admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:04:02 +00:00
parent d7f9d6dbb9
commit 28f35fb1ff
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
57 changed files with 4744 additions and 4744 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

660
2006/0xxx/CVE-2006-0748.json
View File

@ -1,332 +1,332 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0748",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via \"an invalid and non-sensical ordering of table-related tags\" that results in a negative array index."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-0748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060426 ZDI-06-011: Mozilla Firefox Table Rebuilding Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/432103/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-06-011/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-06-011/"
},
{
"name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-27.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-27.html"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm"
},
{
"name" : "DSA-1044",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1044"
},
{
"name" : "DSA-1046",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1046"
},
{
"name" : "DSA-1051",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1051"
},
{
"name" : "FLSA:189137-1",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/436296/100/0/threaded"
},
{
"name" : "FLSA:189137-2",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/436338/100/0/threaded"
},
{
"name" : "GLSA-200604-12",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml"
},
{
"name" : "GLSA-200604-18",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml"
},
{
"name" : "GLSA-200605-09",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml"
},
{
"name" : "HPSBUX02122",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/438730/100/0/threaded"
},
{
"name" : "SSRT061158",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/438730/100/0/threaded"
},
{
"name" : "HPSBUX02153",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
},
{
"name" : "SSRT061181",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
},
{
"name" : "HPSBUX02156",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
},
{
"name" : "SSRT061236",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
},
{
"name" : "MDKSA-2006:075",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:075"
},
{
"name" : "MDKSA-2006:076",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:076"
},
{
"name" : "MDKSA-2006:078",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078"
},
{
"name" : "RHSA-2006:0329",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0329.html"
},
{
"name" : "RHSA-2006:0330",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0330.html"
},
{
"name" : "SCOSA-2006.26",
"refsource" : "SCO",
"url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt"
},
{
"name" : "20060404-01-U",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc"
},
{
"name" : "102550",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1"
},
{
"name" : "228526",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1"
},
{
"name" : "SUSE-SA:2006:022",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_04_25.html"
},
{
"name" : "USN-275-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/275-1/"
},
{
"name" : "USN-276-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/276-1/"
},
{
"name" : "17516",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17516"
},
{
"name" : "oval:org.mitre.oval:def:11164",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11164"
},
{
"name" : "ADV-2006-1356",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1356"
},
{
"name" : "ADV-2006-3391",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3391"
},
{
"name" : "ADV-2006-3748",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3748"
},
{
"name" : "ADV-2006-3749",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3749"
},
{
"name" : "ADV-2008-0083",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name" : "oval:org.mitre.oval:def:1189",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1189"
},
{
"name" : "19759",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19759"
},
{
"name" : "19794",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19794"
},
{
"name" : "19821",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19821"
},
{
"name" : "19811",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19811"
},
{
"name" : "19823",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19823"
},
{
"name" : "19852",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19852"
},
{
"name" : "19862",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19862"
},
{
"name" : "19863",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19863"
},
{
"name" : "19902",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19902"
},
{
"name" : "19950",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19950"
},
{
"name" : "19941",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19941"
},
{
"name" : "21033",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21033"
},
{
"name" : "21622",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21622"
},
{
"name" : "20051",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20051"
},
{
"name" : "22065",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22065"
},
{
"name" : "22066",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22066"
},
{
"name" : "mozilla-table-rebuilding-code-execution(25985)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25985"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via \"an invalid and non-sensical ordering of table-related tags\" that results in a negative array index."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mozilla.org/security/announce/2006/mfsa2006-27.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-27.html"
},
{
"name": "USN-275-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/275-1/"
},
{
"name": "ADV-2006-3748",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3748"
},
{
"name": "RHSA-2006:0330",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0330.html"
},
{
"name": "19902",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19902"
},
{
"name": "20060426 ZDI-06-011: Mozilla Firefox Table Rebuilding Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432103/100/0/threaded"
},
{
"name": "20060404-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc"
},
{
"name": "USN-276-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/276-1/"
},
{
"name": "HPSBUX02122",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded"
},
{
"name": "19941",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19941"
},
{
"name": "19821",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19821"
},
{
"name": "GLSA-200604-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml"
},
{
"name": "oval:org.mitre.oval:def:11164",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11164"
},
{
"name": "21622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21622"
},
{
"name": "19862",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19862"
},
{
"name": "MDKSA-2006:075",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:075"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm"
},
{
"name": "19823",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19823"
},
{
"name": "DSA-1051",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1051"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-06-011/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-011/"
},
{
"name": "ADV-2006-3749",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3749"
},
{
"name": "RHSA-2006:0329",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0329.html"
},
{
"name": "GLSA-200604-18",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml"
},
{
"name": "19811",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19811"
},
{
"name": "19794",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19794"
},
{
"name": "21033",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21033"
},
{
"name": "ADV-2008-0083",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name": "102550",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1"
},
{
"name": "19759",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19759"
},
{
"name": "FLSA:189137-2",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/436338/100/0/threaded"
},
{
"name": "mozilla-table-rebuilding-code-execution(25985)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25985"
},
{
"name": "SSRT061181",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
},
{
"name": "ADV-2006-1356",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1356"
},
{
"name": "SSRT061236",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
},
{
"name": "SSRT061158",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded"
},
{
"name": "MDKSA-2006:078",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078"
},
{
"name": "HPSBUX02153",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
},
{
"name": "oval:org.mitre.oval:def:1189",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1189"
},
{
"name": "20051",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20051"
},
{
"name": "19863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19863"
},
{
"name": "HPSBUX02156",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
},
{
"name": "SCOSA-2006.26",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt"
},
{
"name": "FLSA:189137-1",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/436296/100/0/threaded"
},
{
"name": "17516",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17516"
},
{
"name": "228526",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1"
},
{
"name": "19852",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19852"
},
{
"name": "22066",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22066"
},
{
"name": "SUSE-SA:2006:022",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_04_25.html"
},
{
"name": "GLSA-200605-09",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml"
},
{
"name": "ADV-2006-3391",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3391"
},
{
"name": "22065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22065"
},
{
"name": "19950",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19950"
},
{
"name": "MDKSA-2006:076",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:076"
},
{
"name": "DSA-1046",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1046"
},
{
"name": "DSA-1044",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1044"
}
]
}
}

160
2006/0xxx/CVE-2006-0967.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0967",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to cause a denial of service (memory usage and cpu utilization) via a flood of arbitrary UDP datagrams to ports 0 to 65000. NOTE: this issue was reported as a buffer overflow, but that term usually does not apply in flooding attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060301 NCP VPN/PKI Client - various Bugs",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/426480/100/0/threaded"
},
{
"name" : "20060301 NCP VPN/PKI Client - various Bugs",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/042640.html"
},
{
"name" : "16906",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16906"
},
{
"name" : "19082",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19082"
},
{
"name" : "ncp-udp-dos(25249)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25249"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to cause a denial of service (memory usage and cpu utilization) via a flood of arbitrary UDP datagrams to ports 0 to 65000. NOTE: this issue was reported as a buffer overflow, but that term usually does not apply in flooding attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16906",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16906"
},
{
"name": "20060301 NCP VPN/PKI Client - various Bugs",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426480/100/0/threaded"
},
{
"name": "ncp-udp-dos(25249)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25249"
},
{
"name": "19082",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19082"
},
{
"name": "20060301 NCP VPN/PKI Client - various Bugs",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/042640.html"
}
]
}
}

180
2006/1xxx/CVE-2006-1116.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1116",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CBC-MAC integrity functions in the nCipher nCore API before 2.18 transmit the initialization vector IV as part of a message when the implementation uses a non-zero IV, which allows remote attackers to bypass integrity checks and modify messages without being detected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060308 nCipher Advisory #13: CBC-MAC IV misleading programming interface",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/427150/100/0/threaded"
},
{
"name" : "http://www.ncipher.com/resources/96/sa13_cbcmac_iv_misleading_programming_interface",
"refsource" : "CONFIRM",
"url" : "http://www.ncipher.com/resources/96/sa13_cbcmac_iv_misleading_programming_interface"
},
{
"name" : "17011",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17011"
},
{
"name" : "ADV-2006-0862",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0862"
},
{
"name" : "1015718",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015718"
},
{
"name" : "19137",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19137"
},
{
"name" : "ncipher-ncore-bypass-security(25062)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25062"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CBC-MAC integrity functions in the nCipher nCore API before 2.18 transmit the initialization vector IV as part of a message when the implementation uses a non-zero IV, which allows remote attackers to bypass integrity checks and modify messages without being detected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060308 nCipher Advisory #13: CBC-MAC IV misleading programming interface",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427150/100/0/threaded"
},
{
"name": "ADV-2006-0862",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0862"
},
{
"name": "ncipher-ncore-bypass-security(25062)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25062"
},
{
"name": "17011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17011"
},
{
"name": "http://www.ncipher.com/resources/96/sa13_cbcmac_iv_misleading_programming_interface",
"refsource": "CONFIRM",
"url": "http://www.ncipher.com/resources/96/sa13_cbcmac_iv_misleading_programming_interface"
},
{
"name": "1015718",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015718"
},
{
"name": "19137",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19137"
}
]
}
}

130
2006/1xxx/CVE-2006-1267.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1267",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Invision Power Board 2.1.4 allows remote attackers to hijack sessions and possibly gain administrative privileges by obtaining the session ID from the s parameter, then replaying it in another request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060314 Invision Power Board v2.1.4 - session hijacking",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/427751/100/0/threaded"
},
{
"name" : "20060316 Re: Invision Power Board v2.1.4 - session hijacking",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/427847/100/0/threaded"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Invision Power Board 2.1.4 allows remote attackers to hijack sessions and possibly gain administrative privileges by obtaining the session ID from the s parameter, then replaying it in another request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060316 Re: Invision Power Board v2.1.4 - session hijacking",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427847/100/0/threaded"
},
{
"name": "20060314 Invision Power Board v2.1.4 - session hijacking",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427751/100/0/threaded"
}
]
}
}

170
2006/1xxx/CVE-2006-1574.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1574",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web, World Wide Web Desktop, World Wide Web for Scheduler, and Desktop for Scheduler, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.hitachi-support.com/security_e/vuls_e/HS06-005_e/index-e.html",
"refsource" : "CONFIRM",
"url" : "http://www.hitachi-support.com/security_e/vuls_e/HS06-005_e/index-e.html"
},
{
"name" : "17337",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17337"
},
{
"name" : "ADV-2006-1180",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1180"
},
{
"name" : "24295",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24295"
},
{
"name" : "19483",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19483"
},
{
"name" : "groupmax-www-xss(25574)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25574"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web, World Wide Web Desktop, World Wide Web for Scheduler, and Desktop for Scheduler, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1180",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1180"
},
{
"name": "17337",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17337"
},
{
"name": "24295",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24295"
},
{
"name": "http://www.hitachi-support.com/security_e/vuls_e/HS06-005_e/index-e.html",
"refsource": "CONFIRM",
"url": "http://www.hitachi-support.com/security_e/vuls_e/HS06-005_e/index-e.html"
},
{
"name": "19483",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19483"
},
{
"name": "groupmax-www-xss(25574)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25574"
}
]
}
}

170
2006/1xxx/CVE-2006-1797.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1797",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel in NetBSD-current before September 28, 2005 allows local users to cause a denial of service (system crash) by using the SIOCGIFALIAS ioctl to gather information on a non-existent alias of a network interface, which causes a NULL pointer dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "NetBSD-SA2006-012",
"refsource" : "NETBSD",
"url" : "http://archives.neohapsis.com/archives/netbsd/2006-q2/0014.html"
},
{
"name" : "17497",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17497"
},
{
"name" : "24578",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24578"
},
{
"name" : "1015908",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015908"
},
{
"name" : "19615",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19615"
},
{
"name" : "bsd-siocgifalias-ioctl-dos(25766)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25766"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel in NetBSD-current before September 28, 2005 allows local users to cause a denial of service (system crash) by using the SIOCGIFALIAS ioctl to gather information on a non-existent alias of a network interface, which causes a NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17497"
},
{
"name": "NetBSD-SA2006-012",
"refsource": "NETBSD",
"url": "http://archives.neohapsis.com/archives/netbsd/2006-q2/0014.html"
},
{
"name": "24578",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24578"
},
{
"name": "1015908",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015908"
},
{
"name": "bsd-siocgifalias-ioctl-dos(25766)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25766"
},
{
"name": "19615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19615"
}
]
}
}

180
2006/5xxx/CVE-2006-5230.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5230",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in forum.php in FreeForum 0.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061007 FreeForum 0.9.7 (fpath) Remote File Include Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/447931/100/0/threaded"
},
{
"name" : "2484",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2484"
},
{
"name" : "20388",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20388"
},
{
"name" : "ADV-2006-3955",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3955"
},
{
"name" : "22320",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22320"
},
{
"name" : "1710",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1710"
},
{
"name" : "freeforum-forum-file-include(29391)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29391"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in forum.php in FreeForum 0.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3955",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3955"
},
{
"name": "freeforum-forum-file-include(29391)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29391"
},
{
"name": "20388",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20388"
},
{
"name": "2484",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2484"
},
{
"name": "22320",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22320"
},
{
"name": "1710",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1710"
},
{
"name": "20061007 FreeForum 0.9.7 (fpath) Remote File Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447931/100/0/threaded"
}
]
}
}

180
2006/5xxx/CVE-2006-5310.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5310",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in common/visiteurs/include/menus.inc.php in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061013 phpMyConferences <= 8.0.2 Remote File Inclusion",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/448547/100/0/threaded"
},
{
"name" : "2535",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2535"
},
{
"name" : "20505",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20505"
},
{
"name" : "ADV-2006-4045",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4045"
},
{
"name" : "22411",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22411"
},
{
"name" : "1733",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1733"
},
{
"name" : "phpmyconferences-menus-file-include(29514)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29514"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in common/visiteurs/include/menus.inc.php in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22411",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22411"
},
{
"name": "2535",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2535"
},
{
"name": "20505",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20505"
},
{
"name": "ADV-2006-4045",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4045"
},
{
"name": "1733",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1733"
},
{
"name": "phpmyconferences-menus-file-include(29514)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29514"
},
{
"name": "20061013 phpMyConferences <= 8.0.2 Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448547/100/0/threaded"
}
]
}
}

200
2006/5xxx/CVE-2006-5353.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5353",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle HTTP Server component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, and Oracle Collaboration Suite 9.0.4.2 and 10.1.2, has unknown impact and remote attack vectors related to the Mod_rewrite Module, aka Vuln# OHS01."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5353",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html",
"refsource" : "MISC",
"url" : "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html"
},
{
"name" : "HPSBMA02133",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded"
},
{
"name" : "SSRT061201",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/449711/100/0/threaded"
},
{
"name" : "TA06-291A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-291A.html"
},
{
"name" : "20588",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20588"
},
{
"name" : "ADV-2006-4065",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4065"
},
{
"name" : "1017077",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017077"
},
{
"name" : "22396",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22396"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle HTTP Server component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, and Oracle Collaboration Suite 9.0.4.2 and 10.1.2, has unknown impact and remote attack vectors related to the Mod_rewrite Module, aka Vuln# OHS01."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html"
},
{
"name": "20588",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20588"
},
{
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html"
},
{
"name": "SSRT061201",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449711/100/0/threaded"
},
{
"name": "ADV-2006-4065",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4065"
},
{
"name": "22396",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22396"
},
{
"name": "1017077",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017077"
},
{
"name": "TA06-291A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-291A.html"
}
]
}
}

170
2007/2xxx/CVE-2007-2291.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2291",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CRLF injection vulnerability in the Digest Authentication support for Microsoft Internet Explorer 7.0.5730.11 allows remote attackers to conduct HTTP response splitting attacks via a LF (%0a) in the username attribute."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2291",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070425 IE 7 and Firefox Browsers Digest Authentication Request Splitting",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/466906/100/0/threaded"
},
{
"name" : "http://www.wisec.it/vulns.php?id=11",
"refsource" : "MISC",
"url" : "http://www.wisec.it/vulns.php?id=11"
},
{
"name" : "23668",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23668"
},
{
"name" : "1017969",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1017969"
},
{
"name" : "2654",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2654"
},
{
"name" : "ie-lf-response-splitting(33978)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33978"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in the Digest Authentication support for Microsoft Internet Explorer 7.0.5730.11 allows remote attackers to conduct HTTP response splitting attacks via a LF (%0a) in the username attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.wisec.it/vulns.php?id=11",
"refsource": "MISC",
"url": "http://www.wisec.it/vulns.php?id=11"
},
{
"name": "1017969",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017969"
},
{
"name": "ie-lf-response-splitting(33978)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33978"
},
{
"name": "23668",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23668"
},
{
"name": "20070425 IE 7 and Firefox Browsers Digest Authentication Request Splitting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466906/100/0/threaded"
},
{
"name": "2654",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2654"
}
]
}
}

170
2007/2xxx/CVE-2007-2363.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2363",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3811",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3811"
},
{
"name" : "23692",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23692"
},
{
"name" : "ADV-2007-1575",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1575"
},
{
"name" : "35463",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35463"
},
{
"name" : "25052",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25052"
},
{
"name" : "irfanview-iff-bo(33946)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33946"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35463",
"refsource": "OSVDB",
"url": "http://osvdb.org/35463"
},
{
"name": "23692",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23692"
},
{
"name": "3811",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3811"
},
{
"name": "25052",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25052"
},
{
"name": "irfanview-iff-bo(33946)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33946"
},
{
"name": "ADV-2007-1575",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1575"
}
]
}
}

130
2010/0xxx/CVE-2010-0521.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0521",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-0521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4077",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4077"
},
{
"name" : "APPLE-SA-2010-03-29-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
}
]
}
}

150
2010/0xxx/CVE-2010-0579.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0579",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device reload) via a malformed SIP message, aka Bug ID CSCtb93416, the \"SIP Message Handling Denial of Service Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-0579",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=20063",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=20063"
},
{
"name" : "20100324 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20f32.shtml"
},
{
"name" : "1023744",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023744"
},
{
"name" : "39068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39068"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device reload) via a malformed SIP message, aka Bug ID CSCtb93416, the \"SIP Message Handling Denial of Service Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1023744",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023744"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=20063",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=20063"
},
{
"name": "39068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39068"
},
{
"name": "20100324 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20f32.shtml"
}
]
}
}

170
2010/0xxx/CVE-2010-0709.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0709",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Limny 2.0 allow remote attackers to (1) hijack the authentication of users or administrators for requests that change the email address or password via the user action to index.php, and (2) hijack the authentication of the administrator for requests that create a new user via the admin/modules/user/new action to limny/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "11477",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/11477"
},
{
"name" : "11478",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/11478"
},
{
"name" : "http://www.limny.org/",
"refsource" : "CONFIRM",
"url" : "http://www.limny.org/"
},
{
"name" : "62389",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/62389"
},
{
"name" : "38616",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38616"
},
{
"name" : "limny-admin-csrf(56318)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56318"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Limny 2.0 allow remote attackers to (1) hijack the authentication of users or administrators for requests that change the email address or password via the user action to index.php, and (2) hijack the authentication of the administrator for requests that create a new user via the admin/modules/user/new action to limny/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11478",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11478"
},
{
"name": "limny-admin-csrf(56318)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56318"
},
{
"name": "http://www.limny.org/",
"refsource": "CONFIRM",
"url": "http://www.limny.org/"
},
{
"name": "38616",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38616"
},
{
"name": "11477",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11477"
},
{
"name": "62389",
"refsource": "OSVDB",
"url": "http://osvdb.org/62389"
}
]
}
}

170
2010/0xxx/CVE-2010-0728.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0728",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[samba-announce] 20100308 Security problem with Samba on Linux - affects 3.5.0, 3.4.6 and 3.3.11",
"refsource" : "MLIST",
"url" : "http://lists.samba.org/archive/samba-announce/2010/000211.html"
},
{
"name" : "http://www.samba.org/samba/history/samba-3.3.12.html",
"refsource" : "CONFIRM",
"url" : "http://www.samba.org/samba/history/samba-3.3.12.html"
},
{
"name" : "http://www.samba.org/samba/history/samba-3.4.7.html",
"refsource" : "CONFIRM",
"url" : "http://www.samba.org/samba/history/samba-3.4.7.html"
},
{
"name" : "http://www.samba.org/samba/history/samba-3.5.1.html",
"refsource" : "CONFIRM",
"url" : "http://www.samba.org/samba/history/samba-3.5.1.html"
},
{
"name" : "http://www.samba.org/samba/security/CVE-2010-0728",
"refsource" : "CONFIRM",
"url" : "http://www.samba.org/samba/security/CVE-2010-0728"
},
{
"name" : "https://bugzilla.samba.org/show_bug.cgi?id=7222",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.samba.org/show_bug.cgi?id=7222"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[samba-announce] 20100308 Security problem with Samba on Linux - affects 3.5.0, 3.4.6 and 3.3.11",
"refsource": "MLIST",
"url": "http://lists.samba.org/archive/samba-announce/2010/000211.html"
},
{
"name": "http://www.samba.org/samba/security/CVE-2010-0728",
"refsource": "CONFIRM",
"url": "http://www.samba.org/samba/security/CVE-2010-0728"
},
{
"name": "http://www.samba.org/samba/history/samba-3.4.7.html",
"refsource": "CONFIRM",
"url": "http://www.samba.org/samba/history/samba-3.4.7.html"
},
{
"name": "https://bugzilla.samba.org/show_bug.cgi?id=7222",
"refsource": "CONFIRM",
"url": "https://bugzilla.samba.org/show_bug.cgi?id=7222"
},
{
"name": "http://www.samba.org/samba/history/samba-3.3.12.html",
"refsource": "CONFIRM",
"url": "http://www.samba.org/samba/history/samba-3.3.12.html"
},
{
"name": "http://www.samba.org/samba/history/samba-3.5.1.html",
"refsource": "CONFIRM",
"url": "http://www.samba.org/samba/history/samba-3.5.1.html"
}
]
}
}

170
2010/1xxx/CVE-2010-1054.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1054",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in ParsCMS allow remote attackers to execute arbitrary SQL commands via the RP parameter to (1) fa_default.asp and (2) en_default.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100315 Pars CMS SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/510066/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.org/1003-exploits/parscms-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1003-exploits/parscms-sql.txt"
},
{
"name" : "38734",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38734"
},
{
"name" : "62999",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/62999"
},
{
"name" : "63000",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/63000"
},
{
"name" : "39007",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39007"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in ParsCMS allow remote attackers to execute arbitrary SQL commands via the RP parameter to (1) fa_default.asp and (2) en_default.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/1003-exploits/parscms-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1003-exploits/parscms-sql.txt"
},
{
"name": "38734",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38734"
},
{
"name": "62999",
"refsource": "OSVDB",
"url": "http://osvdb.org/62999"
},
{
"name": "63000",
"refsource": "OSVDB",
"url": "http://osvdb.org/63000"
},
{
"name": "20100315 Pars CMS SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510066/100/0/threaded"
},
{
"name": "39007",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39007"
}
]
}
}

390
2010/1xxx/CVE-2010-1163.json
View File

@ -1,197 +1,197 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1163",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for \".\", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-1163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100420 Re: sudoedit local privilege escalation through PATH manipulation",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/510846/100/0/threaded"
},
{
"name" : "20100422 Re: sudoedit local privilege escalation through PATH manipulation",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/510880/100/0/threaded"
},
{
"name" : "20100419 sudoedit local privilege escalation through PATH manipulation",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/510827/100/0/threaded"
},
{
"name" : "20101027 rPSA-2010-0075-1 sudo",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/514489/100/0/threaded"
},
{
"name" : "http://www.sudo.ws/sudo/alerts/sudoedit_escalate2.html",
"refsource" : "CONFIRM",
"url" : "http://www.sudo.ws/sudo/alerts/sudoedit_escalate2.html"
},
{
"name" : "http://wiki.rpath.com/Advisories:rPSA-2010-0075",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/Advisories:rPSA-2010-0075"
},
{
"name" : "FEDORA-2010-6756",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039986.html"
},
{
"name" : "MDVSA-2010:078",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:078"
},
{
"name" : "RHSA-2010:0361",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0361.html"
},
{
"name" : "SSA:2010-110-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.577019"
},
{
"name" : "SUSE-SR:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name" : "USN-928-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-928-1"
},
{
"name" : "39468",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39468"
},
{
"name" : "63878",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/63878"
},
{
"name" : "oval:org.mitre.oval:def:9382",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9382"
},
{
"name" : "39384",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39384"
},
{
"name" : "39474",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39474"
},
{
"name" : "39543",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39543"
},
{
"name" : "39399",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39399"
},
{
"name" : "43068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43068"
},
{
"name" : "ADV-2010-0881",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0881"
},
{
"name" : "ADV-2010-0895",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0895"
},
{
"name" : "ADV-2010-0949",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0949"
},
{
"name" : "ADV-2010-0956",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0956"
},
{
"name" : "ADV-2010-1019",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1019"
},
{
"name" : "ADV-2010-0904",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0904"
},
{
"name" : "ADV-2011-0212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name" : "sudo-sudoefit-privilege-escalation(57836)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57836"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for \".\", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-928-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-928-1"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "RHSA-2010:0361",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0361.html"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "39384",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39384"
},
{
"name": "oval:org.mitre.oval:def:9382",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9382"
},
{
"name": "39543",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39543"
},
{
"name": "39399",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39399"
},
{
"name": "ADV-2010-1019",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1019"
},
{
"name": "63878",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/63878"
},
{
"name": "ADV-2010-0956",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0956"
},
{
"name": "20100422 Re: sudoedit local privilege escalation through PATH manipulation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510880/100/0/threaded"
},
{
"name": "20101027 rPSA-2010-0075-1 sudo",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514489/100/0/threaded"
},
{
"name": "MDVSA-2010:078",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:078"
},
{
"name": "FEDORA-2010-6756",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039986.html"
},
{
"name": "ADV-2010-0895",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0895"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "ADV-2010-0949",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0949"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2010-0075",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2010-0075"
},
{
"name": "20100419 sudoedit local privilege escalation through PATH manipulation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510827/100/0/threaded"
},
{
"name": "39468",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39468"
},
{
"name": "ADV-2010-0881",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0881"
},
{
"name": "39474",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39474"
},
{
"name": "20100420 Re: sudoedit local privilege escalation through PATH manipulation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510846/100/0/threaded"
},
{
"name": "http://www.sudo.ws/sudo/alerts/sudoedit_escalate2.html",
"refsource": "CONFIRM",
"url": "http://www.sudo.ws/sudo/alerts/sudoedit_escalate2.html"
},
{
"name": "sudo-sudoefit-privilege-escalation(57836)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57836"
},
{
"name": "ADV-2010-0904",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0904"
},
{
"name": "SSA:2010-110-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.577019"
}
]
}
}

140
2010/1xxx/CVE-2010-1237.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1237",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome 4.1 BETA before 4.1.249.1036 allows remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via an empty SVG element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=37061",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=37061"
},
{
"name" : "http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html"
},
{
"name" : "oval:org.mitre.oval:def:14374",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14374"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome 4.1 BETA before 4.1.249.1036 allows remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via an empty SVG element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:14374",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14374"
},
{
"name": "http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/03/stable-channel-update.html"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=37061",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=37061"
}
]
}
}

170
2010/3xxx/CVE-2010-3198.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3198",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to cause a denial of service (crash of worker threads) via vectors that trigger uncaught exceptions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[zope-announce] 20100901 Annoucement: Zope 2.10.12 and 2.11.7 Released",
"refsource" : "MLIST",
"url" : "https://mail.zope.org/pipermail/zope-announce/2010-September/002247.html"
},
{
"name" : "http://www.zope.org/Products/Zope/2.10.12/CHANGES.txt",
"refsource" : "CONFIRM",
"url" : "http://www.zope.org/Products/Zope/2.10.12/CHANGES.txt"
},
{
"name" : "http://www.zope.org/Products/Zope/2.11.7/CHANGES.txt",
"refsource" : "CONFIRM",
"url" : "http://www.zope.org/Products/Zope/2.11.7/CHANGES.txt"
},
{
"name" : "https://bugs.launchpad.net/zope2/+bug/627988",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/zope2/+bug/627988"
},
{
"name" : "42939",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/42939"
},
{
"name" : "ADV-2010-2275",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2275"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to cause a denial of service (crash of worker threads) via vectors that trigger uncaught exceptions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zope.org/Products/Zope/2.10.12/CHANGES.txt",
"refsource": "CONFIRM",
"url": "http://www.zope.org/Products/Zope/2.10.12/CHANGES.txt"
},
{
"name": "ADV-2010-2275",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2275"
},
{
"name": "[zope-announce] 20100901 Annoucement: Zope 2.10.12 and 2.11.7 Released",
"refsource": "MLIST",
"url": "https://mail.zope.org/pipermail/zope-announce/2010-September/002247.html"
},
{
"name": "http://www.zope.org/Products/Zope/2.11.7/CHANGES.txt",
"refsource": "CONFIRM",
"url": "http://www.zope.org/Products/Zope/2.11.7/CHANGES.txt"
},
{
"name": "42939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42939"
},
{
"name": "https://bugs.launchpad.net/zope2/+bug/627988",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/zope2/+bug/627988"
}
]
}
}

180
2010/3xxx/CVE-2010-3752.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3752",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in (1) cisco_dns_info or (2) cisco_domain_info data in a packet, a different vulnerability than CVE-2010-3302."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.openswan.org/download/CVE-2010-3302/CVE-2010-3302.txt",
"refsource" : "CONFIRM",
"url" : "http://www.openswan.org/download/CVE-2010-3302/CVE-2010-3302.txt"
},
{
"name" : "http://www.openswan.org/download/CVE-2010-3302/openswan-2.6.25-CVE-2010-3302.patch",
"refsource" : "CONFIRM",
"url" : "http://www.openswan.org/download/CVE-2010-3302/openswan-2.6.25-CVE-2010-3302.patch"
},
{
"name" : "http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch",
"refsource" : "CONFIRM",
"url" : "http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch"
},
{
"name" : "RHSA-2010:0892",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0892.html"
},
{
"name" : "43588",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43588"
},
{
"name" : "1024749",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024749"
},
{
"name" : "ADV-2010-2526",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2526"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in (1) cisco_dns_info or (2) cisco_domain_info data in a packet, a different vulnerability than CVE-2010-3302."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-2526",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2526"
},
{
"name": "http://www.openswan.org/download/CVE-2010-3302/CVE-2010-3302.txt",
"refsource": "CONFIRM",
"url": "http://www.openswan.org/download/CVE-2010-3302/CVE-2010-3302.txt"
},
{
"name": "43588",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43588"
},
{
"name": "RHSA-2010:0892",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0892.html"
},
{
"name": "1024749",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024749"
},
{
"name": "http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch",
"refsource": "CONFIRM",
"url": "http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch"
},
{
"name": "http://www.openswan.org/download/CVE-2010-3302/openswan-2.6.25-CVE-2010-3302.patch",
"refsource": "CONFIRM",
"url": "http://www.openswan.org/download/CVE-2010-3302/openswan-2.6.25-CVE-2010-3302.patch"
}
]
}
}

180
2010/4xxx/CVE-2010-4278.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4278",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the layout parameter in an operation/agentes/networkmap action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101130 Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/514939/100/0/threaded"
},
{
"name" : "15640",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15640"
},
{
"name" : "20101130 Pandora FMS Authentication Bypass and Multiple\tInput Validation Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2010/Nov/326"
},
{
"name" : "http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download"
},
{
"name" : "45112",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45112"
},
{
"name" : "69550",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/69550"
},
{
"name" : "42347",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42347"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the layout parameter in an operation/agentes/networkmap action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42347",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42347"
},
{
"name": "20101130 Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514939/100/0/threaded"
},
{
"name": "69550",
"refsource": "OSVDB",
"url": "http://osvdb.org/69550"
},
{
"name": "15640",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15640"
},
{
"name": "http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download"
},
{
"name": "45112",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45112"
},
{
"name": "20101130 Pandora FMS Authentication Bypass and Multiple\tInput Validation Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2010/Nov/326"
}
]
}
}

130
2010/4xxx/CVE-2010-4563.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4563",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110415 Another Microsoft (and other) IPv6 security issue: sniffer detection",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2011/Apr/254"
},
{
"name" : "[dailydave] 20110415 Another Microsoft (and other) IPv6 security issue: sniffer detection",
"refsource" : "MLIST",
"url" : "http://seclists.org/dailydave/2011/q2/25"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110415 Another Microsoft (and other) IPv6 security issue: sniffer detection",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2011/Apr/254"
},
{
"name": "[dailydave] 20110415 Another Microsoft (and other) IPv6 security issue: sniffer detection",
"refsource": "MLIST",
"url": "http://seclists.org/dailydave/2011/q2/25"
}
]
}
}

130
2010/4xxx/CVE-2010-4765.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4765",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the Kernel::System::Main::FileWrite method in Open Ticket Request System (OTRS) before 2.4.8 allows remote authenticated users to corrupt the TicketCounter.log data in opportunistic circumstances by creating tickets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.otrs.org/show_bug.cgi?id=4936",
"refsource" : "CONFIRM",
"url" : "http://bugs.otrs.org/show_bug.cgi?id=4936"
},
{
"name" : "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource" : "CONFIRM",
"url" : "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the Kernel::System::Main::FileWrite method in Open Ticket Request System (OTRS) before 2.4.8 allows remote authenticated users to corrupt the TicketCounter.log data in opportunistic circumstances by creating tickets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=4936",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=4936"
},
{
"name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource": "CONFIRM",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}
}

190
2010/4xxx/CVE-2010-4977.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4977",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in menu.php in the Canteen (com_canteen) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100704 Canteen Joomla Component 1.0 Multiple Remote Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/512170/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.org/1007-exploits/joomlacanteen-lfisql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1007-exploits/joomlacanteen-lfisql.txt"
},
{
"name" : "http://www.salvatorefresta.net/files/adv/Canteen%20Joomla%20Component%201.0%20Multiple%20Remote%20Vulnerabilities-04072010.txt",
"refsource" : "MISC",
"url" : "http://www.salvatorefresta.net/files/adv/Canteen%20Joomla%20Component%201.0%20Multiple%20Remote%20Vulnerabilities-04072010.txt"
},
{
"name" : "41358",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41358"
},
{
"name" : "66031",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/66031"
},
{
"name" : "40503",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40503"
},
{
"name" : "8495",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8495"
},
{
"name" : "canteencom-index-sql-injection(60103)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60103"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in menu.php in the Canteen (com_canteen) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8495",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8495"
},
{
"name": "http://www.salvatorefresta.net/files/adv/Canteen%20Joomla%20Component%201.0%20Multiple%20Remote%20Vulnerabilities-04072010.txt",
"refsource": "MISC",
"url": "http://www.salvatorefresta.net/files/adv/Canteen%20Joomla%20Component%201.0%20Multiple%20Remote%20Vulnerabilities-04072010.txt"
},
{
"name": "66031",
"refsource": "OSVDB",
"url": "http://osvdb.org/66031"
},
{
"name": "20100704 Canteen Joomla Component 1.0 Multiple Remote Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/512170/100/0/threaded"
},
{
"name": "canteencom-index-sql-injection(60103)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60103"
},
{
"name": "40503",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40503"
},
{
"name": "http://packetstormsecurity.org/1007-exploits/joomlacanteen-lfisql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1007-exploits/joomlacanteen-lfisql.txt"
},
{
"name": "41358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41358"
}
]
}
}

120
2014/0xxx/CVE-2014-0317.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0317",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Security Account Manager Remote (SAMR) protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine the user-lockout state, which makes it easier for remote attackers to bypass the account lockout policy and obtain access via a brute-force attack, aka \"SAMR Security Feature Bypass Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-0317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-016",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-016"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Security Account Manager Remote (SAMR) protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine the user-lockout state, which makes it easier for remote attackers to bypass the account lockout policy and obtain access via a brute-force attack, aka \"SAMR Security Feature Bypass Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS14-016",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-016"
}
]
}
}

270
2014/0xxx/CVE-2014-0393.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0393",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-0393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name" : "DSA-2845",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2845"
},
{
"name" : "DSA-2848",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2848"
},
{
"name" : "GLSA-201409-04",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201409-04.xml"
},
{
"name" : "RHSA-2014:0164",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0164.html"
},
{
"name" : "RHSA-2014:0173",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0173.html"
},
{
"name" : "RHSA-2014:0186",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0186.html"
},
{
"name" : "RHSA-2014:0189",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0189.html"
},
{
"name" : "USN-2086-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-2086-1"
},
{
"name" : "64758",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64758"
},
{
"name" : "64877",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64877"
},
{
"name" : "102075",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102075"
},
{
"name" : "56491",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56491"
},
{
"name" : "56541",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56541"
},
{
"name" : "56580",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56580"
},
{
"name" : "oracle-cpujan2014-cve20140393(90386)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90386"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2086-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2086-1"
},
{
"name": "DSA-2845",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2845"
},
{
"name": "56491",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56491"
},
{
"name": "RHSA-2014:0186",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0186.html"
},
{
"name": "56541",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56541"
},
{
"name": "DSA-2848",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2848"
},
{
"name": "56580",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56580"
},
{
"name": "64877",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64877"
},
{
"name": "RHSA-2014:0173",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0173.html"
},
{
"name": "RHSA-2014:0189",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0189.html"
},
{
"name": "RHSA-2014:0164",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0164.html"
},
{
"name": "oracle-cpujan2014-cve20140393(90386)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90386"
},
{
"name": "64758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64758"
},
{
"name": "102075",
"refsource": "OSVDB",
"url": "http://osvdb.org/102075"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name": "GLSA-201409-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201409-04.xml"
}
]
}
}

180
2014/0xxx/CVE-2014-0662.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0662",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SIP module in Cisco TelePresence Video Communication Server (VCS) before 8.1 allows remote attackers to cause a denial of service (process failure) via a crafted SDP message, aka Bug ID CSCue97632."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-0662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=32409",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=32409"
},
{
"name" : "20140122 Cisco TelePresence Video Communication Server SIP Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-vcs"
},
{
"name" : "65076",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65076"
},
{
"name" : "102363",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102363"
},
{
"name" : "1029655",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029655"
},
{
"name" : "56592",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56592"
},
{
"name" : "cisco-vcs-cve20140662-dos(90621)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90621"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SIP module in Cisco TelePresence Video Communication Server (VCS) before 8.1 allows remote attackers to cause a denial of service (process failure) via a crafted SDP message, aka Bug ID CSCue97632."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=32409",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=32409"
},
{
"name": "65076",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65076"
},
{
"name": "20140122 Cisco TelePresence Video Communication Server SIP Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-vcs"
},
{
"name": "102363",
"refsource": "OSVDB",
"url": "http://osvdb.org/102363"
},
{
"name": "1029655",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029655"
},
{
"name": "56592",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56592"
},
{
"name": "cisco-vcs-cve20140662-dos(90621)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90621"
}
]
}
}

140
2014/10xxx/CVE-2014-10004.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-10004",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-10004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/124918",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/124918"
},
{
"name" : "102488",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102488"
},
{
"name" : "maian-uploader-move-sql-injection(90715)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90715"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102488",
"refsource": "OSVDB",
"url": "http://osvdb.org/102488"
},
{
"name": "maian-uploader-move-sql-injection(90715)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90715"
},
{
"name": "http://packetstormsecurity.com/files/124918",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124918"
}
]
}
}

120
2014/4xxx/CVE-2014-4017.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4017",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Conversion Ninja plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/126781/WordPress-Conversion-Ninja-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/126781/WordPress-Conversion-Ninja-Cross-Site-Scripting.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Conversion Ninja plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/126781/WordPress-Conversion-Ninja-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126781/WordPress-Conversion-Ninja-Cross-Site-Scripting.html"
}
]
}
}

34
2014/4xxx/CVE-2014-4360.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4360",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-4360",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

130
2014/4xxx/CVE-2014-4645.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4645",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DSL-2760U-E1 allows remote attackers to inject arbitrary web script or HTML via a hostname."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "33822",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/33822"
},
{
"name" : "68144",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68144"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DSL-2760U-E1 allows remote attackers to inject arbitrary web script or HTML via a hostname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33822",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/33822"
},
{
"name": "68144",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68144"
}
]
}
}

190
2014/4xxx/CVE-2014-4977.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4977",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "39836",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/39836/"
},
{
"name" : "20140710 Dell Scrutinizer 11.01 multiple vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Jul/44"
},
{
"name" : "http://packetstormsecurity.com/files/127429/Dell-Sonicwall-Scrutinizer-11.01-Code-Execution-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127429/Dell-Sonicwall-Scrutinizer-11.01-Code-Execution-SQL-Injection.html"
},
{
"name" : "https://gist.github.com/brandonprry/36b4b8df1cde279a9305",
"refsource" : "MISC",
"url" : "https://gist.github.com/brandonprry/36b4b8df1cde279a9305"
},
{
"name" : "https://gist.github.com/brandonprry/76741d9a0d4f518fe297",
"refsource" : "MISC",
"url" : "https://gist.github.com/brandonprry/76741d9a0d4f518fe297"
},
{
"name" : "http://packetstormsecurity.com/files/137098/Dell-SonicWALL-Scrutinizer-11.01-methodDetail-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/137098/Dell-SonicWALL-Scrutinizer-11.01-methodDetail-SQL-Injection.html"
},
{
"name" : "68495",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68495"
},
{
"name" : "dell-scrutinizer-admin-sql-injection(94439)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94439"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39836",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39836/"
},
{
"name": "20140710 Dell Scrutinizer 11.01 multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jul/44"
},
{
"name": "http://packetstormsecurity.com/files/137098/Dell-SonicWALL-Scrutinizer-11.01-methodDetail-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/137098/Dell-SonicWALL-Scrutinizer-11.01-methodDetail-SQL-Injection.html"
},
{
"name": "http://packetstormsecurity.com/files/127429/Dell-Sonicwall-Scrutinizer-11.01-Code-Execution-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127429/Dell-Sonicwall-Scrutinizer-11.01-Code-Execution-SQL-Injection.html"
},
{
"name": "dell-scrutinizer-admin-sql-injection(94439)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94439"
},
{
"name": "68495",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68495"
},
{
"name": "https://gist.github.com/brandonprry/36b4b8df1cde279a9305",
"refsource": "MISC",
"url": "https://gist.github.com/brandonprry/36b4b8df1cde279a9305"
},
{
"name": "https://gist.github.com/brandonprry/76741d9a0d4f518fe297",
"refsource": "MISC",
"url": "https://gist.github.com/brandonprry/76741d9a0d4f518fe297"
}
]
}
}

120
2014/8xxx/CVE-2014-8572.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2014-8572",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "AC6605,AC6605,ACU,S2300, S3300,S2700, S3700,S5300, S5700,S6300, S6700,S7700, S9300,S9300E, S9700, AC6605 AC6605 V200R001C00, AC6605 V200R002C00,ACU ACU V200R001C00, ACU V200R002C00,S2300, S3300, V100R006C05 and earlier versions,S2700, S3700,S5300, S5700, V100R006,?S6300, S6700 V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions,S7700, S9300, V100R006,S9300E, S9700 V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions,",
"version" : {
"version_data" : [
{
"version_value" : "AC6605,AC6605,ACU,S2300, S3300,S2700, S3700,S5300, S5700,S6300, S6700,S7700, S9300,S9300E, S9700, AC6605 AC6605 V200R001C00, AC6605 V200R002C00,ACU ACU V200R001C00, ACU V200R002C00,S2300, S3300, V100R006C05 and earlier versions,S2700, S3700,S5300, S5700, V100R006,?S6300, S6700 V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions,S7700, S9300, V100R006,S9300E, S9700 V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions,"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei AC6605 with software V200R001C00; AC6605 with software V200R002C00; ACU with software V200R001C00; ACU with software V200R002C00; S2300, S3300, S2700, S3700 with software V100R006C05 and earlier versions; S5300, S5700, S6300, S6700 with software V100R006, V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions; S7700, S9300, S9300E, S9700 with software V100R006, V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions could allow remote attackers to send a special SSH packet to the VRP device to cause a denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SSH Denial of Service"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2014-8572",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AC6605,AC6605,ACU,S2300, S3300,S2700, S3700,S5300, S5700,S6300, S6700,S7700, S9300,S9300E, S9700, AC6605 AC6605 V200R001C00, AC6605 V200R002C00,ACU ACU V200R001C00, ACU V200R002C00,S2300, S3300, V100R006C05 and earlier versions,S2700, S3700,S5300, S5700, V100R006,?S6300, S6700 V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions,S7700, S9300, V100R006,S9300E, S9700 V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions,",
"version": {
"version_data": [
{
"version_value": "AC6605,AC6605,ACU,S2300, S3300,S2700, S3700,S5300, S5700,S6300, S6700,S7700, S9300,S9300E, S9700, AC6605 AC6605 V200R001C00, AC6605 V200R002C00,ACU ACU V200R001C00, ACU V200R002C00,S2300, S3300, V100R006C05 and earlier versions,S2700, S3700,S5300, S5700, V100R006,?S6300, S6700 V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions,S7700, S9300, V100R006,S9300E, S9700 V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions,"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/hw-373182",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/hw-373182"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei AC6605 with software V200R001C00; AC6605 with software V200R002C00; ACU with software V200R001C00; ACU with software V200R002C00; S2300, S3300, S2700, S3700 with software V100R006C05 and earlier versions; S5300, S5700, S6300, S6700 with software V100R006, V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions; S7700, S9300, S9300E, S9700 with software V100R006, V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions could allow remote attackers to send a special SSH packet to the VRP device to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SSH Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/hw-373182",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-373182"
}
]
}
}

34
2014/8xxx/CVE-2014-8785.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8785",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8785",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2014/8xxx/CVE-2014-8828.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8828",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Sandbox in Apple OS X before 10.10 allows attackers to write to the sandbox-profile cache via a sandboxed app that includes a com.apple.sandbox segment in a path."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-8828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/HT204244",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/HT204244"
},
{
"name" : "APPLE-SA-2015-01-27-4",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
},
{
"name" : "1031650",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031650"
},
{
"name" : "macosx-cve20148828-sec-bypass(100522)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100522"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sandbox in Apple OS X before 10.10 allows attackers to write to the sandbox-profile cache via a sandboxed app that includes a com.apple.sandbox segment in a path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031650",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031650"
},
{
"name": "http://support.apple.com/HT204244",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204244"
},
{
"name": "APPLE-SA-2015-01-27-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
},
{
"name": "macosx-cve20148828-sec-bypass(100522)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100522"
}
]
}
}

160
2014/8xxx/CVE-2014-8889.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8889",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-8889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150311 Vulnerability in the Dropbox SDK for Android (CVE-2014-8889)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534843/100/1500/threaded"
},
{
"name" : "20150311 Vulnerability in the Dropbox SDK for Android (CVE-2014-8889)",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Mar/61"
},
{
"name" : "http://packetstormsecurity.com/files/130767/Dropbox-SDK-For-Android-Remote-Exploitation.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/130767/Dropbox-SDK-For-Android-Remote-Exploitation.html"
},
{
"name" : "https://securityintelligence.com/droppedin-remotely-exploitable-vulnerability-in-the-dropbox-sdk-for-android/",
"refsource" : "MISC",
"url" : "https://securityintelligence.com/droppedin-remotely-exploitable-vulnerability-in-the-dropbox-sdk-for-android/"
},
{
"name" : "73035",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/73035"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "73035",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73035"
},
{
"name": "20150311 Vulnerability in the Dropbox SDK for Android (CVE-2014-8889)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534843/100/1500/threaded"
},
{
"name": "https://securityintelligence.com/droppedin-remotely-exploitable-vulnerability-in-the-dropbox-sdk-for-android/",
"refsource": "MISC",
"url": "https://securityintelligence.com/droppedin-remotely-exploitable-vulnerability-in-the-dropbox-sdk-for-android/"
},
{
"name": "http://packetstormsecurity.com/files/130767/Dropbox-SDK-For-Android-Remote-Exploitation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130767/Dropbox-SDK-For-Android-Remote-Exploitation.html"
},
{
"name": "20150311 Vulnerability in the Dropbox SDK for Android (CVE-2014-8889)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Mar/61"
}
]
}
}

420
2014/9xxx/CVE-2014-9130.json
View File

@ -1,212 +1,212 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9130",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141128 Re: libyaml / YAML-LibYAML DoS",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/11/28/8"
},
{
"name" : "[oss-security] 20141128 libyaml / YAML-LibYAML DoS",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/11/28/1"
},
{
"name" : "[oss-security] 20141129 Re: Re: libyaml / YAML-LibYAML DoS",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/11/29/3"
},
{
"name" : "https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure",
"refsource" : "MISC",
"url" : "https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure"
},
{
"name" : "https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2",
"refsource" : "CONFIRM",
"url" : "https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2015-0100.html",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2015-0100.html"
},
{
"name" : "http://advisories.mageia.org/MGASA-2014-0508.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2014-0508.html"
},
{
"name" : "https://puppet.com/security/cve/cve-2014-9130",
"refsource" : "CONFIRM",
"url" : "https://puppet.com/security/cve/cve-2014-9130"
},
{
"name" : "DSA-3102",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3102"
},
{
"name" : "DSA-3103",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3103"
},
{
"name" : "DSA-3115",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3115"
},
{
"name" : "MDVSA-2014:242",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:242"
},
{
"name" : "MDVSA-2015:060",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"
},
{
"name" : "RHSA-2015:0100",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0100.html"
},
{
"name" : "RHSA-2015:0112",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0112.html"
},
{
"name" : "RHSA-2015:0260",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0260.html"
},
{
"name" : "openSUSE-SU-2015:0319",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"
},
{
"name" : "openSUSE-SU-2016:1067",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"
},
{
"name" : "USN-2461-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2461-1"
},
{
"name" : "USN-2461-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2461-2"
},
{
"name" : "USN-2461-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2461-3"
},
{
"name" : "71349",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71349"
},
{
"name" : "59947",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59947"
},
{
"name" : "60944",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60944"
},
{
"name" : "62705",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62705"
},
{
"name" : "62723",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62723"
},
{
"name" : "62774",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62774"
},
{
"name" : "62164",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62164"
},
{
"name" : "62174",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62174"
},
{
"name" : "62176",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62176"
},
{
"name" : "libyaml-cve20149130-dos(99047)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99047"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62705",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62705"
},
{
"name": "https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2"
},
{
"name": "71349",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71349"
},
{
"name": "DSA-3102",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3102"
},
{
"name": "62174",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62174"
},
{
"name": "RHSA-2015:0112",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0112.html"
},
{
"name": "[oss-security] 20141128 libyaml / YAML-LibYAML DoS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/11/28/1"
},
{
"name": "MDVSA-2015:060",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"
},
{
"name": "USN-2461-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2461-3"
},
{
"name": "DSA-3115",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3115"
},
{
"name": "openSUSE-SU-2015:0319",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"
},
{
"name": "[oss-security] 20141129 Re: Re: libyaml / YAML-LibYAML DoS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/11/29/3"
},
{
"name": "62774",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62774"
},
{
"name": "[oss-security] 20141128 Re: libyaml / YAML-LibYAML DoS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/11/28/8"
},
{
"name": "RHSA-2015:0260",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0260.html"
},
{
"name": "62723",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62723"
},
{
"name": "USN-2461-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2461-1"
},
{
"name": "https://puppet.com/security/cve/cve-2014-9130",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/cve-2014-9130"
},
{
"name": "USN-2461-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2461-2"
},
{
"name": "62176",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62176"
},
{
"name": "https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure",
"refsource": "MISC",
"url": "https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure"
},
{
"name": "MDVSA-2014:242",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:242"
},
{
"name": "DSA-3103",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3103"
},
{
"name": "60944",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60944"
},
{
"name": "openSUSE-SU-2016:1067",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"
},
{
"name": "62164",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62164"
},
{
"name": "libyaml-cve20149130-dos(99047)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99047"
},
{
"name": "RHSA-2015:0100",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0100.html"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2015-0100.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2015-0100.html"
},
{
"name": "59947",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59947"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0508.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0508.html"
}
]
}
}

34
2014/9xxx/CVE-2014-9289.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9289",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-9289",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

140
2014/9xxx/CVE-2014-9445.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9445",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks by creating a file that generates an error. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "35584",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/35584"
},
{
"name" : "gqfilemanager-editinc-xss(99365)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99365"
},
{
"name" : "gqfilemanager-index-sql-injection(99366)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99366"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks by creating a file that generates an error. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "gqfilemanager-index-sql-injection(99366)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99366"
},
{
"name": "35584",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35584"
},
{
"name": "gqfilemanager-editinc-xss(99365)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99365"
}
]
}
}

34
2014/9xxx/CVE-2014-9617.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9617",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9617",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2014/9xxx/CVE-2014-9930.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2014-9930",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "All Qualcomm products",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In WCDMA in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use After Free Vulnerability in WCDMA"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2014-9930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All Qualcomm products",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-05-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-05-01"
},
{
"name" : "98323",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98323"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In WCDMA in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free Vulnerability in WCDMA"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-05-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-05-01"
},
{
"name": "98323",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98323"
}
]
}
}

130
2014/9xxx/CVE-2014-9946.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2014-9946",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "All Qualcomm products",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Core Kernel in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use After Free Vulnerability in Core Kernel"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2014-9946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All Qualcomm products",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-05-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-05-01"
},
{
"name" : "98247",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98247"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Core Kernel in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free Vulnerability in Core Kernel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-05-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-05-01"
},
{
"name": "98247",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98247"
}
]
}
}

130
2016/2xxx/CVE-2016-2219.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2219",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the management interface in Palo Alto Networks PAN-OS 7.x before 7.0.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/42",
"refsource" : "CONFIRM",
"url" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/42"
},
{
"name" : "1036192",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036192"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the management interface in Palo Alto Networks PAN-OS 7.x before 7.0.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036192",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036192"
},
{
"name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/42",
"refsource": "CONFIRM",
"url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/42"
}
]
}
}

34
2016/3xxx/CVE-2016-3122.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3122",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3122",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

370
2016/3xxx/CVE-2016-3156.json
View File

@ -1,187 +1,187 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3156",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160315 CVE request: ipv4: Don't do expensive useless work during inetdev destroy",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/03/15/3"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbd40ea0180a2d328c5adc61414dc8bab9335ce2",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbd40ea0180a2d328c5adc61414dc8bab9335ce2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1318172",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1318172"
},
{
"name" : "https://github.com/torvalds/linux/commit/fbd40ea0180a2d328c5adc61414dc8bab9335ce2",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/fbd40ea0180a2d328c5adc61414dc8bab9335ce2"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"name" : "DSA-3607",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3607"
},
{
"name" : "RHSA-2016:2574",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
},
{
"name" : "RHSA-2016:2584",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
},
{
"name" : "SUSE-SU-2016:1672",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name" : "SUSE-SU-2016:1690",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name" : "SUSE-SU-2016:1707",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name" : "SUSE-SU-2016:1764",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name" : "SUSE-SU-2016:2074",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name" : "openSUSE-SU-2016:1382",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name" : "SUSE-SU-2016:1019",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
},
{
"name" : "USN-2996-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name" : "USN-2997-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name" : "USN-2968-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name" : "USN-2968-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"name" : "USN-2969-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2969-1"
},
{
"name" : "USN-2970-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"name" : "USN-2971-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name" : "USN-2971-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name" : "USN-2971-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name" : "84428",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/84428"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2971-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1318172",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1318172"
},
{
"name": "USN-2970-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbd40ea0180a2d328c5adc61414dc8bab9335ce2",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbd40ea0180a2d328c5adc61414dc8bab9335ce2"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "USN-2969-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2969-1"
},
{
"name": "USN-2968-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "RHSA-2016:2584",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
},
{
"name": "RHSA-2016:2574",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
},
{
"name": "USN-2971-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-2971-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name": "SUSE-SU-2016:1707",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "SUSE-SU-2016:1019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
},
{
"name": "USN-2968-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"name": "openSUSE-SU-2016:1382",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name": "84428",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84428"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"name": "[oss-security] 20160315 CVE request: ipv4: Don't do expensive useless work during inetdev destroy",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/03/15/3"
},
{
"name": "https://github.com/torvalds/linux/commit/fbd40ea0180a2d328c5adc61414dc8bab9335ce2",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/fbd40ea0180a2d328c5adc61414dc8bab9335ce2"
}
]
}
}

140
2016/3xxx/CVE-2016-3216.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3216",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka \"Windows Graphics Component Information Disclosure Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "39990",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/39990/"
},
{
"name" : "MS16-074",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-074"
},
{
"name" : "1036101",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036101"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka \"Windows Graphics Component Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-074",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-074"
},
{
"name": "39990",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39990/"
},
{
"name": "1036101",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036101"
}
]
}
}

150
2016/3xxx/CVE-2016-3371.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3371",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 does not properly enforce permissions, which allows local users to obtain sensitive information via a crafted application, aka \"Windows Kernel Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "40429",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40429/"
},
{
"name" : "MS16-111",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-111"
},
{
"name" : "92814",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92814"
},
{
"name" : "1036802",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036802"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 does not properly enforce permissions, which allows local users to obtain sensitive information via a crafted application, aka \"Windows Kernel Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-111",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-111"
},
{
"name": "1036802",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036802"
},
{
"name": "92814",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92814"
},
{
"name": "40429",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40429/"
}
]
}
}

130
2016/3xxx/CVE-2016-3997.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3997",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement in its default state."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1006063",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1006063"
},
{
"name" : "https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products",
"refsource" : "CONFIRM",
"url" : "https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement in its default state."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1006063",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1006063"
},
{
"name": "https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products",
"refsource": "CONFIRM",
"url": "https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products"
}
]
}
}

178
2016/6xxx/CVE-2016-6114.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-07-10T00:00:00",
"ID" : "CVE-2016-6114",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Emptoris Sourcing",
"version" : {
"version_data" : [
{
"version_value" : " 9.5"
},
{
"version_value" : "10.0.0"
},
{
"version_value" : "10.0.1"
},
{
"version_value" : "10.0.2"
},
{
"version_value" : "10.0.4"
},
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118352."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-07-10T00:00:00",
"ID": "CVE-2016-6114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Sourcing",
"version": {
"version_data": [
{
"version_value": " 9.5"
},
{
"version_value": "10.0.0"
},
{
"version_value": "10.0.1"
},
{
"version_value": "10.0.2"
},
{
"version_value": "10.0.4"
},
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/118352",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/118352"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22005549",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22005549"
},
{
"name" : "99545",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99545"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118352."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22005549",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118352",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118352"
},
{
"name": "99545",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99545"
}
]
}
}

190
2016/6xxx/CVE-2016-6225.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6225",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.launchpad.net/percona-xtrabackup/+bug/1643949",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/percona-xtrabackup/+bug/1643949"
},
{
"name" : "https://github.com/percona/percona-xtrabackup/pull/266",
"refsource" : "CONFIRM",
"url" : "https://github.com/percona/percona-xtrabackup/pull/266"
},
{
"name" : "https://github.com/percona/percona-xtrabackup/pull/267",
"refsource" : "CONFIRM",
"url" : "https://github.com/percona/percona-xtrabackup/pull/267"
},
{
"name" : "https://www.percona.com/blog/2017/01/12/cve-2016-6225-percona-xtrabackup-encryption-iv-not-set-properly/",
"refsource" : "CONFIRM",
"url" : "https://www.percona.com/blog/2017/01/12/cve-2016-6225-percona-xtrabackup-encryption-iv-not-set-properly/"
},
{
"name" : "FEDORA-2017-5a823376be",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBVCP6KLFVGG6HSGLHLTMZRD6C4IJSZP/"
},
{
"name" : "FEDORA-2017-6382ea8d57",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAHI6ETS22FJCMLW7A6SICFKQXF5G2VI/"
},
{
"name" : "openSUSE-SU-2017:0250",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2017-01/msg00125.html"
},
{
"name" : "openSUSE-SU-2017:0251",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2017-01/msg00126.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/percona/percona-xtrabackup/pull/267",
"refsource": "CONFIRM",
"url": "https://github.com/percona/percona-xtrabackup/pull/267"
},
{
"name": "openSUSE-SU-2017:0251",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00126.html"
},
{
"name": "openSUSE-SU-2017:0250",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00125.html"
},
{
"name": "https://bugs.launchpad.net/percona-xtrabackup/+bug/1643949",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/percona-xtrabackup/+bug/1643949"
},
{
"name": "FEDORA-2017-5a823376be",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBVCP6KLFVGG6HSGLHLTMZRD6C4IJSZP/"
},
{
"name": "https://github.com/percona/percona-xtrabackup/pull/266",
"refsource": "CONFIRM",
"url": "https://github.com/percona/percona-xtrabackup/pull/266"
},
{
"name": "FEDORA-2017-6382ea8d57",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAHI6ETS22FJCMLW7A6SICFKQXF5G2VI/"
},
{
"name": "https://www.percona.com/blog/2017/01/12/cve-2016-6225-percona-xtrabackup-encryption-iv-not-set-properly/",
"refsource": "CONFIRM",
"url": "https://www.percona.com/blog/2017/01/12/cve-2016-6225-percona-xtrabackup-encryption-iv-not-set-properly/"
}
]
}
}

140
2016/6xxx/CVE-2016-6432.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2016-6432",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco ASA Software before 9.6(2.1)",
"version" : {
"version_data" : [
{
"version_value" : "Cisco ASA Software before 9.6(2.1)"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the Identity Firewall feature of Cisco ASA Software before 9.6(2.1) could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending a crafted NetBIOS packet in response to a NetBIOS probe sent by the ASA software. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or cause a reload of the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 traffic."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unspecified"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco ASA Software before 9.6(2.1)",
"version": {
"version_data": [
{
"version_value": "Cisco ASA Software before 9.6(2.1)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-asa-idfw",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-asa-idfw"
},
{
"name" : "93784",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93784"
},
{
"name" : "1037059",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037059"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Identity Firewall feature of Cisco ASA Software before 9.6(2.1) could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending a crafted NetBIOS packet in response to a NetBIOS probe sent by the ASA software. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or cause a reload of the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-asa-idfw",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-asa-idfw"
},
{
"name": "1037059",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037059"
},
{
"name": "93784",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93784"
}
]
}
}

140
2016/7xxx/CVE-2016-7015.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7015",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-7015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
},
{
"name" : "93496",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93496"
},
{
"name" : "1036986",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036986"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036986",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036986"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
},
{
"name": "93496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93496"
}
]
}
}

210
2016/7xxx/CVE-2016-7129.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7129",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160902 Re: CVE assignment for PHP 5.6.25 and 7.0.10 - and libcurl",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2016/09/02/9"
},
{
"name" : "http://www.php.net/ChangeLog-5.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/ChangeLog-5.php"
},
{
"name" : "http://www.php.net/ChangeLog-7.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/ChangeLog-7.php"
},
{
"name" : "https://bugs.php.net/bug.php?id=72749",
"refsource" : "CONFIRM",
"url" : "https://bugs.php.net/bug.php?id=72749"
},
{
"name" : "https://github.com/php/php-src/commit/426aeb2808955ee3d3f52e0cfb102834cdb836a5?w=1",
"refsource" : "CONFIRM",
"url" : "https://github.com/php/php-src/commit/426aeb2808955ee3d3f52e0cfb102834cdb836a5?w=1"
},
{
"name" : "https://www.tenable.com/security/tns-2016-19",
"refsource" : "CONFIRM",
"url" : "https://www.tenable.com/security/tns-2016-19"
},
{
"name" : "GLSA-201611-22",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201611-22"
},
{
"name" : "RHSA-2016:2750",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"name" : "92758",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92758"
},
{
"name" : "1036680",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036680"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.php.net/ChangeLog-7.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-7.php"
},
{
"name": "GLSA-201611-22",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"name": "https://github.com/php/php-src/commit/426aeb2808955ee3d3f52e0cfb102834cdb836a5?w=1",
"refsource": "CONFIRM",
"url": "https://github.com/php/php-src/commit/426aeb2808955ee3d3f52e0cfb102834cdb836a5?w=1"
},
{
"name": "1036680",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036680"
},
{
"name": "RHSA-2016:2750",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "https://www.tenable.com/security/tns-2016-19",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-19"
},
{
"name": "[oss-security] 20160902 Re: CVE assignment for PHP 5.6.25 and 7.0.10 - and libcurl",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2016/09/02/9"
},
{
"name": "https://bugs.php.net/bug.php?id=72749",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=72749"
},
{
"name": "92758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92758"
}
]
}
}

140
2016/7xxx/CVE-2016-7570.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7570",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Drupal 8.x before 8.1.10 does not properly check for \"Administer comments\" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.drupal.org/SA-CORE-2016-004",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/SA-CORE-2016-004"
},
{
"name" : "93101",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93101"
},
{
"name" : "1036886",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036886"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Drupal 8.x before 8.1.10 does not properly check for \"Administer comments\" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/SA-CORE-2016-004",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/SA-CORE-2016-004"
},
{
"name": "93101",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93101"
},
{
"name": "1036886",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036886"
}
]
}
}

136
2016/8xxx/CVE-2016-8391.json
View File

@ -1,70 +1,70 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2016-8391",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Kernel-3.10"
},
{
"version_value" : "Kernel-3.18"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31253255. References: QC-CR#1072166."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-8391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Kernel-3.10"
},
{
"version_value": "Kernel-3.18"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2016-12-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2016-12-01.html"
},
{
"name" : "94681",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94681"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31253255. References: QC-CR#1072166."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2016-12-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-12-01.html"
},
{
"name": "94681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94681"
}
]
}
}

34
2016/8xxx/CVE-2016-8499.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8499",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-8499",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

160
2016/8xxx/CVE-2016-8695.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8695",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulnerability than CVE-2016-8694 and CVE-2016-8696."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160818 potrace: multiple crashes",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/08/18/11"
},
{
"name" : "[oss-security] 20161015 Re: potrace: multiple crashes",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/16/12"
},
{
"name" : "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/"
},
{
"name" : "http://potrace.sourceforge.net/ChangeLog",
"refsource" : "CONFIRM",
"url" : "http://potrace.sourceforge.net/ChangeLog"
},
{
"name" : "93778",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93778"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulnerability than CVE-2016-8694 and CVE-2016-8696."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93778",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93778"
},
{
"name": "[oss-security] 20161015 Re: potrace: multiple crashes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/16/12"
},
{
"name": "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/"
},
{
"name": "[oss-security] 20160818 potrace: multiple crashes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/08/18/11"
},
{
"name": "http://potrace.sourceforge.net/ChangeLog",
"refsource": "CONFIRM",
"url": "http://potrace.sourceforge.net/ChangeLog"
}
]
}
}