admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:24:57 +00:00
parent 12fb3d699e
commit 1f96c1fe9d
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
55 changed files with 4051 additions and 4051 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

180
2006/0xxx/CVE-2006-0239.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0239", "ID": "CVE-2006-0239",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Simple Blog 2.1 allow remote attackers to inject arbitrary web script or HTML via (1) a comment to comments.asp and (2) possibly certain other fields in unspecified scripts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060114 [HSC Security Group] Multiple SQL injection/XSS in SimpleBlog 2.1", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/422102/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in Simple Blog 2.1 allow remote attackers to inject arbitrary web script or HTML via (1) a comment to comments.asp and (2) possibly certain other fields in unspecified scripts."
{ }
"name" : "http://www.hackerscenter.com/archive/view.asp?id=21926", ]
"refsource" : "MISC", },
"url" : "http://www.hackerscenter.com/archive/view.asp?id=21926" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16243", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16243" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-0194", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/0194" ]
}, },
{ "references": {
"name" : "22448", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22448" "name": "ADV-2006-0194",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/0194"
"name" : "18488", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18488" "name": "http://www.hackerscenter.com/archive/view.asp?id=21926",
}, "refsource": "MISC",
{ "url": "http://www.hackerscenter.com/archive/view.asp?id=21926"
"name" : "simpleblog-comment-xss(24154)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24154" "name": "16243",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/16243"
} },
} {
"name": "22448",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22448"
},
{
"name": "simpleblog-comment-xss(24154)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24154"
},
{
"name": "20060114 [HSC Security Group] Multiple SQL injection/XSS in SimpleBlog 2.1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422102/100/0/threaded"
},
{
"name": "18488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18488"
}
]
}
}

210
2006/0xxx/CVE-2006-0259.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0259", "ID": "CVE-2006-0259",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Oracle Database server 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB04 and (2) DB06 in the (a) Data Pump component; (3) DB10 in the (b) Net Listener component; and (4) DB16 in the (c) Oracle Text component. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that DB06 is SQL injection in the GENERATE_JOB_NAME, GET_WORKERSTATUSLIST1010, GET_PARAMVALUES1010, GET_DUMPFILESET1010, GET_JOBSTATUS1010, ATTACH, and ESTABLISH_REMOTE_CONTEXT functions in DBMS_DATAPUMP."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in Oracle Database server 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB04 and (2) DB06 in the (a) Data Pump component; (3) DB10 in the (b) Net Listener component; and (4) DB16 in the (c) Oracle Text component. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that DB06 is SQL injection in the GENERATE_JOB_NAME, GET_WORKERSTATUSLIST1010, GET_PARAMVALUES1010, GET_DUMPFILESET1010, GET_JOBSTATUS1010, ATTACH, and ESTABLISH_REMOTE_CONTEXT functions in DBMS_DATAPUMP."
{ }
"name" : "VU#545804", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/545804" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16287", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16287" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-0243", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/0243" ]
}, },
{ "references": {
"name" : "ADV-2006-0323", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0323" "name": "oracle-january2006-update(24321)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
"name" : "22544", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22544" "name": "18493",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18493"
"name" : "1015499", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015499" "name": "ADV-2006-0323",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/0323"
"name" : "18493", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18493" "name": "16287",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/16287"
"name" : "18608", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18608" "name": "VU#545804",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/545804"
"name" : "oracle-january2006-update(24321)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321" "name": "1015499",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1015499"
} },
} {
"name": "ADV-2006-0243",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"name": "22544",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22544"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18608"
}
]
}
}

180
2006/0xxx/CVE-2006-0343.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0343", "ID": "CVE-2006-0343",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Port Discovery Standard and Advanced features in Hitachi JP1/NetInsight II allows attackers to stop the Port Discovery service via unknown vectors involving \"invalid format data\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.hitachi-support.com/security_e/vuls_e/HS05-027_e/index-e.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.hitachi-support.com/security_e/vuls_e/HS05-027_e/index-e.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Port Discovery Standard and Advanced features in Hitachi JP1/NetInsight II allows attackers to stop the Port Discovery service via unknown vectors involving \"invalid format data\"."
{ }
"name" : "16327", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/16327" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-0267", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0267" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "22676", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/22676" ]
}, },
{ "references": {
"name" : "1015520", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015520" "name": "16327",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/16327"
"name" : "18538", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18538" "name": "http://www.hitachi-support.com/security_e/vuls_e/HS05-027_e/index-e.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.hitachi-support.com/security_e/vuls_e/HS05-027_e/index-e.html"
"name" : "hitachi-jp1netinsight-port-dos(24243)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24243" "name": "hitachi-jp1netinsight-port-dos(24243)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24243"
} },
} {
"name": "ADV-2006-0267",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0267"
},
{
"name": "22676",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22676"
},
{
"name": "1015520",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015520"
},
{
"name": "18538",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18538"
}
]
}
}

170
2006/0xxx/CVE-2006-0570.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0570", "ID": "CVE-2006-0570",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in phpstatus 1.0, when gpc_magic_quotes is disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the username parameter in check.php and (2) unknown attack vectors in the administrative interface."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060212 [eVuln] phpstatus Authentication Bypass", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/424842/100/0/threaded" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in phpstatus 1.0, when gpc_magic_quotes is disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the username parameter in check.php and (2) unknown attack vectors in the administrative interface."
{ }
"name" : "http://evuln.com/vulns/61/summary.html", ]
"refsource" : "MISC", },
"url" : "http://evuln.com/vulns/61/summary.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16587", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16587" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-0450", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/0450" ]
}, },
{ "references": {
"name" : "18791", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18791" "name": "http://evuln.com/vulns/61/summary.html",
}, "refsource": "MISC",
{ "url": "http://evuln.com/vulns/61/summary.html"
"name" : "427", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/427" "name": "18791",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/18791"
} },
} {
"name": "16587",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16587"
},
{
"name": "427",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/427"
},
{
"name": "20060212 [eVuln] phpstatus Authentication Bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424842/100/0/threaded"
},
{
"name": "ADV-2006-0450",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0450"
}
]
}
}

180
2006/0xxx/CVE-2006-0984.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0984", "ID": "CVE-2006-0984",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in inc_header.php in EJ3 TOPo 2.2.178 allows remote attackers to inject arbitrary web script or HTML via the gTopNombre parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060228 EJ3 TOPo - Cross Site Scripting Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/426318/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in inc_header.php in EJ3 TOPo 2.2.178 allows remote attackers to inject arbitrary web script or HTML via the gTopNombre parameter."
{ }
"name" : "16879", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/16879" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-0775", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0775" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "23541", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/23541" ]
}, },
{ "references": {
"name" : "19070", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19070" "name": "19070",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19070"
"name" : "511", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/511" "name": "16879",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/16879"
"name" : "topo-incheader-xss(24980)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24980" "name": "ADV-2006-0775",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/0775"
} },
} {
"name": "23541",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23541"
},
{
"name": "topo-incheader-xss(24980)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24980"
},
{
"name": "20060228 EJ3 TOPo - Cross Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426318/100/0/threaded"
},
{
"name": "511",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/511"
}
]
}
}

140
2006/1xxx/CVE-2006-1376.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1376", "ID": "CVE-2006-1376",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The installation of Debian GNU/Linux 3.1r1 from the network install CD creates /var/log/debian-installer/cdebconf with world writable permissions, which allows local users to cause a denial of service (disk consumption)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358210", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358210" "lang": "eng",
}, "value": "The installation of Debian GNU/Linux 3.1r1 from the network install CD creates /var/log/debian-installer/cdebconf with world writable permissions, which allows local users to cause a denial of service (disk consumption)."
{ }
"name" : "19331", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/19331" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "debian-cdebconf-world-writable(25526)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25526" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358210",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358210"
},
{
"name": "19331",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19331"
},
{
"name": "debian-cdebconf-world-writable(25526)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25526"
}
]
}
}

230
2006/1xxx/CVE-2006-1992.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1992", "ID": "CVE-2006-1992",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. NOTE: the possibility of code execution was originally theorized, but Microsoft has stated that this issue is non-exploitable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060422 MSIE (mshtml.dll) OBJECT tag vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/431796/100/0/threaded" "lang": "eng",
}, "value": "mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. NOTE: the possibility of code execution was originally theorized, but Microsoft has stated that this issue is non-exploitable."
{ }
"name" : "20060422 Re: MSIE (mshtml.dll) OBJECT tag vulnerability", ]
"refsource" : "FULLDISC", },
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0616.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20060423 MSIE (mshtml.dll) OBJECT tag vulnerability", "description": [
"refsource" : "FULLDISC", {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045422.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MS06-021", ]
"refsource" : "MS", }
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021" ]
}, },
{ "references": {
"name" : "17658", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17658" "name": "20060423 MSIE (mshtml.dll) OBJECT tag vulnerability",
}, "refsource": "FULLDISC",
{ "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045422.html"
"name" : "ADV-2006-1507", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1507" "name": "781",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/781"
"name" : "27475", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27475" "name": "1016001",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016001"
"name" : "1016001", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016001" "name": "1016291",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016291"
"name" : "1016291", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016291" "name": "20060422 MSIE (mshtml.dll) OBJECT tag vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/431796/100/0/threaded"
"name" : "19762", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19762" "name": "27475",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/27475"
"name" : "781", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/781" "name": "20060422 Re: MSIE (mshtml.dll) OBJECT tag vulnerability",
}, "refsource": "FULLDISC",
{ "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0616.html"
"name" : "ie-object-memory-corruption(25978)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25978" "name": "ADV-2006-1507",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/1507"
} },
} {
"name": "MS06-021",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021"
},
{
"name": "19762",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19762"
},
{
"name": "ie-object-memory-corruption(25978)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25978"
},
{
"name": "17658",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17658"
}
]
}
}

140
2006/3xxx/CVE-2006-3220.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3220", "ID": "CVE-2006-3220",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in studienplatztausch.php in Woltlab Burning Board (WBB) 2.2.1 allows remote attackers to execute arbitrary SQL commands via the sid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060614 wbb<<--v 2.2.1 \"studienplatztausch.php\" SQL injection", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/437115/100/100/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in studienplatztausch.php in Woltlab Burning Board (WBB) 2.2.1 allows remote attackers to execute arbitrary SQL commands via the sid parameter."
{ }
"name" : "1142", ]
"refsource" : "SREASON", },
"url" : "http://securityreason.com/securityalert/1142" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "wbb-studienplatztausch-sql-injection(27141)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27141" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "wbb-studienplatztausch-sql-injection(27141)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27141"
},
{
"name": "1142",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1142"
},
{
"name": "20060614 wbb<<--v 2.2.1 \"studienplatztausch.php\" SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437115/100/100/threaded"
}
]
}
}

520
2006/3xxx/CVE-2006-3460.json
View File

@ -1,262 +1,262 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2006-3460", "ID": "CVE-2006-3460",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line size (TiffScanLineSize)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://issues.rpath.com/browse/RPL-558", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://issues.rpath.com/browse/RPL-558" "lang": "eng",
}, "value": "Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line size (TiffScanLineSize)."
{ }
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm", ]
"refsource" : "CONFIRM", },
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-1137", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1137" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-200608-07", ]
"refsource" : "GENTOO", }
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml" ]
}, },
{ "references": {
"name" : "MDKSA-2006:136", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:136" "name": "20060801-01-P",
}, "refsource": "SGI",
{ "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"
"name" : "MDKSA-2006:137", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:137" "name": "ADV-2007-3486",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/3486"
"name" : "RHSA-2006:0603", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0603.html" "name": "21501",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21501"
"name" : "RHSA-2006:0648", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0648.html" "name": "MDKSA-2006:136",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:136"
"name" : "20060801-01-P", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P" "name": "21537",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21537"
"name" : "20060901-01-P", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc" "name": "21632",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21632"
"name" : "SSA:2006-230-01", },
"refsource" : "SLACKWARE", {
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600" "name": "GLSA-200608-07",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml"
"name" : "103160", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1" "name": "21338",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21338"
"name" : "201331", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1" "name": "USN-330-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-330-1"
"name" : "SUSE-SA:2006:044", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2006_44_libtiff.html" "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm"
"name" : "2006-0044", },
"refsource" : "TRUSTIX", {
"url" : "http://lwn.net/Alerts/194228/" "name": "ADV-2006-3101",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3101"
"name" : "USN-330-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-330-1" "name": "1016628",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016628"
"name" : "19289", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/19289" "name": "DSA-1137",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1137"
"name" : "19288", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/19288" "name": "21370",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21370"
"name" : "oval:org.mitre.oval:def:11265", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11265" "name": "21598",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21598"
"name" : "ADV-2006-3105", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3105" "name": "RHSA-2006:0648",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0648.html"
"name" : "ADV-2006-3101", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3101" "name": "MDKSA-2006:137",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:137"
"name" : "ADV-2007-3486", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/3486" "name": "19289",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/19289"
"name" : "ADV-2007-4034", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/4034" "name": "27222",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/27222"
"name" : "1016628", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016628" "name": "ADV-2007-4034",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/4034"
"name" : "21370", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21370" "name": "SUSE-SA:2006:044",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2006_44_libtiff.html"
"name" : "21274", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21274" "name": "21290",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21290"
"name" : "21290", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21290" "name": "21274",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21274"
"name" : "21334", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21334" "name": "ADV-2006-3105",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3105"
"name" : "21392", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21392" "name": "27181",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/27181"
"name" : "21501", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21501" "name": "RHSA-2006:0603",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0603.html"
"name" : "21537", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21537" "name": "20060901-01-P",
}, "refsource": "SGI",
{ "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
"name" : "21632", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21632" "name": "21304",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21304"
"name" : "21598", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21598" "name": "SSA:2006-230-01",
}, "refsource": "SLACKWARE",
{ "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600"
"name" : "22036", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22036" "name": "https://issues.rpath.com/browse/RPL-558",
}, "refsource": "CONFIRM",
{ "url": "https://issues.rpath.com/browse/RPL-558"
"name" : "21304", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21304" "name": "27832",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/27832"
"name" : "21319", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21319" "name": "21346",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21346"
"name" : "21338", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21338" "name": "201331",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1"
"name" : "21346", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21346" "name": "oval:org.mitre.oval:def:11265",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11265"
"name" : "27181", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27181" "name": "21319",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21319"
"name" : "27222", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27222" "name": "21392",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21392"
"name" : "27832", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27832" "name": "21334",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/21334"
} },
} {
"name": "19288",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19288"
},
{
"name": "22036",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22036"
},
{
"name": "2006-0044",
"refsource": "TRUSTIX",
"url": "http://lwn.net/Alerts/194228/"
},
{
"name": "103160",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1"
}
]
}
}

200
2006/3xxx/CVE-2006-3904.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3904", "ID": "CVE-2006-3904",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://retrogod.altervista.org/etomite_061_sql.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://retrogod.altervista.org/etomite_061_sql.html" "lang": "eng",
}, "value": "SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter."
{ }
"name" : "http://www.etomite.org/forums/index.php?showtopic=5706&st=0&p=35307&#entry35307", ]
"refsource" : "CONFIRM", },
"url" : "http://www.etomite.org/forums/index.php?showtopic=5706&st=0&p=35307&#entry35307" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "2071", "description": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2071" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "19150", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/19150" ]
}, },
{ "references": {
"name" : "ADV-2006-2961", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2961" "name": "19150",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/19150"
"name" : "27485", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27485" "name": "http://www.etomite.org/forums/index.php?showtopic=5706&st=0&p=35307&#entry35307",
}, "refsource": "CONFIRM",
{ "url": "http://www.etomite.org/forums/index.php?showtopic=5706&st=0&p=35307&#entry35307"
"name" : "1016594", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016594" "name": "21167",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21167"
"name" : "21167", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21167" "name": "ADV-2006-2961",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/2961"
"name" : "etomite-username-sql-injection(27943)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27943" "name": "2071",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/2071"
} },
} {
"name": "etomite-username-sql-injection(27943)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27943"
},
{
"name": "27485",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27485"
},
{
"name": "http://retrogod.altervista.org/etomite_061_sql.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/etomite_061_sql.html"
},
{
"name": "1016594",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016594"
}
]
}
}

170
2006/4xxx/CVE-2006-4449.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4449", "ID": "CVE-2006-4449",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rendered by Internet Explorer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060825 MyBB Html Injection ( XSS )", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/444414/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rendered by Internet Explorer."
{ }
"name" : "http://www.mybboard.com/archive.php?nid=18", ]
"refsource" : "CONFIRM", },
"url" : "http://www.mybboard.com/archive.php?nid=18" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "19718", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/19718" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "21645", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/21645" ]
}, },
{ "references": {
"name" : "1469", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1469" "name": "20060825 MyBB Html Injection ( XSS )",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/444414/100/0/threaded"
"name" : "mybb-attachment-xss(28587)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28587" "name": "1469",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/1469"
} },
} {
"name": "21645",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21645"
},
{
"name": "19718",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19718"
},
{
"name": "mybb-attachment-xss(28587)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28587"
},
{
"name": "http://www.mybboard.com/archive.php?nid=18",
"refsource": "CONFIRM",
"url": "http://www.mybboard.com/archive.php?nid=18"
}
]
}
}

150
2010/2xxx/CVE-2010-2680.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2680", "ID": "CVE-2010-2680",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "14064", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/14064" "lang": "eng",
}, "value": "Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php."
{ }
"name" : "http://packetstormsecurity.org/1006-exploits/joomlajesectionfinder-lfi.txt", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.org/1006-exploits/joomlajesectionfinder-lfi.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "41163", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/41163" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "jesectionfinder-view-file-include(59796)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59796" ]
} },
] "references": {
} "reference_data": [
} {
"name": "41163",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41163"
},
{
"name": "14064",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14064"
},
{
"name": "jesectionfinder-view-file-include(59796)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59796"
},
{
"name": "http://packetstormsecurity.org/1006-exploits/joomlajesectionfinder-lfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1006-exploits/joomlajesectionfinder-lfi.txt"
}
]
}
}

170
2010/2xxx/CVE-2010-2720.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2720", "ID": "CVE-2010-2720",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in list.php in phpaaCms 0.3.1 UTF-8, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "14201", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/14201" "lang": "eng",
}, "value": "SQL injection vulnerability in list.php in phpaaCms 0.3.1 UTF-8, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information."
{ }
"name" : "41341", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/41341" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "65995", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/65995" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "40450", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/40450" ]
}, },
{ "references": {
"name" : "ADV-2010-1690", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1690" "name": "14201",
}, "refsource": "EXPLOIT-DB",
{ "url": "http://www.exploit-db.com/exploits/14201"
"name" : "phpaacms-list-sql-injection(60076)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60076" "name": "65995",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/65995"
} },
} {
"name": "ADV-2010-1690",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1690"
},
{
"name": "phpaacms-list-sql-injection(60076)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60076"
},
{
"name": "40450",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40450"
},
{
"name": "41341",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41341"
}
]
}
}

34
2010/2xxx/CVE-2010-2735.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2010-2735", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2010-2735",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
} }
] ]
} }
} }

220
2010/2xxx/CVE-2010-2756.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2756", "ID": "CVE-2010-2756",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.bugzilla.org/security/3.2.7/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.bugzilla.org/security/3.2.7/" "lang": "eng",
}, "value": "Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=417048", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=417048" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=623423", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=623423" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2010-13072", ]
"refsource" : "FEDORA", }
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html" ]
}, },
{ "references": {
"name" : "FEDORA-2010-13086", "reference_data": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html" "name": "ADV-2010-2035",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/2035"
"name" : "FEDORA-2010-13171", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html" "name": "FEDORA-2010-13072",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html"
"name" : "42275", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/42275" "name": "FEDORA-2010-13171",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html"
"name" : "40892", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40892" "name": "40892",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/40892"
"name" : "41128", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41128" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=623423",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=623423"
"name" : "ADV-2010-2035", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2035" "name": "FEDORA-2010-13086",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html"
"name" : "ADV-2010-2205", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2205" "name": "42275",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/42275"
} },
} {
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=417048",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=417048"
},
{
"name": "http://www.bugzilla.org/security/3.2.7/",
"refsource": "CONFIRM",
"url": "http://www.bugzilla.org/security/3.2.7/"
},
{
"name": "41128",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41128"
},
{
"name": "ADV-2010-2205",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2205"
}
]
}
}

170
2010/2xxx/CVE-2010-2770.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2770", "ID": "CVE-2010-2770",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Mac OS X allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted font in a data: URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-58.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-58.html" "lang": "eng",
}, "value": "Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Mac OS X allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted font in a data: URL."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=583520", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=583520" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SA:2010:049", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:11550", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11550" ]
}, },
{ "references": {
"name" : "ADV-2010-2323", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2323" "name": "SUSE-SA:2010:049",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html"
"name" : "mozilla-font-code-execution(61663)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61663" "name": "oval:org.mitre.oval:def:11550",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11550"
} },
} {
"name": "ADV-2010-2323",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2323"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=583520",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=583520"
},
{
"name": "mozilla-font-code-execution(61663)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61663"
},
{
"name": "http://www.mozilla.org/security/announce/2010/mfsa2010-58.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-58.html"
}
]
}
}

150
2010/2xxx/CVE-2010-2905.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2905", "ID": "CVE-2010-2905",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in info.php in ScriptsFeed and BrotherScripts (BS) Scripts Directory allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "14370", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/14370" "lang": "eng",
}, "value": "SQL injection vulnerability in info.php in ScriptsFeed and BrotherScripts (BS) Scripts Directory allows remote attackers to execute arbitrary SQL commands via the id parameter."
{ }
"name" : "41733", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/41733" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "40463", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40463" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "scriptsdirectory-search-sql-injection(60073)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60073" ]
} },
] "references": {
} "reference_data": [
} {
"name": "41733",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41733"
},
{
"name": "40463",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40463"
},
{
"name": "scriptsdirectory-search-sql-injection(60073)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60073"
},
{
"name": "14370",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14370"
}
]
}
}

140
2010/3xxx/CVE-2010-3235.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2010-3235", "ID": "CVE-2010-3235",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka \"Formula Biff Record Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS10-080", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080" "lang": "eng",
}, "value": "Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka \"Formula Biff Record Vulnerability.\""
{ }
"name" : "TA10-285A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-285A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:7028", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7028" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "MS10-080",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-080"
},
{
"name": "oval:org.mitre.oval:def:7028",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7028"
},
{
"name": "TA10-285A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
}
]
}
}

140
2010/3xxx/CVE-2010-3249.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3249", "ID": "CVE-2010-3249",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 6.0.472.53 does not properly implement SVG filters, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a \"stale pointer\" issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=45659", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=45659" "lang": "eng",
}, "value": "Google Chrome before 6.0.472.53 does not properly implement SVG filters, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a \"stale pointer\" issue."
{ }
"name" : "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:12211", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12211" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/chromium/issues/detail?id=45659",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=45659"
},
{
"name": "oval:org.mitre.oval:def:12211",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12211"
},
{
"name": "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html"
}
]
}
}

130
2010/3xxx/CVE-2010-3578.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2010-3578", "ID": "CVE-2010-3578",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle OpenSolaris allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depot Server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle OpenSolaris allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depot Server."
{ }
"name" : "TA10-287A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name": "TA10-287A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
}
]
}
}

150
2010/3xxx/CVE-2010-3756.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3756", "ID": "CVE-2010-3756",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The _CalcHashValueWithLength function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 does not properly validate an unspecified length value, which allows remote attackers to cause a denial of service (daemon crash) by sending data over TCP. NOTE: this might overlap CVE-2010-3060."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100929 ZDI-10-186: IBM TSM FastBack _CalcHashValueWithLength Remote Denial of Service Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/514070/100/0/threaded" "lang": "eng",
}, "value": "The _CalcHashValueWithLength function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 does not properly validate an unspecified length value, which allows remote attackers to cause a denial of service (daemon crash) by sending data over TCP. NOTE: this might overlap CVE-2010-3060."
{ }
"name" : "http://zerodayinitiative.com/advisories/ZDI-10-186/", ]
"refsource" : "MISC", },
"url" : "http://zerodayinitiative.com/advisories/ZDI-10-186/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21443820", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21443820" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "IC69883", ]
"refsource" : "AIXAPAR", }
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20100929 ZDI-10-186: IBM TSM FastBack _CalcHashValueWithLength Remote Denial of Service Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514070/100/0/threaded"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21443820",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21443820"
},
{
"name": "IC69883",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-10-186/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-10-186/"
}
]
}
}

170
2010/4xxx/CVE-2010-4274.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4274", "ID": "CVE-2010-4274",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "reset_diragent_keys in the Common agent in IBM Systems Director 6.2.0 has 754 permissions, which allows local users to gain privileges by leveraging system group membership."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "IC71821", "description_data": [
"refsource" : "AIXAPAR", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=isg1IC71821" "lang": "eng",
}, "value": "reset_diragent_keys in the Common agent in IBM Systems Director 6.2.0 has 754 permissions, which allows local users to gain privileges by leveraging system group membership."
{ }
"name" : "44839", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/44839" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1024736", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1024736" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "42239", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/42239" ]
}, },
{ "references": {
"name" : "ADV-2010-2978", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2978" "name": "42239",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42239"
"name" : "systems-director-resetdiragent-sec-bypass(63238)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63238" "name": "IC71821",
} "refsource": "AIXAPAR",
] "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IC71821"
} },
} {
"name": "ADV-2010-2978",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2978"
},
{
"name": "1024736",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024736"
},
{
"name": "44839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44839"
},
{
"name": "systems-director-resetdiragent-sec-bypass(63238)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63238"
}
]
}
}

200
2010/4xxx/CVE-2010-4463.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2010-4463", "ID": "CVE-2010-4463",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 21 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 21 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment."
{ }
"name" : "HPSBMU02797", ]
"refsource" : "HP", },
"url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SSRT100867", "description": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "HPSBMU02799", ]
"refsource" : "HP", }
"url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" ]
}, },
{ "references": {
"name" : "RHSA-2011:0282", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0282.html" "name": "HPSBMU02799",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
"name" : "RHSA-2011:0880", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0880.html" "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html"
"name" : "oval:org.mitre.oval:def:12899", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12899" "name": "44954",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/44954"
"name" : "oval:org.mitre.oval:def:13777", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13777" "name": "RHSA-2011:0880",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
"name" : "44954", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/44954" "name": "RHSA-2011:0282",
} "refsource": "REDHAT",
] "url": "http://www.redhat.com/support/errata/RHSA-2011-0282.html"
} },
} {
"name": "SSRT100867",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name": "oval:org.mitre.oval:def:12899",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12899"
},
{
"name": "oval:org.mitre.oval:def:13777",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13777"
},
{
"name": "HPSBMU02797",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
}
]
}
}

34
2011/1xxx/CVE-2011-1070.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1070", "ID": "CVE-2011-1070",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

220
2011/1xxx/CVE-2011-1237.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2011-1237", "ID": "CVE-2011-1237",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other \"Vulnerability Type 1\" CVEs listed in MS11-034, aka \"Win32k Use After Free Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx", "description_data": [
"refsource" : "MISC", {
"url" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx" "lang": "eng",
}, "value": "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other \"Vulnerability Type 1\" CVEs listed in MS11-034, aka \"Win32k Use After Free Vulnerability.\""
{ }
"name" : "http://support.avaya.com/css/P8/documents/100133352", ]
"refsource" : "CONFIRM", },
"url" : "http://support.avaya.com/css/P8/documents/100133352" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MS11-034", "description": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "TA11-102A", ]
"refsource" : "CERT", }
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" ]
}, },
{ "references": {
"name" : "47214", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/47214" "name": "mswin-win32k-var25-priv-escalation(66419)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66419"
"name" : "71752", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/71752" "name": "TA11-102A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
"name" : "oval:org.mitre.oval:def:12467", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12467" "name": "71752",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/71752"
"name" : "1025345", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1025345" "name": "47214",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/47214"
"name" : "44156", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/44156" "name": "MS11-034",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034"
"name" : "ADV-2011-0952", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0952" "name": "ADV-2011-0952",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0952"
"name" : "mswin-win32k-var25-priv-escalation(66419)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66419" "name": "http://support.avaya.com/css/P8/documents/100133352",
} "refsource": "CONFIRM",
] "url": "http://support.avaya.com/css/P8/documents/100133352"
} },
} {
"name": "oval:org.mitre.oval:def:12467",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12467"
},
{
"name": "44156",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44156"
},
{
"name": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx",
"refsource": "MISC",
"url": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx"
},
{
"name": "1025345",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025345"
}
]
}
}

200
2011/1xxx/CVE-2011-1429.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1429", "ID": "CVE-2011-1429",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110308 Mutt: failure to check server certificate in SMTP TLS connection", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2011/Mar/87" "lang": "eng",
}, "value": "Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766."
{ }
"name" : "FEDORA-2011-7739", ]
"refsource" : "FEDORA", },
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061353.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2011-7751", "description": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061356.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2011-7756", ]
"refsource" : "FEDORA", }
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061461.html" ]
}, },
{ "references": {
"name" : "RHSA-2011:0959", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0959.html" "name": "RHSA-2011:0959",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0959.html"
"name" : "46803", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/46803" "name": "44937",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/44937"
"name" : "44937", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/44937" "name": "8143",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/8143"
"name" : "8143", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/8143" "name": "mutt-smtptls-weak-security(66015)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66015"
"name" : "mutt-smtptls-weak-security(66015)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66015" "name": "20110308 Mutt: failure to check server certificate in SMTP TLS connection",
} "refsource": "FULLDISC",
] "url": "http://seclists.org/fulldisclosure/2011/Mar/87"
} },
} {
"name": "FEDORA-2011-7751",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061356.html"
},
{
"name": "FEDORA-2011-7739",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061353.html"
},
{
"name": "FEDORA-2011-7756",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061461.html"
},
{
"name": "46803",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46803"
}
]
}
}

150
2011/1xxx/CVE-2011-1587.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-1587", "ID": "CVE-2011-1587",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? (question mark) in a query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[mediawiki-announce] 20110414 MediaWiki security release 1.16.4", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000097.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? (question mark) in a query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578."
{ }
"name" : "[oss-security] 20110418 Re: CVE request: mediawiki 1.16.4, incomplete fix of CVE-2011-1578", ]
"refsource" : "MLIST", },
"url" : "http://openwall.com/lists/oss-security/2011/04/18/5" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=696360", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=696360" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2366", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2011/dsa-2366" ]
} },
] "references": {
} "reference_data": [
} {
"name": "[oss-security] 20110418 Re: CVE request: mediawiki 1.16.4, incomplete fix of CVE-2011-1578",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/18/5"
},
{
"name": "DSA-2366",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2366"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=696360",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=696360"
},
{
"name": "[mediawiki-announce] 20110414 MediaWiki security release 1.16.4",
"refsource": "MLIST",
"url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-April/000097.html"
}
]
}
}

170
2011/1xxx/CVE-2011-1658.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1658", "ID": "CVE-2011-1658",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a (1) setuid or (2) setgid program with this RPATH value, and then executing the program with a crafted value for the LD_PRELOAD environment variable, a different vulnerability than CVE-2010-3847 and CVE-2011-0536. NOTE: it is not expected that any standard operating-system distribution would ship an applicable setuid or setgid program."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded" "lang": "eng",
}, "value": "ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a (1) setuid or (2) setgid program with this RPATH value, and then executing the program with a crafted value for the LD_PRELOAD environment variable, a different vulnerability than CVE-2010-3847 and CVE-2011-0536. NOTE: it is not expected that any standard operating-system distribution would ship an applicable setuid or setgid program."
{ }
"name" : "http://sourceware.org/bugzilla/show_bug.cgi?id=12393", ]
"refsource" : "MISC", },
"url" : "http://sourceware.org/bugzilla/show_bug.cgi?id=12393" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=667974", "description": [
"refsource" : "MISC", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=667974" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" ]
}, },
{ "references": {
"name" : "46397", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/46397" "name": "http://sourceware.org/bugzilla/show_bug.cgi?id=12393",
}, "refsource": "MISC",
{ "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=12393"
"name" : "gnuclibrary-ldso-priv-esc(66820)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66820" "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
} },
} {
"name": "46397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46397"
},
{
"name": "gnuclibrary-ldso-priv-esc(66820)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66820"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=667974",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=667974"
}
]
}
}

160
2011/1xxx/CVE-2011-1854.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "hp-security-alert@hp.com",
"ID" : "CVE-2011-1854", "ID": "CVE-2011-1854",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a long syslog packet, related to an exception handler."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-166/", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-166/" "lang": "eng",
}, "value": "Use-after-free vulnerability in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a long syslog packet, related to an exception handler."
{ }
"name" : "HPSBGN02680", ]
"refsource" : "HP", },
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02822750" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SSRT100361", "description": [
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02822750" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "47789", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/47789" ]
}, },
{ "references": {
"name" : "1025519", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1025519" "name": "HPSBGN02680",
} "refsource": "HP",
] "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02822750"
} },
} {
"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-166/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-166/"
},
{
"name": "1025519",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025519"
},
{
"name": "SSRT100361",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02822750"
},
{
"name": "47789",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47789"
}
]
}
}

150
2011/5xxx/CVE-2011-5006.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-5006", "ID": "CVE-2011-5006",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in QQPlayer 3.2.845 allows remote attackers to execute arbitrary code via a crafted PnSize value in a MOV file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "18137", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/18137" "lang": "eng",
}, "value": "Stack-based buffer overflow in QQPlayer 3.2.845 allows remote attackers to execute arbitrary code via a crafted PnSize value in a MOV file."
{ }
"name" : "50739", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/50739" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "77266", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/77266" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "46924", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/46924" ]
} },
] "references": {
} "reference_data": [
} {
"name": "18137",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18137"
},
{
"name": "77266",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77266"
},
{
"name": "50739",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50739"
},
{
"name": "46924",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46924"
}
]
}
}

34
2014/3xxx/CVE-2014-3078.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3078", "ID": "CVE-2014-3078",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2014/3xxx/CVE-2014-3305.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2014-3305", "ID": "CVE-2014-3305",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuj81735."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35051", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35051" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuj81735."
{ }
"name" : "20140725 Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability", ]
"refsource" : "CISCO", },
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3305" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "68903", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/68903" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1030644", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1030644" ]
}, },
{ "references": {
"name" : "cisco-webex-cve20143305-csrf(94894)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94894" "name": "cisco-webex-cve20143305-csrf(94894)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94894"
} },
} {
"name": "68903",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68903"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35051",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35051"
},
{
"name": "20140725 Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3305"
},
{
"name": "1030644",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030644"
}
]
}
}

160
2014/3xxx/CVE-2014-3319.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2014-3319", "ID": "CVE-2014-3319",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34909", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34909" "lang": "eng",
}, "value": "Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676."
{ }
"name" : "20140710 Cisco Unified Communications Manager Real-Time Monitoring Tool Path Traversal Vulnerability", ]
"refsource" : "CISCO", },
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3319" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1030554", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1030554" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "59734", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/59734" ]
}, },
{ "references": {
"name" : "cucm-cve20143319-dir-trav(94436)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94436" "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34909",
} "refsource": "CONFIRM",
] "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34909"
} },
} {
"name": "1030554",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030554"
},
{
"name": "59734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59734"
},
{
"name": "20140710 Cisco Unified Communications Manager Real-Time Monitoring Tool Path Traversal Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3319"
},
{
"name": "cucm-cve20143319-dir-trav(94436)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94436"
}
]
}
}

150
2014/3xxx/CVE-2014-3349.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2014-3349", "ID": "CVE-2014-3349",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not validate file types during the handling of file submission, which allows remote authenticated users to upload arbitrary files via a crafted request, aka Bug ID CSCuh87410."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20140828 Cisco Intelligent Automation for Cloud Arbitrary File Upload", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3349" "lang": "eng",
}, "value": "Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not validate file types during the handling of file submission, which allows remote authenticated users to upload arbitrary files via a crafted request, aka Bug ID CSCuh87410."
{ }
"name" : "69455", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/69455" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1030783", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1030783" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "cisco-iac-cve20143349-file-upload(95586)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95586" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20140828 Cisco Intelligent Automation for Cloud Arbitrary File Upload",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3349"
},
{
"name": "1030783",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030783"
},
{
"name": "cisco-iac-cve20143349-file-upload(95586)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95586"
},
{
"name": "69455",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69455"
}
]
}
}

130
2014/3xxx/CVE-2014-3829.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3829", "ID": "CVE-2014-3829",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20141016 Multiple unauthenticated SQL injections and unauthenticated remote command injection in Centreon <= 2.5.2 and Centreon Enterprise Server <= 2.2|3.0", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2014/Oct/78" "lang": "eng",
}, "value": "displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable."
{ }
"name" : "VU#298796", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/298796" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141016 Multiple unauthenticated SQL injections and unauthenticated remote command injection in Centreon <= 2.5.2 and Centreon Enterprise Server <= 2.2|3.0",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/78"
},
{
"name": "VU#298796",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/298796"
}
]
}
}

140
2014/7xxx/CVE-2014-7508.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7508", "ID": "CVE-2014-7508",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Help For Doc (aka com.childrens.physician.relations) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Help For Doc (aka com.childrens.physician.relations) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#582497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/582497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#856617", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/856617" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#856617",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/856617"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

34
2014/7xxx/CVE-2014-7639.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-7639", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-7639",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }
} }

140
2014/7xxx/CVE-2014-7755.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7755", "ID": "CVE-2014-7755",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The eTopUpOnline (aka com.moremagic.etopup.client.android) application 3.4.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The eTopUpOnline (aka com.moremagic.etopup.client.android) application 3.4.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#442049", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/442049" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#442049",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/442049"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

34
2014/8xxx/CVE-2014-8257.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8257", "ID": "CVE-2014-8257",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2014/8xxx/CVE-2014-8561.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8561", "ID": "CVE-2014-8561",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2014/9xxx/CVE-2014-9438.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9438", "ID": "CVE-2014-9438",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the Moderator Control Panel in vBulletin 4.2.2 allows remote attackers to hijack the authentication of administrators for requests that (1) ban a user via the username parameter in a dobanuser action to modcp/banning.php or (2) unban a user, (3) modify user profiles, edit a (4) post or (5) topic, or approve a (6) post or (7) topic via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.com/files/129619/vBulletin-Moderator-Control-Panel-4.2.2-CSRF.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/129619/vBulletin-Moderator-Control-Panel-4.2.2-CSRF.html" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in the Moderator Control Panel in vBulletin 4.2.2 allows remote attackers to hijack the authentication of administrators for requests that (1) ban a user via the username parameter in a dobanuser action to modcp/banning.php or (2) unban a user, (3) modify user profiles, edit a (4) post or (5) topic, or approve a (6) post or (7) topic via unspecified vectors."
{ }
"name" : "https://rstforums.com/forum/88810-csrf-vbulletin-modcp.rst", ]
"refsource" : "MISC", },
"url" : "https://rstforums.com/forum/88810-csrf-vbulletin-modcp.rst" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "vbulletin-banning-csrf(99472)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99472" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "vbulletin-banning-csrf(99472)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99472"
},
{
"name": "http://packetstormsecurity.com/files/129619/vBulletin-Moderator-Control-Panel-4.2.2-CSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129619/vBulletin-Moderator-Control-Panel-4.2.2-CSRF.html"
},
{
"name": "https://rstforums.com/forum/88810-csrf-vbulletin-modcp.rst",
"refsource": "MISC",
"url": "https://rstforums.com/forum/88810-csrf-vbulletin-modcp.rst"
}
]
}
}

140
2014/9xxx/CVE-2014-9524.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9524", "ID": "CVE-2014-9524",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the Facebook Like Box (cardoza-facebook-like-box) plugin before 2.8.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) frm_title, (3) frm_url, (4) frm_border_color, (5) frm_width, or (6) frm_height parameter in the slug_for_fb_like_box page to wp-admin/admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.com/files/129506/WordPress-Facebook-Like-Box-2.8.2-CSRF-XSS.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/129506/WordPress-Facebook-Like-Box-2.8.2-CSRF-XSS.html" "lang": "eng",
}, "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Facebook Like Box (cardoza-facebook-like-box) plugin before 2.8.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) frm_title, (3) frm_url, (4) frm_border_color, (5) frm_width, or (6) frm_height parameter in the slug_for_fb_like_box page to wp-admin/admin.php."
{ }
"name" : "https://wordpress.org/plugins/cardoza-facebook-like-box/changelog/", ]
"refsource" : "MISC", },
"url" : "https://wordpress.org/plugins/cardoza-facebook-like-box/changelog/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "61557", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/61557" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/cardoza-facebook-like-box/changelog/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/cardoza-facebook-like-box/changelog/"
},
{
"name": "61557",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61557"
},
{
"name": "http://packetstormsecurity.com/files/129506/WordPress-Facebook-Like-Box-2.8.2-CSRF-XSS.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129506/WordPress-Facebook-Like-Box-2.8.2-CSRF-XSS.html"
}
]
}
}

160
2016/2xxx/CVE-2016-2070.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-2070", "ID": "CVE-2016-2070",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The tcp_cwnd_reduction function in net/ipv4/tcp_input.c in the Linux kernel before 4.3.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via crafted TCP traffic."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160125 Linux potential division by zero in TCP code", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/01/25/5" "lang": "eng",
}, "value": "The tcp_cwnd_reduction function in net/ipv4/tcp_input.c in the Linux kernel before 4.3.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via crafted TCP traffic."
{ }
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b8a321ff72c785ed5e8b4cf6eda20b35d427390", ]
"refsource" : "CONFIRM", },
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b8a321ff72c785ed5e8b4cf6eda20b35d427390" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1302219", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1302219" ]
}, },
{ "references": {
"name" : "https://github.com/torvalds/linux/commit/8b8a321ff72c785ed5e8b4cf6eda20b35d427390", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/torvalds/linux/commit/8b8a321ff72c785ed5e8b4cf6eda20b35d427390" "name": "[oss-security] 20160125 Linux potential division by zero in TCP code",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2016/01/25/5"
} },
} {
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5"
},
{
"name": "https://github.com/torvalds/linux/commit/8b8a321ff72c785ed5e8b4cf6eda20b35d427390",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/8b8a321ff72c785ed5e8b4cf6eda20b35d427390"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b8a321ff72c785ed5e8b4cf6eda20b35d427390",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b8a321ff72c785ed5e8b4cf6eda20b35d427390"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1302219",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302219"
}
]
}
}

130
2016/2xxx/CVE-2016-2440.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-2440", "ID": "CVE-2016-2440",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libs/binder/IPCThreadState.cpp in Binder in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 mishandles object references, which allows attackers to gain privileges via a crafted application, aka internal bug 27252896."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://source.android.com/security/bulletin/2016-05-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://source.android.com/security/bulletin/2016-05-01.html" "lang": "eng",
}, "value": "libs/binder/IPCThreadState.cpp in Binder in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 mishandles object references, which allows attackers to gain privileges via a crafted application, aka internal bug 27252896."
{ }
"name" : "https://android.googlesource.com/platform/frameworks/native/+/a59b827869a2ea04022dd225007f29af8d61837a", ]
"refsource" : "CONFIRM", },
"url" : "https://android.googlesource.com/platform/frameworks/native/+/a59b827869a2ea04022dd225007f29af8d61837a" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-05-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-05-01.html"
},
{
"name": "https://android.googlesource.com/platform/frameworks/native/+/a59b827869a2ea04022dd225007f29af8d61837a",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/native/+/a59b827869a2ea04022dd225007f29af8d61837a"
}
]
}
}

120
2016/2xxx/CVE-2016-2468.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-2468", "ID": "CVE-2016-2468",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Qualcomm GPU driver in Android before 2016-06-01 on Nexus 5, 5X, 6, 6P, and 7 devices allows attackers to gain privileges via a crafted application, aka internal bug 27475454."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://source.android.com/security/bulletin/2016-06-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://source.android.com/security/bulletin/2016-06-01.html" "lang": "eng",
} "value": "The Qualcomm GPU driver in Android before 2016-06-01 on Nexus 5, 5X, 6, 6P, and 7 devices allows attackers to gain privileges via a crafted application, aka internal bug 27475454."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-06-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-06-01.html"
}
]
}
}

220
2016/2xxx/CVE-2016-2828.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2016-2828", "ID": "CVE-2016-2828",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-56.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-56.html" "lang": "eng",
}, "value": "Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1223810", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1223810" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-3600", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2016/dsa-3600" ]
}, },
{ "references": {
"name" : "RHSA-2016:1217", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2016:1217" "name": "1036057",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1036057"
"name" : "openSUSE-SU-2016:1552", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html" "name": "RHSA-2016:1217",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2016:1217"
"name" : "openSUSE-SU-2016:1557", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html" "name": "openSUSE-SU-2016:1557",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html"
"name" : "SUSE-SU-2016:1691", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html" "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-56.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-56.html"
"name" : "USN-2993-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2993-1" "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
"name" : "91075", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/91075" "name": "openSUSE-SU-2016:1552",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html"
"name" : "1036057", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036057" "name": "USN-2993-1",
} "refsource": "UBUNTU",
] "url": "http://www.ubuntu.com/usn/USN-2993-1"
} },
} {
"name": "SUSE-SU-2016:1691",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1223810",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1223810"
},
{
"name": "91075",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91075"
},
{
"name": "DSA-3600",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3600"
}
]
}
}

34
2016/6xxx/CVE-2016-6081.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6081", "ID": "CVE-2016-6081",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2016/6xxx/CVE-2016-6231.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6231", "ID": "CVE-2016-6231",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Kaspersky Safe Browser iOS before 1.7.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20160801 Kaspersky Safe Browser iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6231)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/539071/100/0/threaded" "lang": "eng",
}, "value": "Kaspersky Safe Browser iOS before 1.7.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate."
{ }
"name" : "20160805 Kaspersky Safe Browser iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6231)", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2016/Aug/30" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.info-sec.ca/advisories/Kaspersky-Safe-Browser.html", "description": [
"refsource" : "MISC", {
"url" : "http://www.info-sec.ca/advisories/Kaspersky-Safe-Browser.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://support.kaspersky.com/vulnerability.aspx?el=12430#280716", ]
"refsource" : "CONFIRM", }
"url" : "https://support.kaspersky.com/vulnerability.aspx?el=12430#280716" ]
}, },
{ "references": {
"name" : "92200", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/92200" "name": "http://www.info-sec.ca/advisories/Kaspersky-Safe-Browser.html",
} "refsource": "MISC",
] "url": "http://www.info-sec.ca/advisories/Kaspersky-Safe-Browser.html"
} },
} {
"name": "92200",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92200"
},
{
"name": "https://support.kaspersky.com/vulnerability.aspx?el=12430#280716",
"refsource": "CONFIRM",
"url": "https://support.kaspersky.com/vulnerability.aspx?el=12430#280716"
},
{
"name": "20160801 Kaspersky Safe Browser iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6231)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539071/100/0/threaded"
},
{
"name": "20160805 Kaspersky Safe Browser iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6231)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Aug/30"
}
]
}
}

130
2016/6xxx/CVE-2016-6537.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cert@cert.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2016-6537", "ID": "CVE-2016-6537",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent attacks to obtain sensitive information by reading these strings."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#667480", "description_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/667480" "lang": "eng",
}, "value": "AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent attacks to obtain sensitive information by reading these strings."
{ }
"name" : "92936", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/92936" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#667480",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/667480"
},
{
"name": "92936",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92936"
}
]
}
}

34
2016/6xxx/CVE-2016-6579.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-6579", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-6579",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

136
2016/6xxx/CVE-2016-6729.json
View File

@ -1,70 +1,70 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-6729", "ID": "CVE-2016-6729",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Kernel-3.10" "version_value": "Kernel-3.10"
}, },
{ {
"version_value" : "Kernel-3.18" "version_value": "Kernel-3.18"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the Qualcomm bootloader in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30977990. References: Qualcomm QC-CR#977684."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2016-11-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2016-11-01.html" "lang": "eng",
}, "value": "An elevation of privilege vulnerability in the Qualcomm bootloader in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30977990. References: Qualcomm QC-CR#977684."
{ }
"name" : "94203", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/94203" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name": "94203",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94203"
}
]
}
}

180
2017/5xxx/CVE-2017-5088.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@google.com",
"ID" : "CVE-2017-5088", "ID": "CVE-2017-5088",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Google Chrome prior to 59.0.3071.104 for Mac, Windows and Linux, and 59.0.3071.117 for Android", "product_name": "Google Chrome prior to 59.0.3071.104 for Mac, Windows and Linux, and 59.0.3071.117 for Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Google Chrome prior to 59.0.3071.104 for Mac, Windows and Linux, and 59.0.3071.117 for Android" "version_value": "Google Chrome prior to 59.0.3071.104 for Mac, Windows and Linux, and 59.0.3071.117 for Android"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insufficient Validation of Untrusted Input"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html" "lang": "eng",
}, "value": "Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page."
{ }
"name" : "https://crbug.com/729991", ]
"refsource" : "MISC", },
"url" : "https://crbug.com/729991" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-3926", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3926" "lang": "eng",
}, "value": "Insufficient Validation of Untrusted Input"
{ }
"name" : "GLSA-201706-20", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201706-20" ]
}, },
{ "references": {
"name" : "RHSA-2017:1495", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:1495" "name": "1038765",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1038765"
"name" : "99096", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99096" "name": "https://crbug.com/729991",
}, "refsource": "MISC",
{ "url": "https://crbug.com/729991"
"name" : "1038765", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038765" "name": "99096",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/99096"
} },
} {
"name": "DSA-3926",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3926"
},
{
"name": "RHSA-2017:1495",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1495"
},
{
"name": "GLSA-201706-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-20"
},
{
"name": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html"
}
]
}
}

120
2017/5xxx/CVE-2017-5183.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@microfocus.com", "ASSIGNER": "security@suse.com",
"ID" : "CVE-2017-5183", "ID": "CVE-2017-5183",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Identity Server", "product_name": "Identity Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Identity Server" "version_value": "Identity Server"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SAML2 mishandling"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.novell.com/support/kb/doc.php?id=7018509", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.novell.com/support/kb/doc.php?id=7018509" "lang": "eng",
} "value": "NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SAML2 mishandling"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.novell.com/support/kb/doc.php?id=7018509",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7018509"
}
]
}
}

34
2017/5xxx/CVE-2017-5761.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5761", "ID": "CVE-2017-5761",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2017/5xxx/CVE-2017-5902.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5902", "ID": "CVE-2017-5902",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PayQuicker app 1.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f", "description_data": [
"refsource" : "MISC", {
"url" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f" "lang": "eng",
} "value": "The PayQuicker app 1.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f",
"refsource": "MISC",
"url": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f"
}
]
}
}