
"name" : "19284", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19284" "name": "http://www.dslreports.com/forum/remark,15601404~days=9999~start=20",
}, "refsource": "MISC",
{ "url": "http://www.dslreports.com/forum/remark,15601404~days=9999~start=20"
"name" : "avast-default-insecure-permissions(25336)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25336" "name": "19284",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/19284"
} },
{
"name": "http://forum.avast.com/index.php?topic=19862.0",
"refsource": "CONFIRM",
"url": "http://forum.avast.com/index.php?topic=19862.0"
},
{
"name": "ADV-2006-1011",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1011"
},
{
"name": "avast-default-insecure-permissions(25336)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25336"
},
{
"name": "17158",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17158"
}
]
}
} }

198
2006/1xxx/CVE-2006-1639.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1639", "ID": "CVE-2006-1639",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in wpBlog 0.4 allows remote attackers to execute arbitrary SQL commands via the postid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060417 [eVuln] Wire Plastik wpBlog SQL Injection Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/431186/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php in wpBlog 0.4 allows remote attackers to execute arbitrary SQL commands via the postid parameter."
{ }
"name" : "http://evuln.com/vulns/119/summary.html", ]
"refsource" : "MISC", },
"url" : "http://evuln.com/vulns/119/summary.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "17381", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17381" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-1238", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/1238" ]
}, },
{ "references": {
"name" : "24385", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/24385" "name": "24385",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/24385"
"name" : "1015951", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015951" "name": "wpblog-index-sql-injection(25628)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25628"
"name" : "19538", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19538" "name": "17381",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/17381"
"name" : "734", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/734" "name": "ADV-2006-1238",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/1238"
"name" : "wpblog-index-sql-injection(25628)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25628" "name": "1015951",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1015951"
} },
{
"name": "http://evuln.com/vulns/119/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/119/summary.html"
},
{
"name": "734",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/734"
},
{
"name": "19538",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19538"
},
{
"name": "20060417 [eVuln] Wire Plastik wpBlog SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431186/100/0/threaded"
}
]
}
} }

178
2006/5xxx/CVE-2006-5162.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5162", "ID": "CVE-2006-5162",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows remote attackers to cause a denial of service (unhandled exception and crash) via a long Content-Type header, which triggers a stack overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060722 Microsoft Internet Explorer DOS Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-07/0379.html" "lang": "eng",
}, "value": "wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows remote attackers to cause a denial of service (unhandled exception and crash) via a long Content-Type header, which triggers a stack overflow."
{ }
"name" : "2039", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/2039" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "19092", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/19092" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-2917", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/2917" ]
}, },
{ "references": {
"name" : "29129", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/29129" "name": "29129",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/29129"
"name" : "1683", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1683" "name": "ie-wininet-dos(27900)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27900"
"name" : "ie-wininet-dos(27900)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27900" "name": "2039",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/2039"
} },
{
"name": "ADV-2006-2917",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2917"
},
{
"name": "20060722 Microsoft Internet Explorer DOS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0379.html"
},
{
"name": "19092",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19092"
},
{
"name": "1683",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1683"
}
]
}
} }

158
2006/5xxx/CVE-2006-5422.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5422", "ID": "CVE-2006-5422",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in calcul-page.php in Lodel (patchlodel) 0.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the home parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061014 patchlodel-0.7.3 - Remote File Include Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=116104206220783&w=2" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in calcul-page.php in Lodel (patchlodel) 0.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the home parameter."
{ }
"name" : "20551", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/20551" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-4082", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4082" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "22429", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/22429" ]
}, },
{ "references": {
"name" : "patchlodel-calcul-file-include(29606)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29606" "name": "ADV-2006-4082",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/4082"
} },
{
"name": "20551",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20551"
},
{
"name": "22429",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22429"
},
{
"name": "patchlodel-calcul-file-include(29606)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29606"
},
{
"name": "20061014 patchlodel-0.7.3 - Remote File Include Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=116104206220783&w=2"
}
]
}
} }

32
2006/5xxx/CVE-2006-5993.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2006-5993", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2006-5993",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
} }
] ]
} }
} }

138
2010/0xxx/CVE-2010-0240.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2010-0240", "ID": "CVE-2010-0240",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka \"Header MDL Fragmentation Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS10-009", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-009" "lang": "eng",
}, "value": "The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka \"Header MDL Fragmentation Vulnerability.\""
{ }
"name" : "TA10-040A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-040A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:8400", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8400" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "MS10-009",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-009"
},
{
"name": "TA10-040A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-040A.html"
},
{
"name": "oval:org.mitre.oval:def:8400",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8400"
}
]
}
} }

32
2010/0xxx/CVE-2010-0353.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-0353", "ID": "CVE-2010-0353",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

158
2010/0xxx/CVE-2010-0476.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2010-0476", "ID": "CVE-2010-0476",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka \"SMB Client Response Parsing Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS10-020", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020" "lang": "eng",
}, "value": "The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka \"SMB Client Response Parsing Vulnerability.\""
{ }
"name" : "TA10-103A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-103A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "39336", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/39336" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:6918", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6918" ]
}, },
{ "references": {
"name" : "39372", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39372" "name": "39336",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/39336"
} },
{
"name": "39372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39372"
},
{
"name": "MS10-020",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020"
},
{
"name": "oval:org.mitre.oval:def:6918",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6918"
},
{
"name": "TA10-103A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-103A.html"
}
]
}
} }

168
2010/2xxx/CVE-2010-2657.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2657", "ID": "CVE-2010-2657",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera before 10.60 on Windows and Mac OS X does not properly prevent certain double-click operations from running a program located on a web site, which allows user-assisted remote attackers to execute arbitrary code via a crafted web page that bypasses a dialog."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.opera.com/docs/changelogs/mac/1060/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.opera.com/docs/changelogs/mac/1060/" "lang": "eng",
}, "value": "Opera before 10.60 on Windows and Mac OS X does not properly prevent certain double-click operations from running a program located on a web site, which allows user-assisted remote attackers to execute arbitrary code via a crafted web page that bypasses a dialog."
{ }
"name" : "http://www.opera.com/docs/changelogs/windows/1060/", ]
"refsource" : "CONFIRM", },
"url" : "http://www.opera.com/docs/changelogs/windows/1060/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.opera.com/support/search/view/957/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.opera.com/support/search/view/957/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:11856", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11856" ]
}, },
{ "references": {
"name" : "40375", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40375" "name": "40375",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/40375"
"name" : "ADV-2010-1664", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1664" "name": "http://www.opera.com/docs/changelogs/mac/1060/",
} "refsource": "CONFIRM",
] "url": "http://www.opera.com/docs/changelogs/mac/1060/"
} },
{
"name": "oval:org.mitre.oval:def:11856",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11856"
},
{
"name": "http://www.opera.com/support/search/view/957/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/search/view/957/"
},
{
"name": "ADV-2010-1664",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1664"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/1060/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/1060/"
}
]
}
} }

128
2010/2xxx/CVE-2010-2725.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2725", "ID": "CVE-2010-2725",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BarnOwl before 1.6.2 does not check the return code of calls to the (1) ZPending and (2) ZReceiveNotice functions in libzephyr, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://barnowl.mit.edu/wiki/release-notes/1.6.2", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://barnowl.mit.edu/wiki/release-notes/1.6.2" "lang": "eng",
}, "value": "BarnOwl before 1.6.2 does not check the return code of calls to the (1) ZPending and (2) ZReceiveNotice functions in libzephyr, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors."
{ }
"name" : "http://github.com/barnowl/barnowl/blob/barnowl-1.6.2/ChangeLog", ]
"refsource" : "CONFIRM", },
"url" : "http://github.com/barnowl/barnowl/blob/barnowl-1.6.2/ChangeLog" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/barnowl/barnowl/blob/barnowl-1.6.2/ChangeLog",
"refsource": "CONFIRM",
"url": "http://github.com/barnowl/barnowl/blob/barnowl-1.6.2/ChangeLog"
},
{
"name": "http://barnowl.mit.edu/wiki/release-notes/1.6.2",
"refsource": "CONFIRM",
"url": "http://barnowl.mit.edu/wiki/release-notes/1.6.2"
}
]
}
} }

208
2010/3xxx/CVE-2010-3334.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2010-3334", "ID": "CVE-2010-3334",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka \"Office Art Drawing Records Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20101109 Secunia Research: Microsoft Office Drawing Shape Container Parsing Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/514699/100/0/threaded" "lang": "eng",
}, "value": "Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka \"Office Art Drawing Records Vulnerability.\""
{ }
"name" : "http://secunia.com/secunia_research/2010-4/", ]
"refsource" : "MISC", },
"url" : "http://secunia.com/secunia_research/2010-4/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MS10-087", "description": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "TA10-313A", ]
"refsource" : "CERT", }
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-313A.html" ]
}, },
{ "references": {
"name" : "44656", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/44656" "name": "1024705",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1024705"
"name" : "oval:org.mitre.oval:def:11439", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11439" "name": "oval:org.mitre.oval:def:11439",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11439"
"name" : "1024705", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024705" "name": "42144",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42144"
"name" : "38521", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38521" "name": "20101109 Secunia Research: Microsoft Office Drawing Shape Container Parsing Vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/514699/100/0/threaded"
"name" : "42144", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42144" "name": "38521",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38521"
"name" : "ADV-2010-2923", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2923" "name": "ADV-2010-2923",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2010/2923"
} },
{
"name": "44656",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44656"
},
{
"name": "http://secunia.com/secunia_research/2010-4/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-4/"
},
{
"name": "MS10-087",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087"
},
{
"name": "TA10-313A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-313A.html"
}
]
}
} }

118
2010/3xxx/CVE-2010-3382.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3382", "ID": "CVE-2010-3382",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "tauex in Tuning and Analysis Utilities (TAU) 2.16.4 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598303", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598303" "lang": "eng",
} "value": "tauex in Tuning and Analysis Utilities (TAU) 2.16.4 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598303",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598303"
}
]
}
} }

478
2010/3xxx/CVE-2010-3704.json
View File

@ -1,242 +1,242 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-3704", "ID": "CVE-2010-3704",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20101004 Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2010/10/04/6" "lang": "eng",
}, "value": "The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption."
{ }
"name" : "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch", ]
"refsource" : "CONFIRM", },
"url" : "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473", "description": [
"refsource" : "CONFIRM", {
"url" : "http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=638960", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=638960" ]
}, },
{ "references": {
"name" : "http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html" "name": "FEDORA-2010-16662",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html"
"name" : "DSA-2119", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2010/dsa-2119" "name": "[oss-security] 20101004 Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2010/10/04/6"
"name" : "DSA-2135", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2010/dsa-2135" "name": "FEDORA-2010-15857",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html"
"name" : "FEDORA-2010-15857", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html" "name": "RHSA-2010:0859",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0859.html"
"name" : "FEDORA-2010-15911", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html" "name": "42357",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42357"
"name" : "FEDORA-2010-15981", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html" "name": "MDVSA-2010:228",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:228"
"name" : "FEDORA-2010-16662", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html" "name": "ADV-2011-0230",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0230"
"name" : "FEDORA-2010-16705", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html" "name": "RHSA-2010:0752",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0752.html"
"name" : "FEDORA-2010-16744", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html" "name": "http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html"
"name" : "MDVSA-2010:228", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:228" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=638960",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=638960"
"name" : "MDVSA-2010:229", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:229" "name": "MDVSA-2010:230",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:230"
"name" : "MDVSA-2010:230", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:230" "name": "SUSE-SR:2010:022",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
"name" : "MDVSA-2010:231", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:231" "name": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473",
}, "refsource": "CONFIRM",
{ "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473"
"name" : "MDVSA-2012:144", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144" "name": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch",
}, "refsource": "CONFIRM",
{ "url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch"
"name" : "RHSA-2010:0749", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0749.html" "name": "RHSA-2012:1201",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
"name" : "RHSA-2010:0751", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0751.html" "name": "MDVSA-2010:231",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:231"
"name" : "RHSA-2010:0752", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0752.html" "name": "FEDORA-2010-16705",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html"
"name" : "RHSA-2010:0753", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0753.html" "name": "SSA:2010-324-01",
}, "refsource": "SLACKWARE",
{ "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720"
"name" : "RHSA-2010:0859", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0859.html" "name": "RHSA-2010:0751",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0751.html"
"name" : "RHSA-2012:1201", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1201.html" "name": "42397",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42397"
"name" : "SSA:2010-324-01", },
"refsource" : "SLACKWARE", {
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720" "name": "42141",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42141"
"name" : "SUSE-SR:2010:022", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html" "name": "FEDORA-2010-15911",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html"
"name" : "SUSE-SR:2010:024", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html" "name": "MDVSA-2012:144",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
"name" : "USN-1005-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1005-1" "name": "ADV-2010-3097",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/3097"
"name" : "43841", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/43841" "name": "USN-1005-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1005-1"
"name" : "42141", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42141" "name": "RHSA-2010:0749",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0749.html"
"name" : "42397", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42397" "name": "FEDORA-2010-15981",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html"
"name" : "42357", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42357" "name": "FEDORA-2010-16744",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html"
"name" : "42691", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42691" "name": "ADV-2010-2897",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/2897"
"name" : "43079", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43079" "name": "42691",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42691"
"name" : "ADV-2010-2897", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2897" "name": "DSA-2119",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2010/dsa-2119"
"name" : "ADV-2010-3097", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/3097" "name": "SUSE-SR:2010:024",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
"name" : "ADV-2011-0230", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0230" "name": "MDVSA-2010:229",
} "refsource": "MANDRIVA",
] "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:229"
} },
{
"name": "43841",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43841"
},
{
"name": "DSA-2135",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2135"
},
{
"name": "RHSA-2010:0753",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0753.html"
},
{
"name": "43079",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43079"
}
]
}
} }

268
2010/3xxx/CVE-2010-3849.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-3849", "ID": "CVE-2010-3849",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20101207 Linux kernel exploit", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0086.html" "lang": "eng",
}, "value": "The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field."
{ }
"name" : "[oss-security] 20101129 kernel: Multiple vulnerabilities in AF_ECONET", ]
"refsource" : "MLIST", },
"url" : "http://openwall.com/lists/oss-security/2010/11/30/1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fa0e846494792e722d817b9d3d625a4ef4896c96", "description": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fa0e846494792e722d817b9d3d625a4ef4896c96" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2", ]
"refsource" : "CONFIRM", }
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=644156", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=644156" "name": "43056",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43056"
"name" : "DSA-2126", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2010/dsa-2126" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=644156",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=644156"
"name" : "MDVSA-2010:257", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:257" "name": "20101207 Linux kernel exploit",
}, "refsource": "FULLDISC",
{ "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0086.html"
"name" : "SUSE-SA:2011:005", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html" "name": "SUSE-SA:2011:007",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
"name" : "SUSE-SA:2011:007", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html" "name": "[oss-security] 20101129 kernel: Multiple vulnerabilities in AF_ECONET",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2010/11/30/1"
"name" : "SUSE-SA:2011:008", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html" "name": "ADV-2011-0298",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0298"
"name" : "USN-1023-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1023-1" "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2",
}, "refsource": "CONFIRM",
{ "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36.2"
"name" : "43056", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43056" "name": "MDVSA-2010:257",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:257"
"name" : "43291", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43291" "name": "SUSE-SA:2011:005",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html"
"name" : "ADV-2011-0213", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0213" "name": "ADV-2011-0375",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0375"
"name" : "ADV-2011-0298", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0298" "name": "USN-1023-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1023-1"
"name" : "ADV-2011-0375", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0375" "name": "SUSE-SA:2011:008",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html"
} },
{
"name": "43291",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43291"
},
{
"name": "ADV-2011-0213",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0213"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fa0e846494792e722d817b9d3d625a4ef4896c96",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fa0e846494792e722d817b9d3d625a4ef4896c96"
},
{
"name": "DSA-2126",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2126"
}
]
}
} }

168
2010/4xxx/CVE-2010-4009.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2010-4009", "ID": "CVE-2010-4009",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT4447", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4447" "lang": "eng",
}, "value": "Integer overflow in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file."
{ }
"name" : "http://support.apple.com/kb/HT4581", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT4581" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2010-12-07-1", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2011-03-21-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:16218", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16218" "name": "APPLE-SA-2010-12-07-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html"
"name" : "1024830", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024830" "name": "APPLE-SA-2011-03-21-1",
} "refsource": "APPLE",
] "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
} },
{
"name": "oval:org.mitre.oval:def:16218",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16218"
},
{
"name": "http://support.apple.com/kb/HT4447",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4447"
},
{
"name": "1024830",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024830"
},
{
"name": "http://support.apple.com/kb/HT4581",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4581"
}
]
}
} }

32
2010/4xxx/CVE-2010-4134.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2010-4134", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2010-4134",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
} }
] ]
} }
} }

168
2010/4xxx/CVE-2010-4400.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4400", "ID": "CVE-2010-4400",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRights_UserId parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "15646", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/15646" "lang": "eng",
}, "value": "SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRights_UserId parameter."
{ }
"name" : "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.htbridge.ch/advisory/sql_injection_in_dynpg.html", "description": [
"refsource" : "MISC", {
"url" : "http://www.htbridge.ch/advisory/sql_injection_in_dynpg.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update&read_article=226", ]
"refsource" : "CONFIRM", }
"url" : "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update&read_article=226" ]
}, },
{ "references": {
"name" : "45115", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/45115" "name": "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update&read_article=226",
}, "refsource": "CONFIRM",
{ "url": "http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update&read_article=226"
"name" : "69631", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/69631" "name": "45115",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/45115"
} },
{
"name": "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/96230/dynpg-lfisqldisclose.txt"
},
{
"name": "http://www.htbridge.ch/advisory/sql_injection_in_dynpg.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/sql_injection_in_dynpg.html"
},
{
"name": "69631",
"refsource": "OSVDB",
"url": "http://osvdb.org/69631"
},
{
"name": "15646",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15646"
}
]
}
} }

32
2014/3xxx/CVE-2014-3143.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3143", "ID": "CVE-2014-3143",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2014/3xxx/CVE-2014-3371.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-3371", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-3371",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }
} }

128
2014/3xxx/CVE-2014-3852.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3852", "ID": "CVE-2014-3852",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Pyplate 0.08 does not include the HTTPOnly flag in a Set-Cookie header for the id cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20140514 CVE request: Pyplate multiple vulnerabilities", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2014/05/14/3" "lang": "eng",
}, "value": "Pyplate 0.08 does not include the HTTPOnly flag in a Set-Cookie header for the id cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie."
{ }
"name" : "[oss-security] 20140523 Re: CVE request: Pyplate multiple vulnerabilities", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2014/05/23/1" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140523 Re: CVE request: Pyplate multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/23/1"
},
{
"name": "[oss-security] 20140514 CVE request: Pyplate multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/14/3"
}
]
}
} }

32
2014/3xxx/CVE-2014-3918.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3918", "ID": "CVE-2014-3918",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

148
2014/4xxx/CVE-2014-4334.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-4334", "ID": "CVE-2014-4334",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Ubisoft Rayman Legends before 1.3.140380 allows remote attackers to execute arbitrary code via a long string in the \"second connection\" to TCP port 1001."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "33804", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/33804" "lang": "eng",
}, "value": "Stack-based buffer overflow in Ubisoft Rayman Legends before 1.3.140380 allows remote attackers to execute arbitrary code via a long string in the \"second connection\" to TCP port 1001."
{ }
"name" : "http://packetstormsecurity.com/files/127133/Ubisoft-Rayman-Legends-1.2.103716-Buffer-Overflow.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/127133/Ubisoft-Rayman-Legends-1.2.103716-Buffer-Overflow.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5187.php", "description": [
"refsource" : "MISC", {
"url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5187.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "68080", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/68080" ]
} },
] "references": {
} "reference_data": [
{
"name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5187.php",
"refsource": "MISC",
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5187.php"
},
{
"name": "68080",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68080"
},
{
"name": "33804",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/33804"
},
{
"name": "http://packetstormsecurity.com/files/127133/Ubisoft-Rayman-Legends-1.2.103716-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127133/Ubisoft-Rayman-Legends-1.2.103716-Buffer-Overflow.html"
}
]
}
} }

158
2014/4xxx/CVE-2014-4398.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2014-4398", "ID": "CVE-2014-4398",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://code.google.com/p/google-security-research/issues/detail?id=32", "description_data": [
"refsource" : "MISC", {
"url" : "https://code.google.com/p/google-security-research/issues/detail?id=32" "lang": "eng",
}, "value": "An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416."
{ }
"name" : "http://support.apple.com/kb/HT6443", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT6443" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "69894", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/69894" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1030868", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1030868" ]
}, },
{ "references": {
"name" : "macosx-cve20144398-code-exec(96058)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96058" "name": "macosx-cve20144398-code-exec(96058)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96058"
} },
{
"name": "69894",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69894"
},
{
"name": "https://code.google.com/p/google-security-research/issues/detail?id=32",
"refsource": "MISC",
"url": "https://code.google.com/p/google-security-research/issues/detail?id=32"
},
{
"name": "1030868",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030868"
},
{
"name": "http://support.apple.com/kb/HT6443",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6443"
}
]
}
} }

118
2014/4xxx/CVE-2014-4867.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-4867", "ID": "CVE-2014-4867",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cryoserver Security Appliance 7.3.x uses weak permissions for /etc/init.d/cryoserver, which allows local users to gain privileges by leveraging access to the support account and running the /bin/cryo-mgmt program."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#280844", "description_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/280844" "lang": "eng",
} "value": "Cryoserver Security Appliance 7.3.x uses weak permissions for /etc/init.d/cryoserver, which allows local users to gain privileges by leveraging access to the support account and running the /bin/cryo-mgmt program."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#280844",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/280844"
}
]
}
} }

32
2014/4xxx/CVE-2014-4961.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-4961", "ID": "CVE-2014-4961",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2014/8xxx/CVE-2014-8374.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-8374", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-8374",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }
} }

118
2014/8xxx/CVE-2014-8451.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2014-8451", "ID": "CVE-2014-8451",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8448."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://helpx.adobe.com/security/products/reader/apsb14-28.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://helpx.adobe.com/security/products/reader/apsb14-28.html" "lang": "eng",
} "value": "An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8448."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://helpx.adobe.com/security/products/reader/apsb14-28.html",
"refsource": "CONFIRM",
"url": "http://helpx.adobe.com/security/products/reader/apsb14-28.html"
}
]
}
} }

128
2014/8xxx/CVE-2014-8558.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8558", "ID": "CVE-2014-8558",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "JExperts Channel Platform 5.0.33_CCB allows remote authenticated users to bypass access restrictions via crafted action and key parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20141106 CVE-2014-8558 - JExperts Tecnologia - Channel Software Escalation Access Issues", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2014/Nov/10" "lang": "eng",
}, "value": "JExperts Channel Platform 5.0.33_CCB allows remote authenticated users to bypass access restrictions via crafted action and key parameters."
{ }
"name" : "http://packetstormsecurity.com/files/129010/JExperts-Tecnologia-Channel-Software-Privilege-Escalation.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/129010/JExperts-Tecnologia-Channel-Software-Privilege-Escalation.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141106 CVE-2014-8558 - JExperts Tecnologia - Channel Software Escalation Access Issues",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/10"
},
{
"name": "http://packetstormsecurity.com/files/129010/JExperts-Tecnologia-Channel-Software-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129010/JExperts-Tecnologia-Channel-Software-Privilege-Escalation.html"
}
]
}
} }

138
2014/8xxx/CVE-2014-8953.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8953", "ID": "CVE-2014-8953",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Php Scriptlerim Who's Who script allow remote attackers to hijack the authentication of administrators or requests that (1) add an admin account via a request to filepath/yonetim/plugin/adminsave.php or have unspecified impact via a request to (2) ayarsave.php, (3) uyesave.php, (4) slaytadd.php, or (5) slaytsave.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "35129", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/35129" "lang": "eng",
}, "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Php Scriptlerim Who's Who script allow remote attackers to hijack the authentication of administrators or requests that (1) add an admin account via a request to filepath/yonetim/plugin/adminsave.php or have unspecified impact via a request to (2) ayarsave.php, (3) uyesave.php, (4) slaytadd.php, or (5) slaytsave.php."
{ }
"name" : "http://packetstormsecurity.com/files/129102/Whos-Who-Script-Cross-Site-Request-Forgery.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/129102/Whos-Who-Script-Cross-Site-Request-Forgery.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "whoswhoscript-multiple-csrf(98631)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98631" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/129102/Whos-Who-Script-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129102/Whos-Who-Script-Cross-Site-Request-Forgery.html"
},
{
"name": "35129",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35129"
},
{
"name": "whoswhoscript-multiple-csrf(98631)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98631"
}
]
}
} }

128
2014/9xxx/CVE-2014-9268.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9268", "ID": "CVE-2014-9268",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR) before 2013 Hotfix 1 allows remote attackers to execute arbitrary code via a crafted DWF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-402/", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-402/" "lang": "eng",
}, "value": "The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR) before 2013 Hotfix 1 allows remote attackers to execute arbitrary code via a crafted DWF file."
{ }
"name" : "http://knowledge.autodesk.com/support/design-review/downloads/caas/downloads/content/autodesk-design-review-2013-hotfix.html", ]
"refsource" : "CONFIRM", },
"url" : "http://knowledge.autodesk.com/support/design-review/downloads/caas/downloads/content/autodesk-design-review-2013-hotfix.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://knowledge.autodesk.com/support/design-review/downloads/caas/downloads/content/autodesk-design-review-2013-hotfix.html",
"refsource": "CONFIRM",
"url": "http://knowledge.autodesk.com/support/design-review/downloads/caas/downloads/content/autodesk-design-review-2013-hotfix.html"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-402/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-402/"
}
]
}
} }

178
2014/9xxx/CVE-2014-9271.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9271", "ID": "CVE-2014-9271",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20141201 CVE Request: Multiple XSS vulnerabilities in MantisBT", "description_data": [
"refsource" : "MLIST", {
"url" : "http://seclists.org/oss-sec/2014/q4/867" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename."
{ }
"name" : "[oss-security] 20141204 Re: CVE Request: Multiple XSS vulnerabilities in MantisBT", ]
"refsource" : "MLIST", },
"url" : "http://seclists.org/oss-sec/2014/q4/902" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20141205 Re: CVE Request: Multiple XSS vulnerabilities in MantisBT", "description": [
"refsource" : "MLIST", {
"url" : "http://seclists.org/oss-sec/2014/q4/924" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/mantisbt/mantisbt/commit/9fb8cf36f", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/mantisbt/mantisbt/commit/9fb8cf36f" ]
}, },
{ "references": {
"name" : "https://www.mantisbt.org/bugs/view.php?id=17874", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.mantisbt.org/bugs/view.php?id=17874" "name": "62101",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/62101"
"name" : "DSA-3120", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2015/dsa-3120" "name": "[oss-security] 20141201 CVE Request: Multiple XSS vulnerabilities in MantisBT",
}, "refsource": "MLIST",
{ "url": "http://seclists.org/oss-sec/2014/q4/867"
"name" : "62101", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62101" "name": "https://www.mantisbt.org/bugs/view.php?id=17874",
} "refsource": "CONFIRM",
] "url": "https://www.mantisbt.org/bugs/view.php?id=17874"
} },
{
"name": "[oss-security] 20141204 Re: CVE Request: Multiple XSS vulnerabilities in MantisBT",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q4/902"
},
{
"name": "[oss-security] 20141205 Re: CVE Request: Multiple XSS vulnerabilities in MantisBT",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q4/924"
},
{
"name": "https://github.com/mantisbt/mantisbt/commit/9fb8cf36f",
"refsource": "CONFIRM",
"url": "https://github.com/mantisbt/mantisbt/commit/9fb8cf36f"
},
{
"name": "DSA-3120",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3120"
}
]
}
} }

178
2014/9xxx/CVE-2014-9433.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9433", "ID": "CVE-2014-9433",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in cms/front_content.php in Contenido before 4.9.6, when advanced mod rewrite (AMR) is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) idart, (2) lang, or (3) idcat parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20141224 Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/534320/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in cms/front_content.php in Contenido before 4.9.6, when advanced mod rewrite (AMR) is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) idart, (2) lang, or (3) idcat parameter."
{ }
"name" : "20141224 Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2014/Dec/111" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://sroesemann.blogspot.de/2014/12/report-for-advisory-sroeadv-2014-03.html", "description": [
"refsource" : "MISC", {
"url" : "http://sroesemann.blogspot.de/2014/12/report-for-advisory-sroeadv-2014-03.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.com/files/129713/CMS-Contenido-4.9.5-Cross-Site-Scripting.html", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.com/files/129713/CMS-Contenido-4.9.5-Cross-Site-Scripting.html" ]
}, },
{ "references": {
"name" : "http://www.contenido.org/de/cms/CONTENIDO/News/index-c-2044-3.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.contenido.org/de/cms/CONTENIDO/News/index-c-2044-3.html" "name": "61396",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/61396"
"name" : "61396", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/61396" "name": "20141224 Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/534320/100/0/threaded"
"name" : "contenido-frontcontent-xss(99497)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99497" "name": "20141224 Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5",
} "refsource": "FULLDISC",
] "url": "http://seclists.org/fulldisclosure/2014/Dec/111"
} },
{
"name": "http://sroesemann.blogspot.de/2014/12/report-for-advisory-sroeadv-2014-03.html",
"refsource": "MISC",
"url": "http://sroesemann.blogspot.de/2014/12/report-for-advisory-sroeadv-2014-03.html"
},
{
"name": "http://packetstormsecurity.com/files/129713/CMS-Contenido-4.9.5-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129713/CMS-Contenido-4.9.5-Cross-Site-Scripting.html"
},
{
"name": "contenido-frontcontent-xss(99497)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99497"
},
{
"name": "http://www.contenido.org/de/cms/CONTENIDO/News/index-c-2044-3.html",
"refsource": "CONFIRM",
"url": "http://www.contenido.org/de/cms/CONTENIDO/News/index-c-2044-3.html"
}
]
}
} }

158
2014/9xxx/CVE-2014-9770.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@suse.com",
"ID" : "CVE-2014-9770", "ID": "CVE-2014-9770",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions for journal files under (1) /run/log/journal/%m and (2) /var/log/journal/%m, which allows local users to obtain sensitive information by reading these files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160408 CVE Request: systemd / journald created world readable journal files", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/04/08/14" "lang": "eng",
}, "value": "tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions for journal files under (1) /run/log/journal/%m and (2) /var/log/journal/%m, which allows local users to obtain sensitive information by reading these files."
{ }
"name" : "[oss-security] 20160408 Re: CVE Request: systemd / journald created world readable journal files", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2016/04/08/15" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=972612", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=972612" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "openSUSE-SU-2016:1101", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00044.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2016:1414", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2016-05/msg00109.html" "name": "[oss-security] 20160408 Re: CVE Request: systemd / journald created world readable journal files",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2016/04/08/15"
} },
{
"name": "[oss-security] 20160408 CVE Request: systemd / journald created world readable journal files",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/08/14"
},
{
"name": "openSUSE-SU-2016:1414",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00109.html"
},
{
"name": "openSUSE-SU-2016:1101",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00044.html"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=972612",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=972612"
}
]
}
} }

138
2014/9xxx/CVE-2014-9867.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@android.com",
"ID" : "CVE-2014-9867", "ID": "CVE-2014-9867",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749629 and Qualcomm internal bug CR514702."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://source.android.com/security/bulletin/2016-08-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://source.android.com/security/bulletin/2016-08-01.html" "lang": "eng",
}, "value": "drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749629 and Qualcomm internal bug CR514702."
{ }
"name" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=322c518689a7f820165ca4c5d6b750b02ac34665", ]
"refsource" : "CONFIRM", },
"url" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=322c518689a7f820165ca4c5d6b750b02ac34665" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "92219", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/92219" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name": "92219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92219"
},
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=322c518689a7f820165ca4c5d6b750b02ac34665",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=322c518689a7f820165ca4c5d6b750b02ac34665"
}
]
}
} }

128
2016/2xxx/CVE-2016-2484.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-2484", "ID": "CVE-2016-2484",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate OMX buffer sizes for the GSM and G711 codecs, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27793163."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://source.android.com/security/bulletin/2016-06-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://source.android.com/security/bulletin/2016-06-01.html" "lang": "eng",
}, "value": "libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate OMX buffer sizes for the GSM and G711 codecs, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27793163."
{ }
"name" : "https://android.googlesource.com/platform/frameworks/av/+/7cea5cb64b83d690fe02bc210bbdf08f5a87636f", ]
"refsource" : "CONFIRM", },
"url" : "https://android.googlesource.com/platform/frameworks/av/+/7cea5cb64b83d690fe02bc210bbdf08f5a87636f" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/7cea5cb64b83d690fe02bc210bbdf08f5a87636f",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/7cea5cb64b83d690fe02bc210bbdf08f5a87636f"
},
{
"name": "http://source.android.com/security/bulletin/2016-06-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-06-01.html"
}
]
}
} }

278
2016/2xxx/CVE-2016-2834.json
View File

@ -1,142 +1,142 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2016-2834", "ID": "CVE-2016-2834",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-61.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-61.html" "lang": "eng",
}, "value": "Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1206283", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1206283" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1221620", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1221620" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1241034", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1241034" ]
}, },
{ "references": {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1241037", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1241037" "name": "1036057",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1036057"
"name" : "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes", },
"refsource" : "CONFIRM", {
"url" : "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes" "name": "DSA-3688",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2016/dsa-3688"
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" "name": "openSUSE-SU-2016:1557",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html"
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241034",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241034"
"name" : "DSA-3688", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2016/dsa-3688" "name": "RHSA-2016:2779",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2016-2779.html"
"name" : "RHSA-2016:2779", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2779.html" "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-61.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-61.html"
"name" : "openSUSE-SU-2016:1552", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1221620",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1221620"
"name" : "openSUSE-SU-2016:1557", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html" "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name" : "SUSE-SU-2016:1691", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html" "name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes",
}, "refsource": "CONFIRM",
{ "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes"
"name" : "USN-2993-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2993-1" "name": "USN-3029-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-3029-1"
"name" : "USN-3029-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-3029-1" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1206283",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1206283"
"name" : "91072", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/91072" "name": "91072",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/91072"
"name" : "1036057", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036057" "name": "openSUSE-SU-2016:1552",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html"
} },
{
"name": "USN-2993-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2993-1"
},
{
"name": "SUSE-SU-2016:1691",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241037",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1241037"
}
]
}
} }

118
2016/3xxx/CVE-2016-3114.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2016-3114", "ID": "CVE-2016-3114",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Kallithea before 0.3.2 allows remote authenticated users to edit or delete open pull requests or delete comments by leveraging read access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160502 [SECURITY ISSUES] CVE-2016-3691 and CVE-2016-3114", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/05/02/3" "lang": "eng",
} "value": "Kallithea before 0.3.2 allows remote authenticated users to edit or delete open pull requests or delete comments by leveraging read access."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160502 [SECURITY ISSUES] CVE-2016-3691 and CVE-2016-3114",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/02/3"
}
]
}
} }

188
2016/3xxx/CVE-2016-3861.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-3861", "ID": "CVE-2016-3861",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with different encoding widths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted file, aka internal bug 29250543."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "40354", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/40354/" "lang": "eng",
}, "value": "LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with different encoding widths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted file, aka internal bug 29250543."
{ }
"name" : "http://source.android.com/security/bulletin/2016-09-01.html", ]
"refsource" : "CONFIRM", },
"url" : "http://source.android.com/security/bulletin/2016-09-01.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://android.googlesource.com/platform/frameworks/av/+/3944c65637dfed14a5a895685edfa4bacaf9f76e", "description": [
"refsource" : "CONFIRM", {
"url" : "https://android.googlesource.com/platform/frameworks/av/+/3944c65637dfed14a5a895685edfa4bacaf9f76e" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://android.googlesource.com/platform/frameworks/base/+/866dc26ad4a98cc835d075b627326e7d7e52ffa1", ]
"refsource" : "CONFIRM", }
"url" : "https://android.googlesource.com/platform/frameworks/base/+/866dc26ad4a98cc835d075b627326e7d7e52ffa1" ]
}, },
{ "references": {
"name" : "https://android.googlesource.com/platform/frameworks/native/+/1f4b49e64adf4623eefda503bca61e253597b9bf", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://android.googlesource.com/platform/frameworks/native/+/1f4b49e64adf4623eefda503bca61e253597b9bf" "name": "https://android.googlesource.com/platform/frameworks/native/+/1f4b49e64adf4623eefda503bca61e253597b9bf",
}, "refsource": "CONFIRM",
{ "url": "https://android.googlesource.com/platform/frameworks/native/+/1f4b49e64adf4623eefda503bca61e253597b9bf"
"name" : "https://android.googlesource.com/platform/system/core/+/ecf5fd58a8f50362ce9e8d4245a33d56f29f142b", },
"refsource" : "CONFIRM", {
"url" : "https://android.googlesource.com/platform/system/core/+/ecf5fd58a8f50362ce9e8d4245a33d56f29f142b" "name": "http://source.android.com/security/bulletin/2016-09-01.html",
}, "refsource": "CONFIRM",
{ "url": "http://source.android.com/security/bulletin/2016-09-01.html"
"name" : "92811", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/92811" "name": "https://android.googlesource.com/platform/frameworks/av/+/3944c65637dfed14a5a895685edfa4bacaf9f76e",
}, "refsource": "CONFIRM",
{ "url": "https://android.googlesource.com/platform/frameworks/av/+/3944c65637dfed14a5a895685edfa4bacaf9f76e"
"name" : "1036763", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036763" "name": "https://android.googlesource.com/platform/system/core/+/ecf5fd58a8f50362ce9e8d4245a33d56f29f142b",
} "refsource": "CONFIRM",
] "url": "https://android.googlesource.com/platform/system/core/+/ecf5fd58a8f50362ce9e8d4245a33d56f29f142b"
} },
{
"name": "1036763",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036763"
},
{
"name": "92811",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92811"
},
{
"name": "https://android.googlesource.com/platform/frameworks/base/+/866dc26ad4a98cc835d075b627326e7d7e52ffa1",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/base/+/866dc26ad4a98cc835d075b627326e7d7e52ffa1"
},
{
"name": "40354",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40354/"
}
]
}
} }

32
2016/6xxx/CVE-2016-6017.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6017", "ID": "CVE-2016-6017",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

178
2016/6xxx/CVE-2016-6161.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2016-6161", "ID": "CVE-2016-6161",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160705 CVE Request: libgd: global out of bounds read when encoding gif from malformed input with gd2togif", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/07/05/6" "lang": "eng",
}, "value": "The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image."
{ }
"name" : "[oss-security] 20160705 Re: CVE Request: libgd: global out of bounds read when encoding gif from malformed input with gd2togif", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2016/07/05/7" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/libgd/libgd/issues/209", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/libgd/libgd/issues/209" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-3619", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2016/dsa-3619" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2016:2363", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html" "name": "openSUSE-SU-2016:2117",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html"
"name" : "openSUSE-SU-2016:2117", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html" "name": "https://github.com/libgd/libgd/issues/209",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/libgd/libgd/issues/209"
"name" : "USN-3030-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-3030-1" "name": "openSUSE-SU-2016:2363",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"
} },
{
"name": "[oss-security] 20160705 CVE Request: libgd: global out of bounds read when encoding gif from malformed input with gd2togif",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/05/6"
},
{
"name": "[oss-security] 20160705 Re: CVE Request: libgd: global out of bounds read when encoding gif from malformed input with gd2togif",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/05/7"
},
{
"name": "DSA-3619",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3619"
},
{
"name": "USN-3030-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3030-1"
}
]
}
} }

128
2016/6xxx/CVE-2016-6192.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6192", "ID": "CVE-2016-6192",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6193."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160708-01-smartphone-en", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160708-01-smartphone-en" "lang": "eng",
}, "value": "Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6193."
{ }
"name" : "91735", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/91735" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160708-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160708-01-smartphone-en"
},
{
"name": "91735",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91735"
}
]
}
} }

198
2016/6xxx/CVE-2016-6263.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6263", "ID": "CVE-2016-6263",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[help-libidn] 20160720 Libidn 1.33 released", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html" "lang": "eng",
}, "value": "The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data."
{ }
"name" : "[oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2016/07/20/6" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/07/21/4" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555", ]
"refsource" : "CONFIRM", }
"url" : "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555" ]
}, },
{ "references": {
"name" : "DSA-3658", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2016/dsa-3658" "name": "[oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
"name" : "openSUSE-SU-2016:1924", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html" "name": "openSUSE-SU-2016:2135",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
"name" : "openSUSE-SU-2016:2135", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html" "name": "[oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
"name" : "USN-3068-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-3068-1" "name": "openSUSE-SU-2016:1924",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html"
"name" : "92070", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/92070" "name": "92070",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/92070"
} },
{
"name": "DSA-3658",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3658"
},
{
"name": "[help-libidn] 20160720 Libidn 1.33 released",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
},
{
"name": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555"
},
{
"name": "USN-3068-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3068-1"
}
]
}
} }

32
2016/7xxx/CVE-2016-7063.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-7063", "ID": "CVE-2016-7063",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }