admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:47:13 +00:00
parent c4b7d939b4
commit 172035b79d
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
37 changed files with 2960 additions and 2960 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
2006/0xxx/CVE-2006-0179.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0179",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Cisco IP Phone 7940 allows remote attackers to cause a denial of service (reboot) via a large amount of TCP SYN packets (syn flood) to arbitrary ports, as demonstrated to port 80."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "1411",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1411"
},
{
"name" : "20060113 Response to Cisco IP Phone 7940 DoS Exploit posted on milw0rm.com",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/warp/public/707/cisco-response-20060113-ip-phones.shtml"
},
{
"name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/cisco_ip7940_dos.pl",
"refsource" : "MISC",
"url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/cisco_ip7940_dos.pl"
},
{
"name" : "16200",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16200"
},
{
"name" : "ADV-2006-0202",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0202"
},
{
"name" : "22469",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22469"
},
{
"name" : "1015488",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015488"
},
{
"name" : "18479",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18479"
},
{
"name" : "cisco-ipphone-synflood-dos(24117)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24117"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Cisco IP Phone 7940 allows remote attackers to cause a denial of service (reboot) via a large amount of TCP SYN packets (syn flood) to arbitrary ports, as demonstrated to port 80."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-ipphone-synflood-dos(24117)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24117"
},
{
"name": "22469",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22469"
},
{
"name": "ADV-2006-0202",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0202"
},
{
"name": "20060113 Response to Cisco IP Phone 7940 DoS Exploit posted on milw0rm.com",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-response-20060113-ip-phones.shtml"
},
{
"name": "1015488",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015488"
},
{
"name": "18479",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18479"
},
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/cisco_ip7940_dos.pl",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/cisco_ip7940_dos.pl"
},
{
"name": "1411",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1411"
},
{
"name": "16200",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16200"
}
]
}
}

170
2006/0xxx/CVE-2006-0345.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0345",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in SaralBlog 1.0 allow remote attackers to execute arbitrary SQL commands via the search parameter to search.php. NOTE: the id/viewprofile.php issue is already covered by CVE-2005-4058."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060118 [eVuln] SaralBlog XSS & Multiple SQL Injection Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-01/0372.html"
},
{
"name" : "http://evuln.com/vulns/40/summary.html",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/40/summary.html"
},
{
"name" : "16306",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16306"
},
{
"name" : "22740",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22740"
},
{
"name" : "1015517",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015517"
},
{
"name" : "saralblog-search-sql-injection(24218)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24218"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in SaralBlog 1.0 allow remote attackers to execute arbitrary SQL commands via the search parameter to search.php. NOTE: the id/viewprofile.php issue is already covered by CVE-2005-4058."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16306",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16306"
},
{
"name": "22740",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22740"
},
{
"name": "1015517",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015517"
},
{
"name": "saralblog-search-sql-injection(24218)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24218"
},
{
"name": "20060118 [eVuln] SaralBlog XSS & Multiple SQL Injection Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-01/0372.html"
},
{
"name": "http://evuln.com/vulns/40/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/40/summary.html"
}
]
}
}

160
2006/0xxx/CVE-2006-0680.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0680",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in WebGUI before 6.8.6-gamma allows remote attackers to create an account, when anonymous registration is disabled, via a certain URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0680",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.plainblack.com/getwebgui/advisories/webgui-6.8.6-gamma-released",
"refsource" : "CONFIRM",
"url" : "http://www.plainblack.com/getwebgui/advisories/webgui-6.8.6-gamma-released"
},
{
"name" : "16612",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16612"
},
{
"name" : "ADV-2006-0541",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0541"
},
{
"name" : "18819",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18819"
},
{
"name" : "webgui-anonymous-bypass-security(24695)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24695"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in WebGUI before 6.8.6-gamma allows remote attackers to create an account, when anonymous registration is disabled, via a certain URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18819",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18819"
},
{
"name": "http://www.plainblack.com/getwebgui/advisories/webgui-6.8.6-gamma-released",
"refsource": "CONFIRM",
"url": "http://www.plainblack.com/getwebgui/advisories/webgui-6.8.6-gamma-released"
},
{
"name": "16612",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16612"
},
{
"name": "webgui-anonymous-bypass-security(24695)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24695"
},
{
"name": "ADV-2006-0541",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0541"
}
]
}
}

170
2006/3xxx/CVE-2006-3508.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3508",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 allows physically proximate attackers to cause a denial of service (crash), gain privileges, and execute arbitrary code via a crafted frame that is not properly handled during scan cache updates."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3508",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2006-09-21",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00001.html"
},
{
"name" : "VU#589540",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/589540"
},
{
"name" : "20144",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20144"
},
{
"name" : "ADV-2006-3737",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3737"
},
{
"name" : "1016903",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016903"
},
{
"name" : "22068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22068"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 allows physically proximate attackers to cause a denial of service (crash), gain privileges, and execute arbitrary code via a crafted frame that is not properly handled during scan cache updates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22068"
},
{
"name": "ADV-2006-3737",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3737"
},
{
"name": "APPLE-SA-2006-09-21",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2006/Sep/msg00001.html"
},
{
"name": "VU#589540",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/589540"
},
{
"name": "1016903",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016903"
},
{
"name": "20144",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20144"
}
]
}
}

180
2006/3xxx/CVE-2006-3887.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3887",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in AOL You've Got Pictures (YGP) Screensaver ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2006-3887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.kb.cert.org/vuls/id/MIMG-6MUUJ8",
"refsource" : "CONFIRM",
"url" : "http://www.kb.cert.org/vuls/id/MIMG-6MUUJ8"
},
{
"name" : "VU#154641",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/154641"
},
{
"name" : "20425",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20425"
},
{
"name" : "ADV-2006-3967",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3967"
},
{
"name" : "1017024",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017024"
},
{
"name" : "22304",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22304"
},
{
"name" : "aol-ygp-screensaver-bo(29411)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29411"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in AOL You've Got Pictures (YGP) Screensaver ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3967",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3967"
},
{
"name": "VU#154641",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/154641"
},
{
"name": "http://www.kb.cert.org/vuls/id/MIMG-6MUUJ8",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MIMG-6MUUJ8"
},
{
"name": "aol-ygp-screensaver-bo(29411)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29411"
},
{
"name": "1017024",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017024"
},
{
"name": "20425",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20425"
},
{
"name": "22304",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22304"
}
]
}
}

180
2006/4xxx/CVE-2006-4035.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4035",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in counterchaos.php in CounterChaos 0.48c and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060803 CounterChaos <= 0.48c SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-08/0080.html"
},
{
"name" : "http://www.frsirt.com/english/reference/17541",
"refsource" : "MISC",
"url" : "http://www.frsirt.com/english/reference/17541"
},
{
"name" : "19344",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19344"
},
{
"name" : "ADV-2006-3153",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3153"
},
{
"name" : "21356",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21356"
},
{
"name" : "1350",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1350"
},
{
"name" : "counterchaos-counterchaos-sql-injection(28222)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28222"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in counterchaos.php in CounterChaos 0.48c and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "counterchaos-counterchaos-sql-injection(28222)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28222"
},
{
"name": "1350",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1350"
},
{
"name": "http://www.frsirt.com/english/reference/17541",
"refsource": "MISC",
"url": "http://www.frsirt.com/english/reference/17541"
},
{
"name": "20060803 CounterChaos <= 0.48c SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-08/0080.html"
},
{
"name": "ADV-2006-3153",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3153"
},
{
"name": "19344",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19344"
},
{
"name": "21356",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21356"
}
]
}
}

200
2006/4xxx/CVE-2006-4041.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4041",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Pike before 7.6.86, when using a Postgres database server, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pike.ida.liu.se/download/notes/7.6.86.xml",
"refsource" : "CONFIRM",
"url" : "http://pike.ida.liu.se/download/notes/7.6.86.xml"
},
{
"name" : "GLSA-200608-10",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200608-10.xml"
},
{
"name" : "USN-367-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-367-1"
},
{
"name" : "19367",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19367"
},
{
"name" : "ADV-2006-2209",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2209"
},
{
"name" : "20494",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20494"
},
{
"name" : "21362",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21362"
},
{
"name" : "22481",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22481"
},
{
"name" : "pike-sql-injection(26992)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26992"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Pike before 7.6.86, when using a Postgres database server, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200608-10",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200608-10.xml"
},
{
"name": "20494",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20494"
},
{
"name": "19367",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19367"
},
{
"name": "USN-367-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-367-1"
},
{
"name": "21362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21362"
},
{
"name": "22481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22481"
},
{
"name": "ADV-2006-2209",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2209"
},
{
"name": "pike-sql-injection(26992)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26992"
},
{
"name": "http://pike.ida.liu.se/download/notes/7.6.86.xml",
"refsource": "CONFIRM",
"url": "http://pike.ida.liu.se/download/notes/7.6.86.xml"
}
]
}
}

170
2006/4xxx/CVE-2006-4139.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4139",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in Sun Solaris 10 allows attackers to cause a denial of service (system panic) via unspecified vectors related to ifconfig and either netstat or SNMP queries."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "102569",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102569-1"
},
{
"name" : "19493",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19493"
},
{
"name" : "ADV-2006-3274",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3274"
},
{
"name" : "1016690",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016690"
},
{
"name" : "21471",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21471"
},
{
"name" : "solaris-netstatifconfig-race-condition-dos(28373)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28373"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in Sun Solaris 10 allows attackers to cause a denial of service (system panic) via unspecified vectors related to ifconfig and either netstat or SNMP queries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19493"
},
{
"name": "ADV-2006-3274",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3274"
},
{
"name": "1016690",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016690"
},
{
"name": "21471",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21471"
},
{
"name": "102569",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102569-1"
},
{
"name": "solaris-netstatifconfig-race-condition-dos(28373)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28373"
}
]
}
}

260
2010/2xxx/CVE-2010-2483.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2483",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100623 CVE requests: LibTIFF",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127731610612908&w=2"
},
{
"name" : "[oss-security] 20100624 Re: CVE requests: LibTIFF",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127738540902757&w=2"
},
{
"name" : "[oss-security] 20100624 Re: CVE requests: LibTIFF",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127736307002102&w=2"
},
{
"name" : "[oss-security] 20100629 Re: CVE requests: LibTIFF",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127781315415896&w=2"
},
{
"name" : "[oss-security] 20100630 Re: CVE requests: LibTIFF",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/06/30/22"
},
{
"name" : "[oss-security] 20100701 Re: CVE requests: LibTIFF",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127797353202873&w=2"
},
{
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2216",
"refsource" : "CONFIRM",
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2216"
},
{
"name" : "https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/591605",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/591605"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=603081",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=603081"
},
{
"name" : "GLSA-201209-02",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201209-02.xml"
},
{
"name" : "RHSA-2010:0519",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0519.html"
},
{
"name" : "40422",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40422"
},
{
"name" : "40527",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40527"
},
{
"name" : "50726",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50726"
},
{
"name" : "ADV-2010-1761",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1761"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/591605",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/591605"
},
{
"name": "[oss-security] 20100624 Re: CVE requests: LibTIFF",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127736307002102&w=2"
},
{
"name": "40527",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40527"
},
{
"name": "[oss-security] 20100629 Re: CVE requests: LibTIFF",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127781315415896&w=2"
},
{
"name": "[oss-security] 20100623 CVE requests: LibTIFF",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127731610612908&w=2"
},
{
"name": "ADV-2010-1761",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1761"
},
{
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2216",
"refsource": "CONFIRM",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2216"
},
{
"name": "GLSA-201209-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
},
{
"name": "RHSA-2010:0519",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0519.html"
},
{
"name": "40422",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40422"
},
{
"name": "[oss-security] 20100624 Re: CVE requests: LibTIFF",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127738540902757&w=2"
},
{
"name": "[oss-security] 20100701 Re: CVE requests: LibTIFF",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127797353202873&w=2"
},
{
"name": "[oss-security] 20100630 Re: CVE requests: LibTIFF",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/06/30/22"
},
{
"name": "50726",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50726"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=603081",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=603081"
}
]
}
}

250
2010/2xxx/CVE-2010-2760.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2760",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection, related to a \"dangling pointer vulnerability.\" NOTE: this issue exists because of an incomplete fix for CVE-2010-2753."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-54.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-54.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=585815",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=585815"
},
{
"name" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox",
"refsource" : "CONFIRM",
"url" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100110210",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100110210"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100112690",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100112690"
},
{
"name" : "DSA-2106",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2106"
},
{
"name" : "FEDORA-2010-14362",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html"
},
{
"name" : "MDVSA-2010:173",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173"
},
{
"name" : "SUSE-SA:2010:049",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html"
},
{
"name" : "oval:org.mitre.oval:def:11799",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11799"
},
{
"name" : "42867",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42867"
},
{
"name" : "ADV-2010-2323",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2323"
},
{
"name" : "ADV-2011-0061",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0061"
},
{
"name" : "mozilla-nstreeselection-code-execution(61660)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61660"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection, related to a \"dangling pointer vulnerability.\" NOTE: this issue exists because of an incomplete fix for CVE-2010-2753."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mozilla-nstreeselection-code-execution(61660)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61660"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=585815",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=585815"
},
{
"name": "http://www.mozilla.org/security/announce/2010/mfsa2010-54.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-54.html"
},
{
"name": "SUSE-SA:2010:049",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html"
},
{
"name": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox",
"refsource": "CONFIRM",
"url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox"
},
{
"name": "FEDORA-2010-14362",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html"
},
{
"name": "http://support.avaya.com/css/P8/documents/100110210",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100110210"
},
{
"name": "http://support.avaya.com/css/P8/documents/100112690",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100112690"
},
{
"name": "42867",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42867"
},
{
"name": "ADV-2011-0061",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0061"
},
{
"name": "MDVSA-2010:173",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173"
},
{
"name": "ADV-2010-2323",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2323"
},
{
"name": "DSA-2106",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2106"
},
{
"name": "oval:org.mitre.oval:def:11799",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11799"
}
]
}
}

250
2010/2xxx/CVE-2010-2772.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2772",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://infoworld.com/d/security-central/new-weaponized-virus-targets-industrial-secrets-725",
"refsource" : "MISC",
"url" : "http://infoworld.com/d/security-central/new-weaponized-virus-targets-industrial-secrets-725"
},
{
"name" : "http://infoworld.com/d/security-central/siemens-warns-users-dont-change-passwords-after-worm-attack-915?sourcefssr",
"refsource" : "MISC",
"url" : "http://infoworld.com/d/security-central/siemens-warns-users-dont-change-passwords-after-worm-attack-915?sourcefssr"
},
{
"name" : "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/",
"refsource" : "MISC",
"url" : "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/"
},
{
"name" : "http://www.automation.siemens.com/forum/guests/PostShow.aspx?PostID=16127&16127&Language=en&PageIndex=1",
"refsource" : "MISC",
"url" : "http://www.automation.siemens.com/forum/guests/PostShow.aspx?PostID=16127&16127&Language=en&PageIndex=1"
},
{
"name" : "http://www.wired.com/threatlevel/2010/07/siemens-scada/",
"refsource" : "MISC",
"url" : "http://www.wired.com/threatlevel/2010/07/siemens-scada/"
},
{
"name" : "http://www.f-secure.com/weblog/archives/00001987.html",
"refsource" : "MISC",
"url" : "http://www.f-secure.com/weblog/archives/00001987.html"
},
{
"name" : "http://www.wilderssecurity.com/showpost.php?p=1712134&postcount=22",
"refsource" : "MISC",
"url" : "http://www.wilderssecurity.com/showpost.php?p=1712134&postcount=22"
},
{
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-12-205-01",
"refsource" : "MISC",
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-12-205-01"
},
{
"name" : "http://www.sea.siemens.com/us/News/Industrial/Pages/WinCC_Update.aspx",
"refsource" : "CONFIRM",
"url" : "http://www.sea.siemens.com/us/News/Industrial/Pages/WinCC_Update.aspx"
},
{
"name" : "http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=43876783&caller=viewhttp://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=43876783&c",
"refsource" : "CONFIRM",
"url" : "http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=43876783&caller=viewhttp://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=43876783&c"
},
{
"name" : "41753",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41753"
},
{
"name" : "40682",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40682"
},
{
"name" : "ADV-2010-1893",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1893"
},
{
"name" : "simatic-wincc-default-password(60587)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60587"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "simatic-wincc-default-password(60587)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60587"
},
{
"name": "http://infoworld.com/d/security-central/siemens-warns-users-dont-change-passwords-after-worm-attack-915?sourcefssr",
"refsource": "MISC",
"url": "http://infoworld.com/d/security-central/siemens-warns-users-dont-change-passwords-after-worm-attack-915?sourcefssr"
},
{
"name": "http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=43876783&caller=viewhttp://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=43876783&c",
"refsource": "CONFIRM",
"url": "http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=43876783&caller=viewhttp://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=43876783&c"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-205-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-205-01"
},
{
"name": "http://www.f-secure.com/weblog/archives/00001987.html",
"refsource": "MISC",
"url": "http://www.f-secure.com/weblog/archives/00001987.html"
},
{
"name": "http://www.automation.siemens.com/forum/guests/PostShow.aspx?PostID=16127&16127&Language=en&PageIndex=1",
"refsource": "MISC",
"url": "http://www.automation.siemens.com/forum/guests/PostShow.aspx?PostID=16127&16127&Language=en&PageIndex=1"
},
{
"name": "ADV-2010-1893",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1893"
},
{
"name": "40682",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40682"
},
{
"name": "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/",
"refsource": "MISC",
"url": "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/"
},
{
"name": "http://www.sea.siemens.com/us/News/Industrial/Pages/WinCC_Update.aspx",
"refsource": "CONFIRM",
"url": "http://www.sea.siemens.com/us/News/Industrial/Pages/WinCC_Update.aspx"
},
{
"name": "41753",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41753"
},
{
"name": "http://infoworld.com/d/security-central/new-weaponized-virus-targets-industrial-secrets-725",
"refsource": "MISC",
"url": "http://infoworld.com/d/security-central/new-weaponized-virus-targets-industrial-secrets-725"
},
{
"name": "http://www.wilderssecurity.com/showpost.php?p=1712134&postcount=22",
"refsource": "MISC",
"url": "http://www.wilderssecurity.com/showpost.php?p=1712134&postcount=22"
},
{
"name": "http://www.wired.com/threatlevel/2010/07/siemens-scada/",
"refsource": "MISC",
"url": "http://www.wired.com/threatlevel/2010/07/siemens-scada/"
}
]
}
}

160
2010/2xxx/CVE-2010-2797.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2797",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in lib/translation.functions.php in CMS Made Simple before 1.8.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the default_cms_lang parameter to an admin script, as demonstrated by admin/addbookmark.php, a different vulnerability than CVE-2008-5642."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100802 CVE request: cmsmadesimple < 1.8.1",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/08/01/2"
},
{
"name" : "[oss-security] 20100802 Re: CVE request: cmsmadesimple < 1.8.1",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/08/02/8"
},
{
"name" : "http://cross-site-scripting.blogspot.com/2010/07/cms-made-simple-18-local-file-inclusion.html",
"refsource" : "MISC",
"url" : "http://cross-site-scripting.blogspot.com/2010/07/cms-made-simple-18-local-file-inclusion.html"
},
{
"name" : "http://www.cmsmadesimple.org/2010/07/3/announcing-cms-made-simple-1-8-1-mankara/",
"refsource" : "CONFIRM",
"url" : "http://www.cmsmadesimple.org/2010/07/3/announcing-cms-made-simple-1-8-1-mankara/"
},
{
"name" : "40031",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40031"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in lib/translation.functions.php in CMS Made Simple before 1.8.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the default_cms_lang parameter to an admin script, as demonstrated by admin/addbookmark.php, a different vulnerability than CVE-2008-5642."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cmsmadesimple.org/2010/07/3/announcing-cms-made-simple-1-8-1-mankara/",
"refsource": "CONFIRM",
"url": "http://www.cmsmadesimple.org/2010/07/3/announcing-cms-made-simple-1-8-1-mankara/"
},
{
"name": "[oss-security] 20100802 CVE request: cmsmadesimple < 1.8.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/08/01/2"
},
{
"name": "40031",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40031"
},
{
"name": "http://cross-site-scripting.blogspot.com/2010/07/cms-made-simple-18-local-file-inclusion.html",
"refsource": "MISC",
"url": "http://cross-site-scripting.blogspot.com/2010/07/cms-made-simple-18-local-file-inclusion.html"
},
{
"name": "[oss-security] 20100802 Re: CVE request: cmsmadesimple < 1.8.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/08/02/8"
}
]
}
}

120
2010/2xxx/CVE-2010-2983.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2983",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The workgroup bridge (aka WGB) functionality in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (dropped connection) via a series of spoofed EAPoL-Logoff frames, related to an \"EAPoL logoff attack,\" aka Bug ID CSCte43374."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html",
"refsource" : "CONFIRM",
"url" : "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The workgroup bridge (aka WGB) functionality in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (dropped connection) via a series of spoofed EAPoL-Logoff frames, related to an \"EAPoL logoff attack,\" aka Bug ID CSCte43374."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html"
}
]
}
}

150
2010/3xxx/CVE-2010-3402.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3402",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in IDM Computer Solutions UltraEdit 16.20.0.1009, 16.10.0.1036, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a bin, cpp, css, c, dat, hpp, html, h, ini, java, log, mak, php, prj, txt, or xml file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100912 UltraEdit Text Editor version 16.10.0.1036 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll)",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0227.html"
},
{
"name" : "43183",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43183"
},
{
"name" : "67995",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/67995"
},
{
"name" : "41403",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41403"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in IDM Computer Solutions UltraEdit 16.20.0.1009, 16.10.0.1036, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a bin, cpp, css, c, dat, hpp, html, h, ini, java, log, mak, php, prj, txt, or xml file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43183",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43183"
},
{
"name": "67995",
"refsource": "OSVDB",
"url": "http://osvdb.org/67995"
},
{
"name": "41403",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41403"
},
{
"name": "20100912 UltraEdit Text Editor version 16.10.0.1036 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll)",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0227.html"
}
]
}
}

200
2010/3xxx/CVE-2010-3656.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3656",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3657."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-3656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html"
},
{
"name" : "GLSA-201101-08",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201101-08.xml"
},
{
"name" : "RHSA-2010:0743",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0743.html"
},
{
"name" : "SUSE-SA:2010:048",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html"
},
{
"name" : "SUSE-SR:2010:019",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"name" : "TA10-279A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-279A.html"
},
{
"name" : "oval:org.mitre.oval:def:7484",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7484"
},
{
"name" : "43025",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43025"
},
{
"name" : "ADV-2011-0191",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0191"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3657."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2010:048",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html"
},
{
"name": "ADV-2011-0191",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0191"
},
{
"name": "43025",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43025"
},
{
"name": "GLSA-201101-08",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201101-08.xml"
},
{
"name": "RHSA-2010:0743",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0743.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-21.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-21.html"
},
{
"name": "TA10-279A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-279A.html"
},
{
"name": "oval:org.mitre.oval:def:7484",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7484"
},
{
"name": "SUSE-SR:2010:019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
}
]
}
}

170
2010/3xxx/CVE-2010-3832.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3832",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity (TMSI) field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-3832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4456",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4456"
},
{
"name" : "APPLE-SA-2010-11-22-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"name" : "1024770",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024770"
},
{
"name" : "42314",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42314"
},
{
"name" : "ADV-2010-3046",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3046"
},
{
"name" : "appleios-tmsi-bo(63421)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63421"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity (TMSI) field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "appleios-tmsi-bo(63421)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63421"
},
{
"name": "ADV-2010-3046",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3046"
},
{
"name": "1024770",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024770"
},
{
"name": "42314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42314"
},
{
"name": "http://support.apple.com/kb/HT4456",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "APPLE-SA-2010-11-22-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
]
}
}

160
2010/3xxx/CVE-2010-3929.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3929",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to AjaxSearch."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2010-3929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://modxcms.com/forums/index.php/topic,60045.0.html",
"refsource" : "CONFIRM",
"url" : "http://modxcms.com/forums/index.php/topic,60045.0.html"
},
{
"name" : "JVN#54092716",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN54092716/index.html"
},
{
"name" : "JVNDB-2011-000008",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000008.html"
},
{
"name" : "70771",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70771"
},
{
"name" : "modx-evolution-unspec-sql-injection(65082)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65082"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to AjaxSearch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "modx-evolution-unspec-sql-injection(65082)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65082"
},
{
"name": "JVN#54092716",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN54092716/index.html"
},
{
"name": "JVNDB-2011-000008",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000008.html"
},
{
"name": "70771",
"refsource": "OSVDB",
"url": "http://osvdb.org/70771"
},
{
"name": "http://modxcms.com/forums/index.php/topic,60045.0.html",
"refsource": "CONFIRM",
"url": "http://modxcms.com/forums/index.php/topic,60045.0.html"
}
]
}
}

150
2011/0xxx/CVE-2011-0215.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0215",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ImageIO in Apple Safari before 5.0.6 on Windows does not properly address re-entrancy issues, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4808",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4808"
},
{
"name" : "http://support.apple.com/kb/HT4981",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4981"
},
{
"name" : "APPLE-SA-2011-07-20-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
},
{
"name" : "APPLE-SA-2011-10-11-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ImageIO in Apple Safari before 5.0.6 on Windows does not properly address re-entrancy issues, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT4981",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4981"
},
{
"name": "APPLE-SA-2011-10-11-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT4808",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4808"
},
{
"name": "APPLE-SA-2011-07-20-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
}
]
}
}

150
2011/1xxx/CVE-2011-1376.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1376",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/client_ffdc/, which allows local users to read or modify files via standard filesystem operations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21569205",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21569205"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg24031675",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg24031675"
},
{
"name" : "PM49712",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg1PM49712"
},
{
"name" : "was-iscdeploy-insecure-permissions(71230)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71230"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/client_ffdc/, which allows local users to read or modify files via standard filesystem operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21569205",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21569205"
},
{
"name": "was-iscdeploy-insecure-permissions(71230)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71230"
},
{
"name": "PM49712",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1PM49712"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg24031675",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24031675"
}
]
}
}

200
2011/1xxx/CVE-2011-1584.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1584",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear before 2.2.3 does not properly restrict pathnames, which allows remote authenticated users to upload and execute arbitrary PHP code via the media_path or media_file parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110413 CVE request: dotclear before 2.2.3",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/04/13/19"
},
{
"name" : "[oss-security] 20110414 Re: CVE request: dotclear before 2.2.3",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/04/14/8"
},
{
"name" : "[oss-security] 20110415 Re: CVE request: dotclear before 2.2.3",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/04/15/11"
},
{
"name" : "[oss-security] 20110415 Re: CVE request: dotclear before 2.2.3",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/04/15/7"
},
{
"name" : "http://dev.dotclear.org/2.0/changeset/2:3427",
"refsource" : "MISC",
"url" : "http://dev.dotclear.org/2.0/changeset/2:3427"
},
{
"name" : "http://www.arcabit.com/english/home/a-flaw-in-dotclear",
"refsource" : "MISC",
"url" : "http://www.arcabit.com/english/home/a-flaw-in-dotclear"
},
{
"name" : "http://dotclear.org/blog/post/2011/04/01/Dotclear-2.2.3",
"refsource" : "CONFIRM",
"url" : "http://dotclear.org/blog/post/2011/04/01/Dotclear-2.2.3"
},
{
"name" : "http://fr.dotclear.org/blog/post/2011/04/01/Dotclear-2.2.3",
"refsource" : "CONFIRM",
"url" : "http://fr.dotclear.org/blog/post/2011/04/01/Dotclear-2.2.3"
},
{
"name" : "44049",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44049"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear before 2.2.3 does not properly restrict pathnames, which allows remote authenticated users to upload and execute arbitrary PHP code via the media_path or media_file parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110413 CVE request: dotclear before 2.2.3",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/13/19"
},
{
"name": "[oss-security] 20110415 Re: CVE request: dotclear before 2.2.3",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/15/7"
},
{
"name": "[oss-security] 20110415 Re: CVE request: dotclear before 2.2.3",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/15/11"
},
{
"name": "http://fr.dotclear.org/blog/post/2011/04/01/Dotclear-2.2.3",
"refsource": "CONFIRM",
"url": "http://fr.dotclear.org/blog/post/2011/04/01/Dotclear-2.2.3"
},
{
"name": "http://dotclear.org/blog/post/2011/04/01/Dotclear-2.2.3",
"refsource": "CONFIRM",
"url": "http://dotclear.org/blog/post/2011/04/01/Dotclear-2.2.3"
},
{
"name": "http://www.arcabit.com/english/home/a-flaw-in-dotclear",
"refsource": "MISC",
"url": "http://www.arcabit.com/english/home/a-flaw-in-dotclear"
},
{
"name": "http://dev.dotclear.org/2.0/changeset/2:3427",
"refsource": "MISC",
"url": "http://dev.dotclear.org/2.0/changeset/2:3427"
},
{
"name": "44049",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44049"
},
{
"name": "[oss-security] 20110414 Re: CVE request: dotclear before 2.2.3",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/14/8"
}
]
}
}

140
2014/3xxx/CVE-2014-3101.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3101",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers to obtain access via a brute-force attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682946",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682946"
},
{
"name" : "1030884",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030884"
},
{
"name" : "ibm-clearquest-cve20143101-bruteforce(94268)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94268"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers to obtain access via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-clearquest-cve20143101-bruteforce(94268)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94268"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682946",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682946"
},
{
"name": "1030884",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030884"
}
]
}
}

34
2014/3xxx/CVE-2014-3659.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3659",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-7169. Reason: This candidate is a reservation duplicate of CVE-2014-7169 because the CNA for this ID did not follow multiple procedures that are intended to minimize duplicate CVE assignments. Notes: All CVE users should reference CVE-2014-7169 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-3659",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-7169. Reason: This candidate is a reservation duplicate of CVE-2014-7169 because the CNA for this ID did not follow multiple procedures that are intended to minimize duplicate CVE assignments. Notes: All CVE users should reference CVE-2014-7169 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

140
2014/6xxx/CVE-2014-6910.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6910",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The MemorizeIt! (aka com.kshinenterprises.kshinent.memorizeit) application 1.7.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#805137",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/805137"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MemorizeIt! (aka com.kshinenterprises.kshinent.memorizeit) application 1.7.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "VU#805137",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/805137"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/6xxx/CVE-2014-6989.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6989",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Germanwings (aka com.germanwings.android) application 2.1.13 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#307321",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/307321"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Germanwings (aka com.germanwings.android) application 2.1.13 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#307321",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/307321"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7059.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7059",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TheDevildogGamer (aka com.wTheDevildogGamer) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#119617",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/119617"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TheDevildogGamer (aka com.wTheDevildogGamer) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#119617",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/119617"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7683.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7683",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Free Canadian Author Previews (aka com.booksellerscanada.authorpreview) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#424537",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/424537"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Free Canadian Author Previews (aka com.booksellerscanada.authorpreview) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#424537",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/424537"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

240
2014/7xxx/CVE-2014-7934.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7934",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unexpected absence of document data structures."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-7934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=427249",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=427249"
},
{
"name" : "https://src.chromium.org/viewvc/blink?revision=185504&view=revision",
"refsource" : "CONFIRM",
"url" : "https://src.chromium.org/viewvc/blink?revision=185504&view=revision"
},
{
"name" : "https://src.chromium.org/viewvc/blink?revision=185598&view=revision",
"refsource" : "CONFIRM",
"url" : "https://src.chromium.org/viewvc/blink?revision=185598&view=revision"
},
{
"name" : "GLSA-201502-13",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201502-13.xml"
},
{
"name" : "RHSA-2015:0093",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0093.html"
},
{
"name" : "openSUSE-SU-2015:0441",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html"
},
{
"name" : "USN-2476-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2476-1"
},
{
"name" : "72288",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72288"
},
{
"name" : "1031623",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031623"
},
{
"name" : "62575",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62575"
},
{
"name" : "62383",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62383"
},
{
"name" : "62665",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62665"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unexpected absence of document data structures."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62665",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62665"
},
{
"name": "https://src.chromium.org/viewvc/blink?revision=185504&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/blink?revision=185504&view=revision"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html"
},
{
"name": "62575",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62575"
},
{
"name": "https://src.chromium.org/viewvc/blink?revision=185598&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/blink?revision=185598&view=revision"
},
{
"name": "USN-2476-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2476-1"
},
{
"name": "72288",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72288"
},
{
"name": "GLSA-201502-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201502-13.xml"
},
{
"name": "1031623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031623"
},
{
"name": "openSUSE-SU-2015:0441",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html"
},
{
"name": "RHSA-2015:0093",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0093.html"
},
{
"name": "62383",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62383"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=427249",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=427249"
}
]
}
}

34
2014/8xxx/CVE-2014-8696.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8696",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8696",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2014/8xxx/CVE-2014-8925.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8925",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-8925",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21699148",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21699148"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21699148",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699148"
}
]
}
}

150
2014/9xxx/CVE-2014-9459.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9459",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for requests that add users to the administrator group via the id parameter in an admin action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141229 CSRF vulnerability in CMS e107 v.2 alpha2",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Dec/124"
},
{
"name" : "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-04.html",
"refsource" : "MISC",
"url" : "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-04.html"
},
{
"name" : "http://packetstormsecurity.com/files/129751/e107-2.0-Alpha2-Cross-Site-Request-Forgery.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129751/e107-2.0-Alpha2-Cross-Site-Request-Forgery.html"
},
{
"name" : "https://github.com/e107inc/e107/commit/9249f892b1e635979db2a830393694fb73531080",
"refsource" : "CONFIRM",
"url" : "https://github.com/e107inc/e107/commit/9249f892b1e635979db2a830393694fb73531080"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for requests that add users to the administrator group via the id parameter in an admin action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-04.html",
"refsource": "MISC",
"url": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-04.html"
},
{
"name": "http://packetstormsecurity.com/files/129751/e107-2.0-Alpha2-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129751/e107-2.0-Alpha2-Cross-Site-Request-Forgery.html"
},
{
"name": "https://github.com/e107inc/e107/commit/9249f892b1e635979db2a830393694fb73531080",
"refsource": "CONFIRM",
"url": "https://github.com/e107inc/e107/commit/9249f892b1e635979db2a830393694fb73531080"
},
{
"name": "20141229 CSRF vulnerability in CMS e107 v.2 alpha2",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/124"
}
]
}
}

130
2016/2xxx/CVE-2016-2072.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2072",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.1305.e, and 10.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.citrix.com/article/CTX206001",
"refsource" : "CONFIRM",
"url" : "http://support.citrix.com/article/CTX206001"
},
{
"name" : "1035098",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035098"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.1305.e, and 10.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035098",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035098"
},
{
"name": "http://support.citrix.com/article/CTX206001",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX206001"
}
]
}
}

34
2016/6xxx/CVE-2016-6010.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6010",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6010",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2016/6xxx/CVE-2016-6359.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6359",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Cisco Transport Gateway Installation Software 4.1(4.0) on Smart Call Home Transport Gateway devices allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug IDs CSCva40650 and CSCva40817."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160817 Cisco Smart Call Home Transport Gateway Cross-Site Scripting Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-sch"
},
{
"name" : "92516",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92516"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Cisco Transport Gateway Installation Software 4.1(4.0) on Smart Call Home Transport Gateway devices allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug IDs CSCva40650 and CSCva40817."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160817 Cisco Smart Call Home Transport Gateway Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-sch"
},
{
"name": "92516",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92516"
}
]
}
}

122
2017/18xxx/CVE-2017-18038.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@atlassian.com",
"DATE_PUBLIC" : "2017-02-02T00:00:00",
"ID" : "CVE-2017-18038",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Bitbucket Server",
"version" : {
"version_data" : [
{
"version_value" : "prior to 5.6.0"
}
]
}
}
]
},
"vendor_name" : "Atlassian"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Path Traversal"
}
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2017-02-02T00:00:00",
"ID": "CVE-2017-18038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Bitbucket Server",
"version": {
"version_data": [
{
"version_value": "prior to 5.6.0"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jira.atlassian.com/browse/BSERV-10592",
"refsource" : "CONFIRM",
"url" : "https://jira.atlassian.com/browse/BSERV-10592"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/BSERV-10592",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/BSERV-10592"
}
]
}
}

140
2017/5xxx/CVE-2017-5361.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5361",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016",
"refsource" : "CONFIRM",
"url" : "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016"
},
{
"name" : "DSA-3882",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3882"
},
{
"name" : "DSA-3883",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3883"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3883",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3883"
},
{
"name": "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016",
"refsource": "CONFIRM",
"url": "https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016"
},
{
"name": "DSA-3882",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3882"
}
]
}
}

284
2017/5xxx/CVE-2017-5465.json
View File

@ -1,144 +1,144 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2017-5465",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Thunderbird",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52.1"
}
]
}
},
{
"product_name" : "Firefox ESR",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "45.9"
},
{
"version_affected" : "<",
"version_value" : "52.1"
}
]
}
},
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "53"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An out-of-bounds read while processing SVG content in \"ConvolvePixel\". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds read in ConvolvePixel"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-5465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "52.1"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "45.9"
},
{
"version_affected": "<",
"version_value": "52.1"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "53"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42072",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42072/"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1347617",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1347617"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-10/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-10/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-11/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-11/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-12/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-12/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-13/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-13/"
},
{
"name" : "DSA-3831",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3831"
},
{
"name" : "RHSA-2017:1104",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1104"
},
{
"name" : "RHSA-2017:1106",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1106"
},
{
"name" : "RHSA-2017:1201",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1201"
},
{
"name" : "97940",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97940"
},
{
"name" : "1038320",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038320"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read while processing SVG content in \"ConvolvePixel\". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read in ConvolvePixel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1106",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1106"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-12/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-12/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1347617",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1347617"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-11/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-11/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-10/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-10/"
},
{
"name": "97940",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97940"
},
{
"name": "42072",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42072/"
},
{
"name": "DSA-3831",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3831"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-13/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-13/"
},
{
"name": "1038320",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038320"
},
{
"name": "RHSA-2017:1104",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1104"
},
{
"name": "RHSA-2017:1201",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
]
}
}

152
2017/5xxx/CVE-2017-5471.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2017-5471",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "54"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory safety bugs were reported in Firefox 53. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory safety bugs fixed in Firefox 54"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-5471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "54"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1349604%2C1318645%2C1361098%2C1361100%2C1341026%2C1349421%2C1360852%2C1299147%2C1352073%2C1354853%2C1366446%2C1342181%2C1343069",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1349604%2C1318645%2C1361098%2C1361100%2C1341026%2C1349421%2C1360852%2C1299147%2C1352073%2C1354853%2C1366446%2C1342181%2C1343069"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-15/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-15/"
},
{
"name" : "99042",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99042"
},
{
"name" : "1038689",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038689"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory safety bugs were reported in Firefox 53. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory safety bugs fixed in Firefox 54"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99042",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99042"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-15/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-15/"
},
{
"name": "1038689",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038689"
},
{
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1349604%2C1318645%2C1361098%2C1361100%2C1341026%2C1349421%2C1360852%2C1299147%2C1352073%2C1354853%2C1366446%2C1342181%2C1343069",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1349604%2C1318645%2C1361098%2C1361100%2C1341026%2C1349421%2C1360852%2C1299147%2C1352073%2C1354853%2C1366446%2C1342181%2C1343069"
}
]
}
}