admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:13:28 +00:00
parent 76a0ab1ff8
commit 1ac9a39755
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 4309 additions and 4309 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

288
2006/0xxx/CVE-2006-0207.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0207",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.hardened-php.net/advisory_012006.112.html",
"refsource" : "MISC",
"url" : "http://www.hardened-php.net/advisory_012006.112.html"
},
{
"name" : "http://www.php.net/release_5_1_2.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/release_5_1_2.php"
},
{
"name" : "DSA-1331",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2007/dsa-1331"
},
{
"name" : "GLSA-200603-22",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200603-22.xml"
},
{
"name" : "MDKSA-2006:028",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:028"
},
{
"name" : "SUSE-SR:2006:004",
"refsource" : "SUSE",
"url" : "http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html"
},
{
"name" : "USN-261-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/261-1/"
},
{
"name" : "16220",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16220"
},
{
"name" : "ADV-2006-0177",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0177"
},
{
"name" : "ADV-2006-0369",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0369"
},
{
"name" : "1015484",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015484"
},
{
"name" : "18431",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18431"
},
{
"name" : "18697",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18697"
},
{
"name" : "19179",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19179"
},
{
"name" : "19355",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19355"
},
{
"name" : "19012",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19012"
},
{
"name" : "25945",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25945"
},
{
"name" : "php-session-response-splitting(24094)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24094"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19355",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19355"
},
{
"name": "1015484",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015484"
},
{
"name": "USN-261-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/261-1/"
},
{
"name": "SUSE-SR:2006:004",
"refsource": "SUSE",
"url": "http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html"
},
{
"name": "18431",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18431"
},
{
"name": "ADV-2006-0369",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0369"
},
{
"name": "ADV-2006-0177",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0177"
},
{
"name": "19179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19179"
},
{
"name": "http://www.hardened-php.net/advisory_012006.112.html",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory_012006.112.html"
},
{
"name": "GLSA-200603-22",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-22.xml"
},
{
"name": "DSA-1331",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1331"
},
{
"name": "18697",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18697"
},
{
"name": "php-session-response-splitting(24094)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24094"
},
{
"name": "25945",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25945"
},
{
"name": "MDKSA-2006:028",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:028"
},
{
"name": "http://www.php.net/release_5_1_2.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/release_5_1_2.php"
},
{
"name": "19012",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19012"
},
{
"name": "16220",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16220"
}
]
}
}

148
2006/0xxx/CVE-2006-0415.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0415",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in SleeperChat 0.3f and earlier allows remote attackers to inject arbitrary web script or HTML via the pseudo parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "16363",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16363"
},
{
"name" : "22784",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22784"
},
{
"name" : "1015525",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015525"
},
{
"name" : "sleeperchat-index-xss(24300)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24300"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in SleeperChat 0.3f and earlier allows remote attackers to inject arbitrary web script or HTML via the pseudo parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22784",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22784"
},
{
"name": "sleeperchat-index-xss(24300)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24300"
},
{
"name": "1015525",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015525"
},
{
"name": "16363",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16363"
}
]
}
}

168
2006/3xxx/CVE-2006-3153.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3153",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.pl in Ultimate Estate 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/06/ultimate-estate-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/06/ultimate-estate-vuln.html"
},
{
"name" : "18573",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18573"
},
{
"name" : "ADV-2006-2475",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2475"
},
{
"name" : "26741",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26741"
},
{
"name" : "20761",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20761"
},
{
"name" : "ultimate-estate-index-xss(27274)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27274"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.pl in Ultimate Estate 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ultimate-estate-index-xss(27274)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27274"
},
{
"name": "26741",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26741"
},
{
"name": "ADV-2006-2475",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2475"
},
{
"name": "http://pridels0.blogspot.com/2006/06/ultimate-estate-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/06/ultimate-estate-vuln.html"
},
{
"name": "18573",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18573"
},
{
"name": "20761",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20761"
}
]
}
}

208
2006/3xxx/CVE-2006-3226.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3226",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka \"ACS Weak Session Management Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060623 Cisco Secure ACS Weak Session Management Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/438161/100/0/threaded"
},
{
"name" : "20060623 Re: Cisco Secure ACS Weak Session Management Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/438258/100/0/threaded"
},
{
"name" : "20060623 Cisco Secure ACS Weak Session Management Vulnerability",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html"
},
{
"name" : "18621",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18621"
},
{
"name" : "ADV-2006-2524",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2524"
},
{
"name" : "26825",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26825"
},
{
"name" : "1016369",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016369"
},
{
"name" : "20816",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20816"
},
{
"name" : "1157",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1157"
},
{
"name" : "cisco-acs-session-spoofing(27328)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27328"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka \"ACS Weak Session Management Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016369",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016369"
},
{
"name": "26825",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26825"
},
{
"name": "1157",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1157"
},
{
"name": "cisco-acs-session-spoofing(27328)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27328"
},
{
"name": "ADV-2006-2524",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2524"
},
{
"name": "20816",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20816"
},
{
"name": "20060623 Cisco Secure ACS Weak Session Management Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438161/100/0/threaded"
},
{
"name": "20060623 Cisco Secure ACS Weak Session Management Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html"
},
{
"name": "18621",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18621"
},
{
"name": "20060623 Re: Cisco Secure ACS Weak Session Management Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438258/100/0/threaded"
}
]
}
}

178
2006/3xxx/CVE-2006-3672.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3672",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero) argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3672",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://browserfun.blogspot.com/2006/07/mobb-14-konqueror-replacechild.html",
"refsource" : "MISC",
"url" : "http://browserfun.blogspot.com/2006/07/mobb-14-konqueror-replacechild.html"
},
{
"name" : "MDKSA-2006:130",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:130"
},
{
"name" : "USN-322-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-322-1"
},
{
"name" : "18978",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18978"
},
{
"name" : "ADV-2006-2812",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2812"
},
{
"name" : "27058",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27058"
},
{
"name" : "konqueror-replacechild-dos(27744)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27744"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero) argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2006:130",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:130"
},
{
"name": "27058",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27058"
},
{
"name": "18978",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18978"
},
{
"name": "konqueror-replacechild-dos(27744)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27744"
},
{
"name": "ADV-2006-2812",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2812"
},
{
"name": "http://browserfun.blogspot.com/2006/07/mobb-14-konqueror-replacechild.html",
"refsource": "MISC",
"url": "http://browserfun.blogspot.com/2006/07/mobb-14-konqueror-replacechild.html"
},
{
"name": "USN-322-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-322-1"
}
]
}
}

288
2006/3xxx/CVE-2006-3741.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3741",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The perfmonctl system call (sys_perfmonctl) in Linux kernel 2.4.x and 2.6 before 2.6.18, when running on Itanium systems, does not properly track the reference count for file descriptors, which allows local users to cause a denial of service (file descriptor consumption)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-3741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204360",
"refsource" : "CONFIRM",
"url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204360"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm"
},
{
"name" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b8444d00762703e1b6146fce12ce2684885f8bf6",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b8444d00762703e1b6146fce12ce2684885f8bf6"
},
{
"name" : "DSA-1233",
"refsource" : "DEBIAN",
"url" : "http://www.us.debian.org/security/2006/dsa-1233"
},
{
"name" : "MDKSA-2006:182",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:182"
},
{
"name" : "MDKSA-2007:025",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:025"
},
{
"name" : "RHSA-2006:0689",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0689.html"
},
{
"name" : "SUSE-SA:2006:079",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_79_kernel.html"
},
{
"name" : "20361",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20361"
},
{
"name" : "oval:org.mitre.oval:def:11250",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11250"
},
{
"name" : "ADV-2006-3937",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3937"
},
{
"name" : "22279",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22279"
},
{
"name" : "22292",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22292"
},
{
"name" : "22382",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22382"
},
{
"name" : "22945",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22945"
},
{
"name" : "23370",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23370"
},
{
"name" : "23474",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23474"
},
{
"name" : "kernel-sysperfmon-dos(29384)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29384"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The perfmonctl system call (sys_perfmonctl) in Linux kernel 2.4.x and 2.6 before 2.6.18, when running on Itanium systems, does not properly track the reference count for file descriptors, which allows local users to cause a denial of service (file descriptor consumption)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b8444d00762703e1b6146fce12ce2684885f8bf6",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b8444d00762703e1b6146fce12ce2684885f8bf6"
},
{
"name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204360",
"refsource": "CONFIRM",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204360"
},
{
"name": "MDKSA-2007:025",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:025"
},
{
"name": "SUSE-SA:2006:079",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_79_kernel.html"
},
{
"name": "22279",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22279"
},
{
"name": "22292",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22292"
},
{
"name": "RHSA-2006:0689",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0689.html"
},
{
"name": "oval:org.mitre.oval:def:11250",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11250"
},
{
"name": "MDKSA-2006:182",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:182"
},
{
"name": "22382",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22382"
},
{
"name": "23474",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23474"
},
{
"name": "kernel-sysperfmon-dos(29384)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29384"
},
{
"name": "DSA-1233",
"refsource": "DEBIAN",
"url": "http://www.us.debian.org/security/2006/dsa-1233"
},
{
"name": "23370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23370"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm"
},
{
"name": "22945",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22945"
},
{
"name": "ADV-2006-3937",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3937"
},
{
"name": "20361",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20361"
}
]
}
}

168
2006/4xxx/CVE-2006-4752.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4752",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote attackers to obtain the installation path via a query to the engine module, probably with an invalid action parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060911 XHP CMS v0.5.1 Vuls Xss and Full path vuls",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445727/100/0/threaded"
},
{
"name" : "ADV-2006-3560",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3560"
},
{
"name" : "1016823",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016823"
},
{
"name" : "21877",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21877"
},
{
"name" : "1565",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1565"
},
{
"name" : "xhpcms-action-path-disclosure(28862)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28862"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote attackers to obtain the installation path via a query to the engine module, probably with an invalid action parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3560",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3560"
},
{
"name": "xhpcms-action-path-disclosure(28862)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28862"
},
{
"name": "20060911 XHP CMS v0.5.1 Vuls Xss and Full path vuls",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445727/100/0/threaded"
},
{
"name": "21877",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21877"
},
{
"name": "1016823",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016823"
},
{
"name": "1565",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1565"
}
]
}
}

168
2006/4xxx/CVE-2006-4782.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4782",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "src/index.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication and gain sensitive information stored in the database via a modified userID parameter in a write action to admin/database.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2352",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2352"
},
{
"name" : "http://cms.webspell.org/index.php?site=files&file=15",
"refsource" : "CONFIRM",
"url" : "http://cms.webspell.org/index.php?site=files&file=15"
},
{
"name" : "19975",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19975"
},
{
"name" : "ADV-2006-3572",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3572"
},
{
"name" : "21881",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21881"
},
{
"name" : "webspell-login-authentication-bypass(28896)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28896"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "src/index.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication and gain sensitive information stored in the database via a modified userID parameter in a write action to admin/database.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "webspell-login-authentication-bypass(28896)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28896"
},
{
"name": "21881",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21881"
},
{
"name": "2352",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2352"
},
{
"name": "19975",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19975"
},
{
"name": "ADV-2006-3572",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3572"
},
{
"name": "http://cms.webspell.org/index.php?site=files&file=15",
"refsource": "CONFIRM",
"url": "http://cms.webspell.org/index.php?site=files&file=15"
}
]
}
}

138
2006/4xxx/CVE-2006-4838.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4838",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) root_url and (2) dcp_version parameters in (a) admin/inc/footer.inc.php, and the root_url, (3) page_top_name, (4) page_name, and (5) page_options parameters in (b) admin/inc/header.inc.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060914 DCP-Portal SE 6.0 multiple injections",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445996/100/0/threaded"
},
{
"name" : "20024",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20024"
},
{
"name" : "1585",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1585"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) root_url and (2) dcp_version parameters in (a) admin/inc/footer.inc.php, and the root_url, (3) page_top_name, (4) page_name, and (5) page_options parameters in (b) admin/inc/header.inc.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060914 DCP-Portal SE 6.0 multiple injections",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445996/100/0/threaded"
},
{
"name": "20024",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20024"
},
{
"name": "1585",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1585"
}
]
}
}

178
2006/4xxx/CVE-2006-4850.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4850",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in system/_b/contentFiles/gBIndex.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060915 BolinOS v.4.5.5 <= (gBRootPath) Remote File Include Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446113/100/0/threaded"
},
{
"name" : "2372",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2372"
},
{
"name" : "20037",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20037"
},
{
"name" : "ADV-2006-3642",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3642"
},
{
"name" : "21965",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21965"
},
{
"name" : "1593",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1593"
},
{
"name" : "bolinos-index-file-include(28991)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28991"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in system/_b/contentFiles/gBIndex.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20037",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20037"
},
{
"name": "2372",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2372"
},
{
"name": "1593",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1593"
},
{
"name": "ADV-2006-3642",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3642"
},
{
"name": "20060915 BolinOS v.4.5.5 <= (gBRootPath) Remote File Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446113/100/0/threaded"
},
{
"name": "21965",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21965"
},
{
"name": "bolinos-index-file-include(28991)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28991"
}
]
}
}

208
2006/6xxx/CVE-2006-6157.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6157",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in ContentNow 1.39 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter. NOTE: this issue can be leveraged for path disclosure with an invalid pageid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061121 ContentNow CMS 1.39 Sql Injection + Path Disclosure Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/452231/100/100/threaded"
},
{
"name" : "2822",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2822"
},
{
"name" : "http://www.0xcafebabe.it/sploits/contentnow_139_sqlinj.pl",
"refsource" : "MISC",
"url" : "http://www.0xcafebabe.it/sploits/contentnow_139_sqlinj.pl"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?group_id=161604&release_id=465437",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?group_id=161604&release_id=465437"
},
{
"name" : "21237",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21237"
},
{
"name" : "ADV-2006-4663",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4663"
},
{
"name" : "1017265",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017265"
},
{
"name" : "23005",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23005"
},
{
"name" : "1925",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1925"
},
{
"name" : "contentnow-index-sql-injection(30459)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30459"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in ContentNow 1.39 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter. NOTE: this issue can be leveraged for path disclosure with an invalid pageid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1925",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1925"
},
{
"name": "ADV-2006-4663",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4663"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=161604&release_id=465437",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=161604&release_id=465437"
},
{
"name": "1017265",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017265"
},
{
"name": "2822",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2822"
},
{
"name": "21237",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21237"
},
{
"name": "20061121 ContentNow CMS 1.39 Sql Injection + Path Disclosure Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452231/100/100/threaded"
},
{
"name": "23005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23005"
},
{
"name": "http://www.0xcafebabe.it/sploits/contentnow_139_sqlinj.pl",
"refsource": "MISC",
"url": "http://www.0xcafebabe.it/sploits/contentnow_139_sqlinj.pl"
},
{
"name": "contentnow-index-sql-injection(30459)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30459"
}
]
}
}

148
2010/2xxx/CVE-2010-2001.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2001",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the CiviRegister module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2001",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/797342",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/797342"
},
{
"name" : "http://drupal.org/node/797352",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/797352"
},
{
"name" : "40130",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40130"
},
{
"name" : "39806",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39806"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the CiviRegister module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/797352",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/797352"
},
{
"name": "http://drupal.org/node/797342",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/797342"
},
{
"name": "39806",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39806"
},
{
"name": "40130",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40130"
}
]
}
}

138
2010/2xxx/CVE-2010-2079.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2079",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DataTrack System 3.5 allows remote attackers to bypass intended restrictions on file extensions, and read arbitrary files, via a trailing backslash in a URI, as demonstrated by (1) web.config\\ and (2) .ascx\\ files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://cross-site-scripting.blogspot.com/2010/05/datatrack-system-35-persistent-xss.html",
"refsource" : "MISC",
"url" : "http://cross-site-scripting.blogspot.com/2010/05/datatrack-system-35-persistent-xss.html"
},
{
"name" : "http://packetstormsecurity.org/1005-exploits/datatrackserver35-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1005-exploits/datatrackserver35-xss.txt"
},
{
"name" : "datatrack-backslash-info-disc(58735)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58735"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DataTrack System 3.5 allows remote attackers to bypass intended restrictions on file extensions, and read arbitrary files, via a trailing backslash in a URI, as demonstrated by (1) web.config\\ and (2) .ascx\\ files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cross-site-scripting.blogspot.com/2010/05/datatrack-system-35-persistent-xss.html",
"refsource": "MISC",
"url": "http://cross-site-scripting.blogspot.com/2010/05/datatrack-system-35-persistent-xss.html"
},
{
"name": "datatrack-backslash-info-disc(58735)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58735"
},
{
"name": "http://packetstormsecurity.org/1005-exploits/datatrackserver35-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1005-exploits/datatrackserver35-xss.txt"
}
]
}
}

198
2010/2xxx/CVE-2010-2621.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2621",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://aluigi.org/adv/qtsslame-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.org/adv/qtsslame-adv.txt"
},
{
"name" : "http://aluigi.org/poc/qtsslame.zip",
"refsource" : "MISC",
"url" : "http://aluigi.org/poc/qtsslame.zip"
},
{
"name" : "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597",
"refsource" : "CONFIRM",
"url" : "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597"
},
{
"name" : "SUSE-SU-2011:1113",
"refsource" : "SUSE",
"url" : "https://hermes.opensuse.org/messages/12056605"
},
{
"name" : "41250",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41250"
},
{
"name" : "65860",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/65860"
},
{
"name" : "40389",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40389"
},
{
"name" : "46410",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46410"
},
{
"name" : "ADV-2010-1657",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1657"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46410"
},
{
"name": "ADV-2010-1657",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1657"
},
{
"name": "http://aluigi.org/poc/qtsslame.zip",
"refsource": "MISC",
"url": "http://aluigi.org/poc/qtsslame.zip"
},
{
"name": "41250",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41250"
},
{
"name": "65860",
"refsource": "OSVDB",
"url": "http://osvdb.org/65860"
},
{
"name": "40389",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40389"
},
{
"name": "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597",
"refsource": "CONFIRM",
"url": "http://qt.gitorious.org/qt/qt/commit/c25c7c9bdfade6b906f37ac8bad44f6f0de57597"
},
{
"name": "SUSE-SU-2011:1113",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/12056605"
},
{
"name": "http://aluigi.org/adv/qtsslame-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.org/adv/qtsslame-adv.txt"
}
]
}
}

178
2010/2xxx/CVE-2010-2633.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2633",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in EMC Disk Library (EDL) before 3.2.7, 3.3.x before 3.3.2 epatch 8, and 4.0.x before 4.0.1 epatch 4 allows remote attackers to cause a denial of service (communication-module crash) by sending a crafted message through TCP."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2010-2633",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100730 ESA-2010-012: EMC Disk Library (EDL) Denial Of Service Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2010-07/0272.html"
},
{
"name" : "42105",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/42105"
},
{
"name" : "66826",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/66826"
},
{
"name" : "1024265",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024265"
},
{
"name" : "40828",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40828"
},
{
"name" : "ADV-2010-1969",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1969"
},
{
"name" : "edl-tcp-dos(60853)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60853"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in EMC Disk Library (EDL) before 3.2.7, 3.3.x before 3.3.2 epatch 8, and 4.0.x before 4.0.1 epatch 4 allows remote attackers to cause a denial of service (communication-module crash) by sending a crafted message through TCP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100730 ESA-2010-012: EMC Disk Library (EDL) Denial Of Service Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-07/0272.html"
},
{
"name": "66826",
"refsource": "OSVDB",
"url": "http://osvdb.org/66826"
},
{
"name": "ADV-2010-1969",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1969"
},
{
"name": "42105",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42105"
},
{
"name": "edl-tcp-dos(60853)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60853"
},
{
"name": "40828",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40828"
},
{
"name": "1024265",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024265"
}
]
}
}

188
2010/2xxx/CVE-2010-2718.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2718",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in CruxSoftware CruxPA 2.00, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) txtusername parameter to login.php, (2) todo parameter to newtodo.php, and unspecified vectors to (3) newtelephone.php and (4) newappointment.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100708 XSS vulnerability in CruxPA",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/512243/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.org/1007-exploits/cruxpa-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1007-exploits/cruxpa-xss.txt"
},
{
"name" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa.html",
"refsource" : "MISC",
"url" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa.html"
},
{
"name" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_1.html",
"refsource" : "MISC",
"url" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_1.html"
},
{
"name" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_2.html",
"refsource" : "MISC",
"url" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_2.html"
},
{
"name" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_3.html",
"refsource" : "MISC",
"url" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_3.html"
},
{
"name" : "41495",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41495"
},
{
"name" : "ADV-2010-1709",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1709"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in CruxSoftware CruxPA 2.00, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) txtusername parameter to login.php, (2) todo parameter to newtodo.php, and unspecified vectors to (3) newtelephone.php and (4) newappointment.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_3.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_3.html"
},
{
"name": "http://packetstormsecurity.org/1007-exploits/cruxpa-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1007-exploits/cruxpa-xss.txt"
},
{
"name": "ADV-2010-1709",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1709"
},
{
"name": "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa.html"
},
{
"name": "20100708 XSS vulnerability in CruxPA",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/512243/100/0/threaded"
},
{
"name": "41495",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41495"
},
{
"name": "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_2.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_2.html"
},
{
"name": "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_1.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_1.html"
}
]
}
}

158
2010/3xxx/CVE-2010-3895.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3895",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges by specifying an arbitrary command name as the first argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3895",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101109 IBM OmniFind - several vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/514688/100/0/threaded"
},
{
"name" : "15475",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15475"
},
{
"name" : "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt",
"refsource" : "MISC",
"url" : "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt"
},
{
"name" : "44740",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44740"
},
{
"name" : "ADV-2010-2933",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2933"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges by specifying an arbitrary command name as the first argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20101109 IBM OmniFind - several vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514688/100/0/threaded"
},
{
"name": "15475",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15475"
},
{
"name": "44740",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44740"
},
{
"name": "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt",
"refsource": "MISC",
"url": "http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt"
},
{
"name": "ADV-2010-2933",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2933"
}
]
}
}

138
2011/0xxx/CVE-2011-0209.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0209",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RIFF WAV file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4723",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4723"
},
{
"name" : "APPLE-SA-2011-06-23-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
},
{
"name" : "APPLE-SA-2011-08-03-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RIFF WAV file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT4723",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4723"
},
{
"name": "APPLE-SA-2011-06-23-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
},
{
"name": "APPLE-SA-2011-08-03-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html"
}
]
}
}

148
2011/0xxx/CVE-2011-0250.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0250",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSS atoms in a QuickTime movie file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT5002",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5002"
},
{
"name" : "APPLE-SA-2011-08-03-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html"
},
{
"name" : "APPLE-SA-2011-10-12-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name" : "oval:org.mitre.oval:def:15885",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15885"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSS atoms in a QuickTime movie file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2011-08-03-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html"
},
{
"name": "APPLE-SA-2011-10-12-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "http://support.apple.com/kb/HT5002",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "oval:org.mitre.oval:def:15885",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15885"
}
]
}
}

378
2011/0xxx/CVE-2011-0868.json
View File

@ -1,192 +1,192 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0868",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2011-0868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100144512",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100144512"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100147041",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100147041"
},
{
"name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-015/index.html",
"refsource" : "CONFIRM",
"url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-015/index.html"
},
{
"name" : "http://www.ibm.com/developerworks/java/jdk/alerts/",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"name" : "DSA-2311",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2311"
},
{
"name" : "GLSA-201406-32",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name" : "HPSBUX02697",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=132439520301822&w=2"
},
{
"name" : "SSRT100591",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=132439520301822&w=2"
},
{
"name" : "HPSBMU02797",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name" : "SSRT100867",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name" : "HPSBMU02799",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name" : "MDVSA-2011:126",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:126"
},
{
"name" : "RHSA-2011:0856",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0856.html"
},
{
"name" : "RHSA-2011:0857",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0857.html"
},
{
"name" : "RHSA-2011:0860",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0860.html"
},
{
"name" : "RHSA-2011:0938",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0938.html"
},
{
"name" : "RHSA-2013:1455",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name" : "SUSE-SA:2011:030",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00003.html"
},
{
"name" : "SUSE-SU-2011:0807",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00009.html"
},
{
"name" : "openSUSE-SU-2011:0633",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00003.html"
},
{
"name" : "TA11-201A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"
},
{
"name" : "oval:org.mitre.oval:def:14264",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14264"
},
{
"name" : "oval:org.mitre.oval:def:14827",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14827"
},
{
"name" : "44818",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44818"
},
{
"name" : "44930",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44930"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-015/index.html",
"refsource": "CONFIRM",
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-015/index.html"
},
{
"name": "oval:org.mitre.oval:def:14264",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14264"
},
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "HPSBMU02799",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name": "TA11-201A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"
},
{
"name": "DSA-2311",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2311"
},
{
"name": "http://support.avaya.com/css/P8/documents/100144512",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100144512"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html"
},
{
"name": "RHSA-2013:1455",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "44818",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44818"
},
{
"name": "RHSA-2011:0856",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0856.html"
},
{
"name": "RHSA-2011:0938",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0938.html"
},
{
"name": "http://support.avaya.com/css/P8/documents/100147041",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100147041"
},
{
"name": "oval:org.mitre.oval:def:14827",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14827"
},
{
"name": "44930",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44930"
},
{
"name": "SUSE-SA:2011:030",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00003.html"
},
{
"name": "SSRT100591",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=132439520301822&w=2"
},
{
"name": "MDVSA-2011:126",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:126"
},
{
"name": "SSRT100867",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name": "SUSE-SU-2011:0807",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00009.html"
},
{
"name": "openSUSE-SU-2011:0633",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00003.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"
},
{
"name": "HPSBUX02697",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=132439520301822&w=2"
},
{
"name": "RHSA-2011:0860",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0860.html"
},
{
"name": "HPSBMU02797",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name": "http://www.ibm.com/developerworks/java/jdk/alerts/",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"name": "RHSA-2011:0857",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0857.html"
}
]
}
}

32
2011/1xxx/CVE-2011-1289.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1289",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1289",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

238
2011/1xxx/CVE-2011-1419.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1419",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[announce] 20110302 [SECURITY] Tomcat 7 ignores @ServletSecurity annotations",
"refsource" : "MLIST",
"url" : "http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%3C4D6E74FF.7050106@apache.org%3E"
},
{
"name" : "[users] 20110302 Re: @DenyAll does nothing",
"refsource" : "MLIST",
"url" : "http://markmail.org/message/lzx5273wsgl5pob6"
},
{
"name" : "[users] 20110302 Re: @DenyAll does nothing",
"refsource" : "MLIST",
"url" : "http://markmail.org/message/yzmyn44f5aetmm2r"
},
{
"name" : "[users] 20110309 [SECURITY] Tomcat 7 ignores @ServletSecurity annotations",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=tomcat-user&m=129966773405409&w=2"
},
{
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1079752",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1079752"
},
{
"name" : "http://tomcat.apache.org/security-7.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-7.html"
},
{
"name" : "46685",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46685"
},
{
"name" : "71027",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/71027"
},
{
"name" : "43684",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43684"
},
{
"name" : "8131",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8131"
},
{
"name" : "ADV-2011-0563",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0563"
},
{
"name" : "tomcat-servletsecurity-sec-bypass(65971)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65971"
},
{
"name" : "apache-servletsecurity-sec-bypass(66154)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66154"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "tomcat-servletsecurity-sec-bypass(65971)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65971"
},
{
"name": "43684",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43684"
},
{
"name": "46685",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46685"
},
{
"name": "ADV-2011-0563",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0563"
},
{
"name": "http://tomcat.apache.org/security-7.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "8131",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8131"
},
{
"name": "apache-servletsecurity-sec-bypass(66154)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66154"
},
{
"name": "71027",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/71027"
},
{
"name": "[announce] 20110302 [SECURITY] Tomcat 7 ignores @ServletSecurity annotations",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%3C4D6E74FF.7050106@apache.org%3E"
},
{
"name": "http://svn.apache.org/viewvc?view=revision&revision=1079752",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1079752"
},
{
"name": "[users] 20110302 Re: @DenyAll does nothing",
"refsource": "MLIST",
"url": "http://markmail.org/message/lzx5273wsgl5pob6"
},
{
"name": "[users] 20110302 Re: @DenyAll does nothing",
"refsource": "MLIST",
"url": "http://markmail.org/message/yzmyn44f5aetmm2r"
},
{
"name": "[users] 20110309 [SECURITY] Tomcat 7 ignores @ServletSecurity annotations",
"refsource": "MLIST",
"url": "http://marc.info/?l=tomcat-user&m=129966773405409&w=2"
}
]
}
}

138
2011/1xxx/CVE-2011-1555.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1555",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in saa.php in Andy's PHP Knowledgebase (Aphpkb) 0.95.3 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter, a different vulnerability than CVE-2011-1546. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://aphpkb.blogspot.com/2011/03/this-release-includes-security-fixes.html",
"refsource" : "CONFIRM",
"url" : "http://aphpkb.blogspot.com/2011/03/this-release-includes-security-fixes.html"
},
{
"name" : "34476",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34476"
},
{
"name" : "ADV-2011-0802",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0802"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in saa.php in Andy's PHP Knowledgebase (Aphpkb) 0.95.3 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter, a different vulnerability than CVE-2011-1546. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aphpkb.blogspot.com/2011/03/this-release-includes-security-fixes.html",
"refsource": "CONFIRM",
"url": "http://aphpkb.blogspot.com/2011/03/this-release-includes-security-fixes.html"
},
{
"name": "ADV-2011-0802",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0802"
},
{
"name": "34476",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34476"
}
]
}
}

158
2011/5xxx/CVE-2011-5277.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5277",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in signature.php in the Advanced Forum Signatures (aka afsignatures) plugin 2.0.4 for MyBB allow remote attackers to execute arbitrary SQL commands via the (1) afs_type, (2) afs_background, (3) afs_showonline, (4) afs_bar_left, (5) afs_bar_center, (6) afs_full_line1, (7) afs_full_line2, (8) afs_full_line3, (9) afs_full_line4, (10) afs_full_line5, or (11) afs_full_line6 parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "17961",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/17961"
},
{
"name" : "50051",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/50051/info"
},
{
"name" : "76295",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/76295"
},
{
"name" : "46352",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46352"
},
{
"name" : "mybbafs-signature-sql-injection(70473)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70473"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in signature.php in the Advanced Forum Signatures (aka afsignatures) plugin 2.0.4 for MyBB allow remote attackers to execute arbitrary SQL commands via the (1) afs_type, (2) afs_background, (3) afs_showonline, (4) afs_bar_left, (5) afs_bar_center, (6) afs_full_line1, (7) afs_full_line2, (8) afs_full_line3, (9) afs_full_line4, (10) afs_full_line5, or (11) afs_full_line6 parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mybbafs-signature-sql-injection(70473)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70473"
},
{
"name": "17961",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17961"
},
{
"name": "46352",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46352"
},
{
"name": "76295",
"refsource": "OSVDB",
"url": "http://osvdb.org/76295"
},
{
"name": "50051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50051/info"
}
]
}
}

668
2014/3xxx/CVE-2014-3506.json
View File

@ -1,337 +1,337 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3506",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
"refsource" : "MLIST",
"url" : "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
},
{
"name" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1250f12613b61758675848f6600ebd914ccd7636",
"refsource" : "CONFIRM",
"url" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1250f12613b61758675848f6600ebd914ccd7636"
},
{
"name" : "https://www.openssl.org/news/secadv_20140806.txt",
"refsource" : "CONFIRM",
"url" : "https://www.openssl.org/news/secadv_20140806.txt"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2014-1053.html",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2014-1053.html"
},
{
"name" : "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc",
"refsource" : "CONFIRM",
"url" : "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686997",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
},
{
"name" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682293",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
},
{
"name" : "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html",
"refsource" : "CONFIRM",
"url" : "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683389",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1127500",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1127500"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2014-1052.html",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2014-1052.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
},
{
"name" : "DSA-2998",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2998"
},
{
"name" : "FEDORA-2014-9301",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
},
{
"name" : "FEDORA-2014-9308",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
},
{
"name" : "FreeBSD-SA-14:18",
"refsource" : "FREEBSD",
"url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
},
{
"name" : "GLSA-201412-39",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201412-39.xml"
},
{
"name" : "HPSBOV03099",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=141077370928502&w=2"
},
{
"name" : "HPSBUX03095",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140853041709441&w=2"
},
{
"name" : "SSRT101674",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140853041709441&w=2"
},
{
"name" : "HPSBHF03293",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142660345230545&w=2"
},
{
"name" : "SSRT101846",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142660345230545&w=2"
},
{
"name" : "MDVSA-2014:158",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:158"
},
{
"name" : "NetBSD-SA2014-008",
"refsource" : "NETBSD",
"url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
},
{
"name" : "RHSA-2014:1256",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1256.html"
},
{
"name" : "RHSA-2014:1297",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1297.html"
},
{
"name" : "openSUSE-SU-2014:1052",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
},
{
"name" : "openSUSE-SU-2016:0640",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"name" : "69076",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69076"
},
{
"name" : "1030693",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030693"
},
{
"name" : "59221",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59221"
},
{
"name" : "60687",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60687"
},
{
"name" : "60824",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60824"
},
{
"name" : "60917",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60917"
},
{
"name" : "60921",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60921"
},
{
"name" : "60938",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60938"
},
{
"name" : "61775",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61775"
},
{
"name" : "61959",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61959"
},
{
"name" : "59756",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59756"
},
{
"name" : "60803",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60803"
},
{
"name" : "61017",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61017"
},
{
"name" : "61040",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61040"
},
{
"name" : "61100",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61100"
},
{
"name" : "61250",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61250"
},
{
"name" : "61184",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61184"
},
{
"name" : "59743",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59743"
},
{
"name" : "60778",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60778"
},
{
"name" : "58962",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58962"
},
{
"name" : "59700",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59700"
},
{
"name" : "59710",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59710"
},
{
"name" : "60022",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60022"
},
{
"name" : "60684",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60684"
},
{
"name" : "60221",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60221"
},
{
"name" : "60493",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60493"
},
{
"name" : "openssl-cve20143506-dos(95160)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95160"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:1297",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1297.html"
},
{
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1250f12613b61758675848f6600ebd914ccd7636",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1250f12613b61758675848f6600ebd914ccd7636"
},
{
"name": "openSUSE-SU-2014:1052",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-1052.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-1052.html"
},
{
"name": "60221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60221"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
},
{
"name": "60778",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60778"
},
{
"name": "61184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61184"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1127500",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127500"
},
{
"name": "SSRT101846",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142660345230545&w=2"
},
{
"name": "RHSA-2014:1256",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1256.html"
},
{
"name": "60022",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60022"
},
{
"name": "https://www.openssl.org/news/secadv_20140806.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv_20140806.txt"
},
{
"name": "61040",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61040"
},
{
"name": "61017",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61017"
},
{
"name": "61250",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61250"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
},
{
"name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
},
{
"name": "GLSA-201412-39",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
},
{
"name": "HPSBHF03293",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142660345230545&w=2"
},
{
"name": "60803",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60803"
},
{
"name": "69076",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69076"
},
{
"name": "60824",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60824"
},
{
"name": "HPSBUX03095",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140853041709441&w=2"
},
{
"name": "59700",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59700"
},
{
"name": "FEDORA-2014-9308",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
},
{
"name": "1030693",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030693"
},
{
"name": "59743",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59743"
},
{
"name": "openSUSE-SU-2016:0640",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"name": "60917",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60917"
},
{
"name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html",
"refsource": "CONFIRM",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html"
},
{
"name": "NetBSD-SA2014-008",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
},
{
"name": "60493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60493"
},
{
"name": "59710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59710"
},
{
"name": "60921",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60921"
},
{
"name": "HPSBOV03099",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=141077370928502&w=2"
},
{
"name": "59221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59221"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
},
{
"name": "61100",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61100"
},
{
"name": "FreeBSD-SA-14:18",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
},
{
"name": "61775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61775"
},
{
"name": "DSA-2998",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2998"
},
{
"name": "FEDORA-2014-9301",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
},
{
"name": "SSRT101674",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140853041709441&w=2"
},
{
"name": "61959",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61959"
},
{
"name": "59756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59756"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
},
{
"name": "58962",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58962"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-1053.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-1053.html"
},
{
"name": "60938",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60938"
},
{
"name": "60684",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60684"
},
{
"name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
"refsource": "MLIST",
"url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
},
{
"name": "openssl-cve20143506-dos(95160)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95160"
},
{
"name": "60687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60687"
},
{
"name": "MDVSA-2014:158",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:158"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
}
]
}
}

218
2014/3xxx/CVE-2014-3565.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3565",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/p/net-snmp/code/ci/7f4a7b891332899cea26e95be0337aae01648742/",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/p/net-snmp/code/ci/7f4a7b891332899cea26e95be0337aae01648742/"
},
{
"name" : "http://sourceforge.net/p/net-snmp/official-patches/48/",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/p/net-snmp/official-patches/48/"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1125155",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1125155"
},
{
"name" : "https://support.apple.com/HT205375",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205375"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name" : "APPLE-SA-2015-10-21-4",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html"
},
{
"name" : "GLSA-201507-17",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201507-17"
},
{
"name" : "RHSA-2015:1385",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1385.html"
},
{
"name" : "openSUSE-SU-2014:1108",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00013.html"
},
{
"name" : "USN-2711-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2711-1"
},
{
"name" : "69477",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69477"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2015-10-21-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html"
},
{
"name": "https://support.apple.com/HT205375",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205375"
},
{
"name": "http://sourceforge.net/p/net-snmp/code/ci/7f4a7b891332899cea26e95be0337aae01648742/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/net-snmp/code/ci/7f4a7b891332899cea26e95be0337aae01648742/"
},
{
"name": "http://sourceforge.net/p/net-snmp/official-patches/48/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/net-snmp/official-patches/48/"
},
{
"name": "69477",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69477"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "USN-2711-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2711-1"
},
{
"name": "openSUSE-SU-2014:1108",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00013.html"
},
{
"name": "GLSA-201507-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-17"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1125155",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1125155"
},
{
"name": "RHSA-2015:1385",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1385.html"
}
]
}
}

32
2014/3xxx/CVE-2014-3734.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3734",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3734",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

228
2014/3xxx/CVE-2014-3977.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3977",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "33725",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/33725"
},
{
"name" : "http://packetstormsecurity.com/files/127067/IBM-AIX-6.1.8-Privilege-Escalation.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127067/IBM-AIX-6.1.8-Privilege-Escalation.html"
},
{
"name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3977/",
"refsource" : "MISC",
"url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3977/"
},
{
"name" : "http://aix.software.ibm.com/aix/efixes/security/libodm_advisory.asc",
"refsource" : "CONFIRM",
"url" : "http://aix.software.ibm.com/aix/efixes/security/libodm_advisory.asc"
},
{
"name" : "IV60299",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV60299"
},
{
"name" : "IV60303",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV60303"
},
{
"name" : "IV60311",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV60311"
},
{
"name" : "IV60312",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV60312"
},
{
"name" : "IV60313",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV60313"
},
{
"name" : "IV60314",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV60314"
},
{
"name" : "1030401",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030401"
},
{
"name" : "aix-libodm-symlink(93595)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93595"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IV60312",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60312"
},
{
"name": "IV60314",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60314"
},
{
"name": "IV60299",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60299"
},
{
"name": "http://packetstormsecurity.com/files/127067/IBM-AIX-6.1.8-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127067/IBM-AIX-6.1.8-Privilege-Escalation.html"
},
{
"name": "aix-libodm-symlink(93595)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93595"
},
{
"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3977/",
"refsource": "MISC",
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3977/"
},
{
"name": "1030401",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030401"
},
{
"name": "IV60313",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60313"
},
{
"name": "33725",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/33725"
},
{
"name": "IV60303",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60303"
},
{
"name": "IV60311",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IV60311"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/libodm_advisory.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/libodm_advisory.asc"
}
]
}
}

138
2014/6xxx/CVE-2014-6002.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6002",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DTE Energy (aka com.dteenergy.mydte) application 3.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#450057",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/450057"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DTE Energy (aka com.dteenergy.mydte) application 3.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#450057",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/450057"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

148
2014/6xxx/CVE-2014-6148.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6148",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21688549",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21688549"
},
{
"name" : "70842",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70842"
},
{
"name" : "61785",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61785"
},
{
"name" : "ibm-taddm-cve20146148-info-disc(96918)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96918"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21688549",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688549"
},
{
"name": "61785",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61785"
},
{
"name": "ibm-taddm-cve20146148-info-disc(96918)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96918"
},
{
"name": "70842",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70842"
}
]
}
}

138
2014/6xxx/CVE-2014-6906.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6906",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Loli Chocolate Cake (aka com.alison.kang.chocolatecake) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#438969",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/438969"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Loli Chocolate Cake (aka com.alison.kang.chocolatecake) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#438969",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/438969"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

128
2014/7xxx/CVE-2014-7194.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7194",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TIBCO Managed File Transfer Internet Server before 7.2.4, Managed File Transfer Command Center before 7.2.4, Slingshot before 1.9.3, and Vault before 1.1.1 allow remote attackers to obtain sensitive information or modify data by leveraging agent access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.tibco.com/assets/blt7454ec3ae638d8c4/mft-advisory-20141029-008.txt",
"refsource" : "CONFIRM",
"url" : "http://www.tibco.com/assets/blt7454ec3ae638d8c4/mft-advisory-20141029-008.txt"
},
{
"name" : "http://www.tibco.com/mk/advisory.jsp",
"refsource" : "CONFIRM",
"url" : "http://www.tibco.com/mk/advisory.jsp"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TIBCO Managed File Transfer Internet Server before 7.2.4, Managed File Transfer Command Center before 7.2.4, Slingshot before 1.9.3, and Vault before 1.1.1 allow remote attackers to obtain sensitive information or modify data by leveraging agent access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/assets/blt7454ec3ae638d8c4/mft-advisory-20141029-008.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/assets/blt7454ec3ae638d8c4/mft-advisory-20141029-008.txt"
},
{
"name": "http://www.tibco.com/mk/advisory.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/mk/advisory.jsp"
}
]
}
}

138
2014/7xxx/CVE-2014-7389.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7389",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Amnesia Groove (aka com.nobexinc.wls_88552576.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#555129",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/555129"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Amnesia Groove (aka com.nobexinc.wls_88552576.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#555129",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/555129"
}
]
}
}

138
2014/7xxx/CVE-2014-7766.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7766",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The 7 Habits Personal Development (aka appinventor.ai_ingka_d_jiw.TheCompleteGuideToApplyingThe7HabitsInHolisticPersonalDevelopment) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7766",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#356689",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/356689"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The 7 Habits Personal Development (aka appinventor.ai_ingka_d_jiw.TheCompleteGuideToApplyingThe7HabitsInHolisticPersonalDevelopment) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#356689",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/356689"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

188
2014/7xxx/CVE-2014-7899.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7899",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-7899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=389734",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=389734"
},
{
"name" : "https://src.chromium.org/viewvc/chrome?revision=279232&view=revision",
"refsource" : "CONFIRM",
"url" : "https://src.chromium.org/viewvc/chrome?revision=279232&view=revision"
},
{
"name" : "RHSA-2014:1894",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1894.html"
},
{
"name" : "71160",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71160"
},
{
"name" : "1031241",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031241"
},
{
"name" : "60194",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60194"
},
{
"name" : "google-chrome-cve20147899-spoofing(98787)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98787"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031241",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031241"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=389734",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=389734"
},
{
"name": "RHSA-2014:1894",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1894.html"
},
{
"name": "71160",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71160"
},
{
"name": "60194",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60194"
},
{
"name": "google-chrome-cve20147899-spoofing(98787)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98787"
},
{
"name": "https://src.chromium.org/viewvc/chrome?revision=279232&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/chrome?revision=279232&view=revision"
},
{
"name": "http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html"
}
]
}
}

148
2014/7xxx/CVE-2014-7953.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7953",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by running \"pm install\" with the target apk, and simultaneously running a crafted script to process logcat's output looking for a dexopt line, which once found should execute bindBackupAgent with the uid member of the ApplicationInfo parameter set to 1000."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150417 CVE-2014-7953 Android backup agent code execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/535296/100/1100/threaded"
},
{
"name" : "20150417 CVE-2014-7953 Android backup agent code execution",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Apr/52"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/base/+/a8f6d1b%5E!/",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/base/+/a8f6d1b%5E!/"
},
{
"name" : "74213",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74213"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by running \"pm install\" with the target apk, and simultaneously running a crafted script to process logcat's output looking for a dexopt line, which once found should execute bindBackupAgent with the uid member of the ApplicationInfo parameter set to 1000."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/frameworks/base/+/a8f6d1b%5E!/",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/base/+/a8f6d1b%5E!/"
},
{
"name": "20150417 CVE-2014-7953 Android backup agent code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535296/100/1100/threaded"
},
{
"name": "20150417 CVE-2014-7953 Android backup agent code execution",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Apr/52"
},
{
"name": "74213",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74213"
}
]
}
}

128
2014/8xxx/CVE-2014-8014.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8014",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCub63710."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-8014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141217 Cisco IOS XR Software Malformed RSVP Packet Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8014"
},
{
"name" : "1031396",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031396"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCub63710."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031396",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031396"
},
{
"name": "20141217 Cisco IOS XR Software Malformed RSVP Packet Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8014"
}
]
}
}

128
2014/8xxx/CVE-2014-8756.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8756",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The NcrCtl4.NcrNet.1 control in Panasonic Network Camera Recorder before 4.04R03 allows remote attackers to execute arbitrary code via a crafted GetVOLHeader method call, which writes null bytes to an arbitrary address."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-363/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-363/"
},
{
"name" : "http://panasonic.net/pcc/cgi-bin/products/netwkcam/download_us/tbookmarka_m.cgi?m=%20&mm=2010073014092324",
"refsource" : "CONFIRM",
"url" : "http://panasonic.net/pcc/cgi-bin/products/netwkcam/download_us/tbookmarka_m.cgi?m=%20&mm=2010073014092324"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NcrCtl4.NcrNet.1 control in Panasonic Network Camera Recorder before 4.04R03 allows remote attackers to execute arbitrary code via a crafted GetVOLHeader method call, which writes null bytes to an arbitrary address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://panasonic.net/pcc/cgi-bin/products/netwkcam/download_us/tbookmarka_m.cgi?m=%20&mm=2010073014092324",
"refsource": "CONFIRM",
"url": "http://panasonic.net/pcc/cgi-bin/products/netwkcam/download_us/tbookmarka_m.cgi?m=%20&mm=2010073014092324"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-363/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-363/"
}
]
}
}

32
2014/8xxx/CVE-2014-8787.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8787",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8787",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2014/8xxx/CVE-2014-8860.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8860",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-8860",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

32
2014/8xxx/CVE-2014-8947.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8947",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8947",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

118
2016/2xxx/CVE-2016-2036.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2036",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to trigger a NULL pointer dereference via a \"GET HTTP/1.1\" request, aka SVE-2016-5036."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2036",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0001",
"refsource" : "MISC",
"url" : "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0001"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to trigger a NULL pointer dereference via a \"GET HTTP/1.1\" request, aka SVE-2016-5036."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0001",
"refsource": "MISC",
"url": "https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0001"
}
]
}
}

148
2016/2xxx/CVE-2016-2046.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2046",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160210 CVE-2016-2046 Cross Site Scripting in Sophos UTM 9",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/Feb/60"
},
{
"name" : "http://packetstormsecurity.com/files/135709/Sophos-UTM-9-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/135709/Sophos-UTM-9-Cross-Site-Scripting.html"
},
{
"name" : "http://www.halock.com/blog/cve-2016-2046-cross-site-scripting-sophos-utm-9/",
"refsource" : "MISC",
"url" : "http://www.halock.com/blog/cve-2016-2046-cross-site-scripting-sophos-utm-9/"
},
{
"name" : "1035048",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035048"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035048",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035048"
},
{
"name": "20160210 CVE-2016-2046 Cross Site Scripting in Sophos UTM 9",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Feb/60"
},
{
"name": "http://packetstormsecurity.com/files/135709/Sophos-UTM-9-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135709/Sophos-UTM-9-Cross-Site-Scripting.html"
},
{
"name": "http://www.halock.com/blog/cve-2016-2046-cross-site-scripting-sophos-utm-9/",
"refsource": "MISC",
"url": "http://www.halock.com/blog/cve-2016-2046-cross-site-scripting-sophos-utm-9/"
}
]
}
}

32
2016/2xxx/CVE-2016-2589.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2589",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2589",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

32
2016/2xxx/CVE-2016-2703.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2703",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2703",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

168
2016/2xxx/CVE-2016-2926.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2926",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2926",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21993444",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21993444"
},
{
"name" : "94146",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94146"
},
{
"name" : "1037276",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037276"
},
{
"name" : "1037277",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037277"
},
{
"name" : "1037278",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037278"
},
{
"name" : "1037279",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037279"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94146",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94146"
},
{
"name": "1037279",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037279"
},
{
"name": "1037277",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037277"
},
{
"name": "1037278",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037278"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21993444",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993444"
},
{
"name": "1037276",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037276"
}
]
}
}

168
2016/6xxx/CVE-2016-6264.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6264",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer signedness error in libc/string/arm/memset.S in uClibc and uClibc-ng before 1.0.16 allows context-dependent attackers to cause a denial of service (crash) via a negative length value to the memset function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160720 Re: CVE Request: uclibc-ng (and uclibc): ARM arch: code execution",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/07/21/2"
},
{
"name" : "[oss-security] 20160721 Re: CVE Request: uclibc-ng (and uclibc): ARM arch: code execution",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/07/21/6"
},
{
"name" : "[oss-security] 20160729 CVE Request: uclibc-ng (and uclibc): ARM arch: code execution",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/06/29/3"
},
{
"name" : "[uclibc-ng-devel] 20160526 uClibc-ng and uClibc memset bug, ARM",
"refsource" : "MLIST",
"url" : "http://mailman.uclibc-ng.org/pipermail/devel/2016-May/000890.html"
},
{
"name" : "[uclibc-ng-devel] 20160703 new release 1.0.16",
"refsource" : "MLIST",
"url" : "http://mailman.uclibc-ng.org/pipermail/devel/2016-July/001067.html"
},
{
"name" : "91492",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91492"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in libc/string/arm/memset.S in uClibc and uClibc-ng before 1.0.16 allows context-dependent attackers to cause a denial of service (crash) via a negative length value to the memset function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160729 CVE Request: uclibc-ng (and uclibc): ARM arch: code execution",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/29/3"
},
{
"name": "91492",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91492"
},
{
"name": "[oss-security] 20160720 Re: CVE Request: uclibc-ng (and uclibc): ARM arch: code execution",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/2"
},
{
"name": "[oss-security] 20160721 Re: CVE Request: uclibc-ng (and uclibc): ARM arch: code execution",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/6"
},
{
"name": "[uclibc-ng-devel] 20160526 uClibc-ng and uClibc memset bug, ARM",
"refsource": "MLIST",
"url": "http://mailman.uclibc-ng.org/pipermail/devel/2016-May/000890.html"
},
{
"name": "[uclibc-ng-devel] 20160703 new release 1.0.16",
"refsource": "MLIST",
"url": "http://mailman.uclibc-ng.org/pipermail/devel/2016-July/001067.html"
}
]
}
}

138
2017/18xxx/CVE-2017-18300.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2017-18300",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
{
"version_value" : "MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SDA660"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Secure display content could be accessed by third party trusted application after creating a fault in other trusted applications in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SDA660."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Exposure in Trust Zone"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-18300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SDA660"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components"
},
{
"name" : "https://www.qualcomm.com/company/product-security/bulletins",
"refsource" : "CONFIRM",
"url" : "https://www.qualcomm.com/company/product-security/bulletins"
},
{
"name" : "1041432",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041432"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Secure display content could be accessed by third party trusted application after creating a fault in other trusted applications in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SDA660."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure in Trust Zone"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
},
{
"name": "1041432",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041432"
},
{
"name": "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components"
}
]
}
}

32
2017/1xxx/CVE-2017-1078.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1078",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1078",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

168
2017/5xxx/CVE-2017-5076.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-5076",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Google Chrome prior to 59.0.3071.86 for Mac, Windows and Linux, and 59.0.3071.92 for Android",
"version" : {
"version_data" : [
{
"version_value" : "Google Chrome prior to 59.0.3071.86 for Mac, Windows and Linux, and 59.0.3071.92 for Android"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insufficient Policy Enforcement"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 59.0.3071.86 for Mac, Windows and Linux, and 59.0.3071.92 for Android",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 59.0.3071.86 for Mac, Windows and Linux, and 59.0.3071.92 for Android"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html",
"refsource" : "MISC",
"url" : "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html"
},
{
"name" : "https://crbug.com/719199",
"refsource" : "MISC",
"url" : "https://crbug.com/719199"
},
{
"name" : "GLSA-201706-20",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201706-20"
},
{
"name" : "RHSA-2017:1399",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1399"
},
{
"name" : "98861",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98861"
},
{
"name" : "1038622",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038622"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient Policy Enforcement"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/719199",
"refsource": "MISC",
"url": "https://crbug.com/719199"
},
{
"name": "98861",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98861"
},
{
"name": "RHSA-2017:1399",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1399"
},
{
"name": "1038622",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038622"
},
{
"name": "GLSA-201706-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-20"
},
{
"name": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html"
}
]
}
}

168
2017/5xxx/CVE-2017-5206.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5206",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170107 Re: Firejail local root exploit",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/07/5"
},
{
"name" : "https://blog.lizzie.io/linux-containers-in-500-loc.html#fn.51",
"refsource" : "MISC",
"url" : "https://blog.lizzie.io/linux-containers-in-500-loc.html#fn.51"
},
{
"name" : "https://firejail.wordpress.com/download-2/release-notes/",
"refsource" : "CONFIRM",
"url" : "https://firejail.wordpress.com/download-2/release-notes/"
},
{
"name" : "https://github.com/netblue30/firejail/commit/6b8dba29d73257311564ee7f27b9b14758cc693e",
"refsource" : "CONFIRM",
"url" : "https://github.com/netblue30/firejail/commit/6b8dba29d73257311564ee7f27b9b14758cc693e"
},
{
"name" : "GLSA-201701-62",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-62"
},
{
"name" : "97120",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97120"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170107 Re: Firejail local root exploit",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/07/5"
},
{
"name": "https://blog.lizzie.io/linux-containers-in-500-loc.html#fn.51",
"refsource": "MISC",
"url": "https://blog.lizzie.io/linux-containers-in-500-loc.html#fn.51"
},
{
"name": "GLSA-201701-62",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-62"
},
{
"name": "https://github.com/netblue30/firejail/commit/6b8dba29d73257311564ee7f27b9b14758cc693e",
"refsource": "CONFIRM",
"url": "https://github.com/netblue30/firejail/commit/6b8dba29d73257311564ee7f27b9b14758cc693e"
},
{
"name": "97120",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97120"
},
{
"name": "https://firejail.wordpress.com/download-2/release-notes/",
"refsource": "CONFIRM",
"url": "https://firejail.wordpress.com/download-2/release-notes/"
}
]
}
}

32
2017/5xxx/CVE-2017-5513.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5513",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5513",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

128
2017/5xxx/CVE-2017-5598.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5598",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in eClinicalWorks healow@work 8.0 build 8. This is a blind SQL injection within the EmployeePortalServlet, which can be exploited by un-authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects the EmployeePortalServlet page and the following parameter: employer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5598",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://gist.github.com/malerisch/ded4d6e6e980667ee9f7fc7f2818f4fa",
"refsource" : "MISC",
"url" : "https://gist.github.com/malerisch/ded4d6e6e980667ee9f7fc7f2818f4fa"
},
{
"name" : "95836",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95836"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in eClinicalWorks healow@work 8.0 build 8. This is a blind SQL injection within the EmployeePortalServlet, which can be exploited by un-authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects the EmployeePortalServlet page and the following parameter: employer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/malerisch/ded4d6e6e980667ee9f7fc7f2818f4fa",
"refsource": "MISC",
"url": "https://gist.github.com/malerisch/ded4d6e6e980667ee9f7fc7f2818f4fa"
},
{
"name": "95836",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95836"
}
]
}
}

140
2017/5xxx/CVE-2017-5813.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"DATE_PUBLIC" : "2017-05-04T00:00:00",
"ID" : "CVE-2017-5813",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Network Automation",
"version" : {
"version_data" : [
{
"version_value" : "9.1x, 9.2x, 10.0x, 10.1x and 10.2x"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote unauthenticated access vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote unauthenticated access"
}
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2017-05-04T00:00:00",
"ID": "CVE-2017-5813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Network Automation",
"version": {
"version_data": [
{
"version_value": "9.1x, 9.2x, 10.0x, 10.1x and 10.2x"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03740en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03740en_us"
},
{
"name" : "98331",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98331"
},
{
"name" : "1038407",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038407"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote unauthenticated access vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote unauthenticated access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03740en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03740en_us"
},
{
"name": "98331",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98331"
},
{
"name": "1038407",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038407"
}
]
}
}