admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 07:03:32 +00:00
parent 9e96ebf537
commit 374441e79b
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
52 changed files with 4341 additions and 4341 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2006/1xxx/CVE-2006-1698.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1698",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) url, (2) city, (3) state, or (4) country parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that they are the result of post-disclosure analysis."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ADV-2006-1287",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1287"
},
{
"name" : "19586",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19586"
},
{
"name" : "guestbook-guestbook-parameters-xss(25697)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25697"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) url, (2) city, (3) state, or (4) country parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that they are the result of post-disclosure analysis."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19586",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19586"
},
{
"name": "guestbook-guestbook-parameters-xss(25697)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25697"
},
{
"name": "ADV-2006-1287",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1287"
}
]
}
}

160
2006/1xxx/CVE-2006-1826.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1826",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Snipe Gallery 3.1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gallery_id parameter in view.php, (2) keyword parameter in search.php, and (3) image_id parameter in image.php. NOTE: it is possible that vectors 1 and 3 are resultant from SQL injection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060415 Snipe Gallery <= 3.1.4 Multiple XSS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/431074/100/0/threaded"
},
{
"name" : "20060416 Re: Snipe Gallery <= 3.1.4 Multiple XSS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/431123/100/0/threaded"
},
{
"name" : "17543",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17543"
},
{
"name" : "1015947",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015947"
},
{
"name" : "snipe-view-image-xss(25803)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25803"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Snipe Gallery 3.1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gallery_id parameter in view.php, (2) keyword parameter in search.php, and (3) image_id parameter in image.php. NOTE: it is possible that vectors 1 and 3 are resultant from SQL injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060416 Re: Snipe Gallery <= 3.1.4 Multiple XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431123/100/0/threaded"
},
{
"name": "20060415 Snipe Gallery <= 3.1.4 Multiple XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431074/100/0/threaded"
},
{
"name": "17543",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17543"
},
{
"name": "1015947",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015947"
},
{
"name": "snipe-view-image-xss(25803)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25803"
}
]
}
}

150
2006/1xxx/CVE-2006-1846.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1846",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. In addition, it is unclear whether this issue is a vulnerability, since it is related to the user's personal menu, which presumably is not modifiable by others."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "16774",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16774"
},
{
"name" : "ADV-2006-0687",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0687"
},
{
"name" : "23431",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23431"
},
{
"name" : "18972",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18972"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. In addition, it is unclear whether this issue is a vulnerability, since it is related to the user's personal menu, which presumably is not modifiable by others."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18972",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18972"
},
{
"name": "ADV-2006-0687",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0687"
},
{
"name": "23431",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23431"
},
{
"name": "16774",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16774"
}
]
}
}

170
2006/5xxx/CVE-2006-5651.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5651",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "list.php in DigiOz Guestbook before 1.7.1 allows remote attackers to obtain sensitive information via a non-numeric page parameter, which displays the installation path in the resulting error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061107 DigiOz Guestbook version 1.7 Path Disclosure",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=116288079420333&w=2"
},
{
"name" : "20061107 DigiOz Guestbook version 1.7 Path Disclosure",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/450826/30/0/threaded"
},
{
"name" : "http://www.netvigilance.com/advisory0006",
"refsource" : "MISC",
"url" : "http://www.netvigilance.com/advisory0006"
},
{
"name" : "29985",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29985"
},
{
"name" : "1829",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1829"
},
{
"name" : "digiozguestbook-list-path-disclosure(30067)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30067"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "list.php in DigiOz Guestbook before 1.7.1 allows remote attackers to obtain sensitive information via a non-numeric page parameter, which displays the installation path in the resulting error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.netvigilance.com/advisory0006",
"refsource": "MISC",
"url": "http://www.netvigilance.com/advisory0006"
},
{
"name": "1829",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1829"
},
{
"name": "digiozguestbook-list-path-disclosure(30067)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30067"
},
{
"name": "20061107 DigiOz Guestbook version 1.7 Path Disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450826/30/0/threaded"
},
{
"name": "29985",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29985"
},
{
"name": "20061107 DigiOz Guestbook version 1.7 Path Disclosure",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=116288079420333&w=2"
}
]
}
}

190
2006/5xxx/CVE-2006-5735.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5735",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in include/common.php in PunBB before 1.2.14 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the language parameter, related to register.php storing a language value in the users table."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061030 Punbb <= 1.2.13 Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/450055/100/0/threaded"
},
{
"name" : "http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities",
"refsource" : "MISC",
"url" : "http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities"
},
{
"name" : "http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt",
"refsource" : "CONFIRM",
"url" : "http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt"
},
{
"name" : "ADV-2006-4256",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4256"
},
{
"name" : "30132",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/30132"
},
{
"name" : "1017131",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017131"
},
{
"name" : "22622",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22622"
},
{
"name" : "1824",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1824"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in include/common.php in PunBB before 1.2.14 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the language parameter, related to register.php storing a language value in the users table."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017131",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017131"
},
{
"name": "1824",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1824"
},
{
"name": "30132",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30132"
},
{
"name": "20061030 Punbb <= 1.2.13 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450055/100/0/threaded"
},
{
"name": "ADV-2006-4256",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4256"
},
{
"name": "http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities",
"refsource": "MISC",
"url": "http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities"
},
{
"name": "22622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22622"
},
{
"name": "http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt",
"refsource": "CONFIRM",
"url": "http://www.punbb.org/changelogs/1.2.13_to_1.2.14.txt"
}
]
}
}

150
2006/5xxx/CVE-2006-5812.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5812",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Kerio MailServer allows attackers to cause a denial of service, as demonstrated by vd_kms4.pm, a \"Kerio MailServer DoS.\" NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://gleg.net/vulndisco_meta.shtml",
"refsource" : "MISC",
"url" : "http://gleg.net/vulndisco_meta.shtml"
},
{
"name" : "1017171",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017171"
},
{
"name" : "22861",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22861"
},
{
"name" : "kerio-mailserver-dos(30145)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30145"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Kerio MailServer allows attackers to cause a denial of service, as demonstrated by vd_kms4.pm, a \"Kerio MailServer DoS.\" NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://gleg.net/vulndisco_meta.shtml",
"refsource": "MISC",
"url": "http://gleg.net/vulndisco_meta.shtml"
},
{
"name": "22861",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22861"
},
{
"name": "1017171",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017171"
},
{
"name": "kerio-mailserver-dos(30145)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30145"
}
]
}
}

200
2007/2xxx/CVE-2007-2684.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2684",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Jetbox CMS 2.1 allows remote attackers to obtain sensitive information via (1) a direct request to (a) main_page.php, (b) open_tree.php, and (c) outputs.php; (2) a malformed view parameter to index.php, as demonstrated with an SQL injection manipulation; or (3) the id[] parameter to admin/cms/opentree.php, which reveals the installation path in the resulting error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070521 Jetbox CMS version 2.1 Multiple Path Disclosure Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/469222/100/0/threaded"
},
{
"name" : "20070521 Jetbox CMS version 2.1 Multiple Path Disclosure Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=117974375029054&w=2"
},
{
"name" : "http://www.netvigilance.com/advisory0027",
"refsource" : "MISC",
"url" : "http://www.netvigilance.com/advisory0027"
},
{
"name" : "34783",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/34783"
},
{
"name" : "34787",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/34787"
},
{
"name" : "34788",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/34788"
},
{
"name" : "34789",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/34789"
},
{
"name" : "34790",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/34790"
},
{
"name" : "jetboxcms-multiple-path-disclosure(34385)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34385"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jetbox CMS 2.1 allows remote attackers to obtain sensitive information via (1) a direct request to (a) main_page.php, (b) open_tree.php, and (c) outputs.php; (2) a malformed view parameter to index.php, as demonstrated with an SQL injection manipulation; or (3) the id[] parameter to admin/cms/opentree.php, which reveals the installation path in the resulting error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34789",
"refsource": "OSVDB",
"url": "http://osvdb.org/34789"
},
{
"name": "34790",
"refsource": "OSVDB",
"url": "http://osvdb.org/34790"
},
{
"name": "http://www.netvigilance.com/advisory0027",
"refsource": "MISC",
"url": "http://www.netvigilance.com/advisory0027"
},
{
"name": "jetboxcms-multiple-path-disclosure(34385)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34385"
},
{
"name": "34788",
"refsource": "OSVDB",
"url": "http://osvdb.org/34788"
},
{
"name": "20070521 Jetbox CMS version 2.1 Multiple Path Disclosure Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=117974375029054&w=2"
},
{
"name": "20070521 Jetbox CMS version 2.1 Multiple Path Disclosure Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/469222/100/0/threaded"
},
{
"name": "34787",
"refsource": "OSVDB",
"url": "http://osvdb.org/34787"
},
{
"name": "34783",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/34783"
}
]
}
}

150
2007/6xxx/CVE-2007-6168.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6168",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in default.asp in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the username parameter, a different vector than CVE-2007-6143. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071121 [Aria-Security.Net] VU Case Manager \"Username/Password\" SQL Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/484019"
},
{
"name" : "26643",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26643"
},
{
"name" : "ADV-2007-3967",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3967"
},
{
"name" : "27779",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27779"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in default.asp in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the username parameter, a different vector than CVE-2007-6143. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-3967",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3967"
},
{
"name": "20071121 [Aria-Security.Net] VU Case Manager \"Username/Password\" SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484019"
},
{
"name": "26643",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26643"
},
{
"name": "27779",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27779"
}
]
}
}

210
2007/6xxx/CVE-2007-6381.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6381",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457446",
"refsource" : "MISC",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457446"
},
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-20071210-1/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-20071210-1/"
},
{
"name" : "DSA-1439",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2007/dsa-1439"
},
{
"name" : "26871",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26871"
},
{
"name" : "ADV-2007-4205",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4205"
},
{
"name" : "39506",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/39506"
},
{
"name" : "1019146",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1019146"
},
{
"name" : "27969",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27969"
},
{
"name" : "28243",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28243"
},
{
"name" : "typo3-indexedsearch-sql-injection(39017)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39017"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28243",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28243"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20071210-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20071210-1/"
},
{
"name": "ADV-2007-4205",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4205"
},
{
"name": "39506",
"refsource": "OSVDB",
"url": "http://osvdb.org/39506"
},
{
"name": "1019146",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019146"
},
{
"name": "26871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26871"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457446",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457446"
},
{
"name": "typo3-indexedsearch-sql-injection(39017)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39017"
},
{
"name": "27969",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27969"
},
{
"name": "DSA-1439",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1439"
}
]
}
}

170
2007/6xxx/CVE-2007-6567.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6567",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter in a page view action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071227 XZero Community Classifieds <= v4.95.11 LFI & SQL Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/485545/100/0/threaded"
},
{
"name" : "4794",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4794"
},
{
"name" : "http://en.rstzone.org/xzero-community-classifieds-v4-95-11-lfi-sql-in-t9394.rst",
"refsource" : "MISC",
"url" : "http://en.rstzone.org/xzero-community-classifieds-v4-95-11-lfi-sql-in-t9394.rst"
},
{
"name" : "27041",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27041"
},
{
"name" : "39741",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/39741"
},
{
"name" : "xzero-index-file-include(39260)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39260"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter in a page view action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39741",
"refsource": "OSVDB",
"url": "http://osvdb.org/39741"
},
{
"name": "http://en.rstzone.org/xzero-community-classifieds-v4-95-11-lfi-sql-in-t9394.rst",
"refsource": "MISC",
"url": "http://en.rstzone.org/xzero-community-classifieds-v4-95-11-lfi-sql-in-t9394.rst"
},
{
"name": "20071227 XZero Community Classifieds <= v4.95.11 LFI & SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485545/100/0/threaded"
},
{
"name": "xzero-index-file-include(39260)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39260"
},
{
"name": "4794",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4794"
},
{
"name": "27041",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27041"
}
]
}
}

120
2007/6xxx/CVE-2007-6744.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6744",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Flexera Macrovision InstallShield before 2008 sends a digital-signature password to an unintended application during certain signature operations involving .spc and .pvk files, which might allow local users to obtain sensitive information via unspecified vectors, related to an incorrect interaction between InstallShield and Signcode.exe."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Installation-InstallShield-InstallShield2008Premier-Public-ProductInfo-IS2008PremProReleaseNotes2pdf&sliceId=pdfPage_42",
"refsource" : "CONFIRM",
"url" : "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Installation-InstallShield-InstallShield2008Premier-Public-ProductInfo-IS2008PremProReleaseNotes2pdf&sliceId=pdfPage_42"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Flexera Macrovision InstallShield before 2008 sends a digital-signature password to an unintended application during certain signature operations involving .spc and .pvk files, which might allow local users to obtain sensitive information via unspecified vectors, related to an incorrect interaction between InstallShield and Signcode.exe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Installation-InstallShield-InstallShield2008Premier-Public-ProductInfo-IS2008PremProReleaseNotes2pdf&sliceId=pdfPage_42",
"refsource": "CONFIRM",
"url": "http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Installation-InstallShield-InstallShield2008Premier-Public-ProductInfo-IS2008PremProReleaseNotes2pdf&sliceId=pdfPage_42"
}
]
}
}

200
2010/0xxx/CVE-2010-0213.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0213",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside Validation (DLV), allows remote attackers to cause a denial of service (infinite loop) via a query for an RRSIG record whose answer is not in the cache, which causes BIND to repeatedly send RRSIG queries to the authoritative servers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2010-0213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.isc.org/software/bind/advisories/cve-2010-0213",
"refsource" : "CONFIRM",
"url" : "http://www.isc.org/software/bind/advisories/cve-2010-0213"
},
{
"name" : "FEDORA-2010-11344",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044445.html"
},
{
"name" : "SUSE-SR:2010:020",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html"
},
{
"name" : "VU#211905",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/211905"
},
{
"name" : "41730",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41730"
},
{
"name" : "1024217",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024217"
},
{
"name" : "40652",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40652"
},
{
"name" : "40709",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40709"
},
{
"name" : "ADV-2010-1884",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1884"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside Validation (DLV), allows remote attackers to cause a denial of service (infinite loop) via a query for an RRSIG record whose answer is not in the cache, which causes BIND to repeatedly send RRSIG queries to the authoritative servers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2010:020",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html"
},
{
"name": "41730",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41730"
},
{
"name": "1024217",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024217"
},
{
"name": "VU#211905",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/211905"
},
{
"name": "40709",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40709"
},
{
"name": "FEDORA-2010-11344",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044445.html"
},
{
"name": "40652",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40652"
},
{
"name": "ADV-2010-1884",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1884"
},
{
"name": "http://www.isc.org/software/bind/advisories/cve-2010-0213",
"refsource": "CONFIRM",
"url": "http://www.isc.org/software/bind/advisories/cve-2010-0213"
}
]
}
}

150
2010/0xxx/CVE-2010-0270.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0270",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka \"SMB Client Transaction Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-0270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS10-020",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020"
},
{
"name" : "TA10-103A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-103A.html"
},
{
"name" : "oval:org.mitre.oval:def:7164",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7164"
},
{
"name" : "39372",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39372"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka \"SMB Client Transaction Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:7164",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7164"
},
{
"name": "39372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39372"
},
{
"name": "MS10-020",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-020"
},
{
"name": "TA10-103A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-103A.html"
}
]
}
}

160
2010/0xxx/CVE-2010-0795.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0795",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the JE Event Calendars (com_jeeventcalendar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an event action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0795",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "11292",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/11292"
},
{
"name" : "38012",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38012"
},
{
"name" : "62038",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/62038"
},
{
"name" : "38408",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38408"
},
{
"name" : "jeeventcalendars-index-sql-injection(56008)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56008"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the JE Event Calendars (com_jeeventcalendar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an event action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62038",
"refsource": "OSVDB",
"url": "http://osvdb.org/62038"
},
{
"name": "11292",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11292"
},
{
"name": "38408",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38408"
},
{
"name": "38012",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38012"
},
{
"name": "jeeventcalendars-index-sql-injection(56008)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56008"
}
]
}
}

370
2010/1xxx/CVE-2010-1634.json
View File

@ -1,187 +1,187 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1634",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-1634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.python.org/issue8674",
"refsource" : "CONFIRM",
"url" : "http://bugs.python.org/issue8674"
},
{
"name" : "http://svn.python.org/view?rev=81045&view=rev",
"refsource" : "CONFIRM",
"url" : "http://svn.python.org/view?rev=81045&view=rev"
},
{
"name" : "http://svn.python.org/view?rev=81079&view=rev",
"refsource" : "CONFIRM",
"url" : "http://svn.python.org/view?rev=81079&view=rev"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=590690",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=590690"
},
{
"name" : "http://support.apple.com/kb/HT5002",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5002"
},
{
"name" : "APPLE-SA-2011-10-12-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name" : "FEDORA-2010-9652",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html"
},
{
"name" : "RHSA-2011:0027",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0027.html"
},
{
"name" : "SUSE-SR:2010:024",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name" : "SUSE-SR:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name" : "USN-1596-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1596-1"
},
{
"name" : "USN-1613-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1613-2"
},
{
"name" : "USN-1613-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1613-1"
},
{
"name" : "USN-1616-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1616-1"
},
{
"name" : "40370",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40370"
},
{
"name" : "39937",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39937"
},
{
"name" : "40194",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40194"
},
{
"name" : "42888",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42888"
},
{
"name" : "43068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43068"
},
{
"name" : "50858",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50858"
},
{
"name" : "51024",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51024"
},
{
"name" : "51040",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51040"
},
{
"name" : "51087",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51087"
},
{
"name" : "ADV-2010-1448",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1448"
},
{
"name" : "ADV-2011-0122",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0122"
},
{
"name" : "ADV-2011-0212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0212"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.python.org/issue8674",
"refsource": "CONFIRM",
"url": "http://bugs.python.org/issue8674"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "FEDORA-2010-9652",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html"
},
{
"name": "51087",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51087"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "USN-1616-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1616-1"
},
{
"name": "51040",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51040"
},
{
"name": "ADV-2010-1448",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1448"
},
{
"name": "50858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50858"
},
{
"name": "APPLE-SA-2011-10-12-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "ADV-2011-0122",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0122"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=590690",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=590690"
},
{
"name": "42888",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42888"
},
{
"name": "http://svn.python.org/view?rev=81045&view=rev",
"refsource": "CONFIRM",
"url": "http://svn.python.org/view?rev=81045&view=rev"
},
{
"name": "39937",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39937"
},
{
"name": "USN-1596-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1596-1"
},
{
"name": "40194",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40194"
},
{
"name": "RHSA-2011:0027",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0027.html"
},
{
"name": "USN-1613-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1613-2"
},
{
"name": "http://support.apple.com/kb/HT5002",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "SUSE-SR:2010:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "40370",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40370"
},
{
"name": "51024",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51024"
},
{
"name": "USN-1613-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1613-1"
},
{
"name": "http://svn.python.org/view?rev=81079&view=rev",
"refsource": "CONFIRM",
"url": "http://svn.python.org/view?rev=81079&view=rev"
}
]
}
}

170
2010/1xxx/CVE-2010-1636.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1636",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the btrfs functionality in the Linux kernel 2.6.29 through 2.6.32, and possibly other versions, does not ensure that a cloned file descriptor has been opened for reading, which allows local users to read sensitive information from a write-only file descriptor."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-1636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100518 Re: kernel: btrfs: check for read permission on src file in the clone ioctl",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/05/18/10"
},
{
"name" : "[oss-security] 20100518 kernel: btrfs: check for read permission on src file in the clone ioctl",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/05/18/2"
},
{
"name" : "[oss-security] 20100525 Re: kernel: btrfs: check for read permission on src file in the clone ioctl",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/05/25/8"
},
{
"name" : "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/579585",
"refsource" : "MISC",
"url" : "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/579585"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=5dc6416414fb3ec6e2825fd4d20c8bf1d7fe0395",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=5dc6416414fb3ec6e2825fd4d20c8bf1d7fe0395"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=593226",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=593226"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the btrfs functionality in the Linux kernel 2.6.29 through 2.6.32, and possibly other versions, does not ensure that a cloned file descriptor has been opened for reading, which allows local users to read sensitive information from a write-only file descriptor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/579585",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/579585"
},
{
"name": "[oss-security] 20100518 Re: kernel: btrfs: check for read permission on src file in the clone ioctl",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/05/18/10"
},
{
"name": "[oss-security] 20100518 kernel: btrfs: check for read permission on src file in the clone ioctl",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/05/18/2"
},
{
"name": "[oss-security] 20100525 Re: kernel: btrfs: check for read permission on src file in the clone ioctl",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/05/25/8"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=593226",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=593226"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=5dc6416414fb3ec6e2825fd4d20c8bf1d7fe0395",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=5dc6416414fb3ec6e2825fd4d20c8bf1d7fe0395"
}
]
}
}

270
2010/1xxx/CVE-2010-1975.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1975",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1975",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.postgresql.org/docs/current/static/release-7-4-29.html",
"refsource" : "CONFIRM",
"url" : "http://www.postgresql.org/docs/current/static/release-7-4-29.html"
},
{
"name" : "http://www.postgresql.org/docs/current/static/release-8-0-25.html",
"refsource" : "CONFIRM",
"url" : "http://www.postgresql.org/docs/current/static/release-8-0-25.html"
},
{
"name" : "http://www.postgresql.org/docs/current/static/release-8-1-21.html",
"refsource" : "CONFIRM",
"url" : "http://www.postgresql.org/docs/current/static/release-8-1-21.html"
},
{
"name" : "http://www.postgresql.org/docs/current/static/release-8-2-17.html",
"refsource" : "CONFIRM",
"url" : "http://www.postgresql.org/docs/current/static/release-8-2-17.html"
},
{
"name" : "http://www.postgresql.org/docs/current/static/release-8-3-11.html",
"refsource" : "CONFIRM",
"url" : "http://www.postgresql.org/docs/current/static/release-8-3-11.html"
},
{
"name" : "http://www.postgresql.org/docs/current/static/release-8-4-4.html",
"refsource" : "CONFIRM",
"url" : "http://www.postgresql.org/docs/current/static/release-8-4-4.html"
},
{
"name" : "DSA-2051",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2051"
},
{
"name" : "HPSBMU02781",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134124585221119&w=2"
},
{
"name" : "SSRT100617",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134124585221119&w=2"
},
{
"name" : "MDVSA-2010:103",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:103"
},
{
"name" : "SUSE-SR:2010:014",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name" : "40304",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40304"
},
{
"name" : "oval:org.mitre.oval:def:11004",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11004"
},
{
"name" : "39939",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39939"
},
{
"name" : "ADV-2010-1207",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1207"
},
{
"name" : "ADV-2010-1221",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1221"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.postgresql.org/docs/current/static/release-8-1-21.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/current/static/release-8-1-21.html"
},
{
"name": "HPSBMU02781",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134124585221119&w=2"
},
{
"name": "DSA-2051",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2051"
},
{
"name": "http://www.postgresql.org/docs/current/static/release-7-4-29.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/current/static/release-7-4-29.html"
},
{
"name": "http://www.postgresql.org/docs/current/static/release-8-0-25.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/current/static/release-8-0-25.html"
},
{
"name": "oval:org.mitre.oval:def:11004",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11004"
},
{
"name": "ADV-2010-1221",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1221"
},
{
"name": "http://www.postgresql.org/docs/current/static/release-8-3-11.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/current/static/release-8-3-11.html"
},
{
"name": "ADV-2010-1207",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1207"
},
{
"name": "http://www.postgresql.org/docs/current/static/release-8-2-17.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/current/static/release-8-2-17.html"
},
{
"name": "http://www.postgresql.org/docs/current/static/release-8-4-4.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/current/static/release-8-4-4.html"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "40304",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40304"
},
{
"name": "MDVSA-2010:103",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:103"
},
{
"name": "39939",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39939"
},
{
"name": "SSRT100617",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134124585221119&w=2"
}
]
}
}

410
2010/4xxx/CVE-2010-4015.json
View File

@ -1,207 +1,207 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4015",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-4015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=7ccb6dc2d3e266a551827bb99179708580f72431",
"refsource" : "CONFIRM",
"url" : "http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=7ccb6dc2d3e266a551827bb99179708580f72431"
},
{
"name" : "http://www.postgresql.org/about/news.1289",
"refsource" : "CONFIRM",
"url" : "http://www.postgresql.org/about/news.1289"
},
{
"name" : "http://www.postgresql.org/support/security",
"refsource" : "CONFIRM",
"url" : "http://www.postgresql.org/support/security"
},
{
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
"refsource" : "CONFIRM",
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"
},
{
"name" : "DSA-2157",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2157"
},
{
"name" : "FEDORA-2011-0990",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053817.html"
},
{
"name" : "FEDORA-2011-0963",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053888.html"
},
{
"name" : "HPSBMU02781",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134124585221119&w=2"
},
{
"name" : "SSRT100617",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134124585221119&w=2"
},
{
"name" : "MDVSA-2011:021",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:021"
},
{
"name" : "RHSA-2011:0198",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0198.html"
},
{
"name" : "RHSA-2011:0197",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0197.html"
},
{
"name" : "SUSE-SR:2011:005",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name" : "USN-1058-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1058-1"
},
{
"name" : "46084",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46084"
},
{
"name" : "70740",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70740"
},
{
"name" : "43144",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43144"
},
{
"name" : "43154",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43154"
},
{
"name" : "43155",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43155"
},
{
"name" : "43187",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43187"
},
{
"name" : "43188",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43188"
},
{
"name" : "43240",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43240"
},
{
"name" : "ADV-2011-0262",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0262"
},
{
"name" : "ADV-2011-0278",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0278"
},
{
"name" : "ADV-2011-0283",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0283"
},
{
"name" : "ADV-2011-0287",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0287"
},
{
"name" : "ADV-2011-0299",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0299"
},
{
"name" : "ADV-2011-0303",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0303"
},
{
"name" : "ADV-2011-0349",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0349"
},
{
"name" : "postgresql-gettoken-buffer-overflow(65060)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65060"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0283",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0283"
},
{
"name": "70740",
"refsource": "OSVDB",
"url": "http://osvdb.org/70740"
},
{
"name": "43144",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43144"
},
{
"name": "HPSBMU02781",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134124585221119&w=2"
},
{
"name": "RHSA-2011:0198",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0198.html"
},
{
"name": "FEDORA-2011-0990",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053817.html"
},
{
"name": "RHSA-2011:0197",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0197.html"
},
{
"name": "http://www.postgresql.org/about/news.1289",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/about/news.1289"
},
{
"name": "ADV-2011-0349",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0349"
},
{
"name": "43187",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43187"
},
{
"name": "SUSE-SR:2011:005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name": "USN-1058-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1058-1"
},
{
"name": "MDVSA-2011:021",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:021"
},
{
"name": "ADV-2011-0262",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0262"
},
{
"name": "ADV-2011-0303",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0303"
},
{
"name": "DSA-2157",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2157"
},
{
"name": "ADV-2011-0287",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0287"
},
{
"name": "43155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43155"
},
{
"name": "43154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43154"
},
{
"name": "43188",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43188"
},
{
"name": "http://www.postgresql.org/support/security",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/support/security"
},
{
"name": "46084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46084"
},
{
"name": "postgresql-gettoken-buffer-overflow(65060)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65060"
},
{
"name": "43240",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43240"
},
{
"name": "http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=7ccb6dc2d3e266a551827bb99179708580f72431",
"refsource": "CONFIRM",
"url": "http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=7ccb6dc2d3e266a551827bb99179708580f72431"
},
{
"name": "FEDORA-2011-0963",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053888.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"
},
{
"name": "ADV-2011-0278",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0278"
},
{
"name": "ADV-2011-0299",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0299"
},
{
"name": "SSRT100617",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134124585221119&w=2"
}
]
}
}

34
2010/4xxx/CVE-2010-4292.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4292",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2010-4292",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}

120
2010/5xxx/CVE-2010-5070.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5070",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method, a different vulnerability than CVE-2010-2264. NOTE: this may overlap CVE-2010-5073."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5070",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://w2spconf.com/2010/papers/p26.pdf",
"refsource" : "MISC",
"url" : "http://w2spconf.com/2010/papers/p26.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method, a different vulnerability than CVE-2010-2264. NOTE: this may overlap CVE-2010-5073."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://w2spconf.com/2010/papers/p26.pdf",
"refsource": "MISC",
"url": "http://w2spconf.com/2010/papers/p26.pdf"
}
]
}
}

770
2014/0xxx/CVE-2014-0114.json
View File

@ -1,387 +1,387 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0114",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name" : "[oss-security] 20140616 CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/06/15/10"
},
{
"name" : "[oss-security] 20140707 Re: CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/07/08/1"
},
{
"name" : "[apache-ignite-developers] 20180601 [CVE-2014-0114]: Apache Ignite is vulnerable to existing CVE-2014-0114",
"refsource" : "MLIST",
"url" : "http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2014-0114-Apache-Ignite-is-vulnerable-to-existing-CVE-2014-0114-td31205.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1091938",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1091938"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676375",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676375"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676931",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676931"
},
{
"name" : "http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt",
"refsource" : "CONFIRM",
"url" : "http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt"
},
{
"name" : "https://access.redhat.com/solutions/869353",
"refsource" : "CONFIRM",
"url" : "https://access.redhat.com/solutions/869353"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1116665",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1116665"
},
{
"name" : "https://issues.apache.org/jira/browse/BEANUTILS-463",
"refsource" : "CONFIRM",
"url" : "https://issues.apache.org/jira/browse/BEANUTILS-463"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676303",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676303"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676091",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2014-0008.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2014-0008.html"
},
{
"name" : "http://advisories.mageia.org/MGASA-2014-0219.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2014-0219.html"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21675496",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21675496"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21674128",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21674128"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21674812",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21674812"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675266",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675266"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675387",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675387"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675689",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675689"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675898",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675898"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676110",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676110"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27042296",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27042296"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675972",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675972"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677110",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677110"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20140911-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20140911-0001/"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180629-0006/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180629-0006/"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource" : "CONFIRM",
"url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name" : "DSA-2940",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2940"
},
{
"name" : "FEDORA-2014-9380",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136958.html"
},
{
"name" : "GLSA-201607-09",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201607-09"
},
{
"name" : "HPSBST03160",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=141451023707502&w=2"
},
{
"name" : "HPSBGN03041",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140119284401582&w=2"
},
{
"name" : "HPSBMU03090",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140801096002766&w=2"
},
{
"name" : "MDVSA-2014:095",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:095"
},
{
"name" : "RHSA-2018:2669",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2669"
},
{
"name" : "67121",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67121"
},
{
"name" : "58851",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58851"
},
{
"name" : "59014",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59014"
},
{
"name" : "59704",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59704"
},
{
"name" : "60177",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60177"
},
{
"name" : "60703",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60703"
},
{
"name" : "57477",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57477"
},
{
"name" : "59245",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59245"
},
{
"name" : "58947",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58947"
},
{
"name" : "59118",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59118"
},
{
"name" : "59228",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59228"
},
{
"name" : "59246",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59246"
},
{
"name" : "59430",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59430"
},
{
"name" : "59464",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59464"
},
{
"name" : "59479",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59479"
},
{
"name" : "59480",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59480"
},
{
"name" : "58710",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58710"
},
{
"name" : "59718",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59718"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[apache-ignite-developers] 20180601 [CVE-2014-0114]: Apache Ignite is vulnerable to existing CVE-2014-0114",
"refsource": "MLIST",
"url": "http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2014-0114-Apache-Ignite-is-vulnerable-to-existing-CVE-2014-0114-td31205.html"
},
{
"name": "57477",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57477"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html"
},
{
"name": "https://issues.apache.org/jira/browse/BEANUTILS-463",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/BEANUTILS-463"
},
{
"name": "58710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58710"
},
{
"name": "MDVSA-2014:095",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:095"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675689",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675689"
},
{
"name": "FEDORA-2014-9380",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136958.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21674812",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674812"
},
{
"name": "https://security.netapp.com/advisory/ntap-20140911-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20140911-0001/"
},
{
"name": "59464",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59464"
},
{
"name": "59118",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59118"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180629-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180629-0006/"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675387",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675387"
},
{
"name": "https://access.redhat.com/solutions/869353",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/solutions/869353"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1091938",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091938"
},
{
"name": "http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt",
"refsource": "CONFIRM",
"url": "http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0219.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0219.html"
},
{
"name": "60703",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60703"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675972",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675972"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676375",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676375"
},
{
"name": "[oss-security] 20140707 Re: CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/07/08/1"
},
{
"name": "RHSA-2018:2669",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2669"
},
{
"name": "GLSA-201607-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-09"
},
{
"name": "HPSBST03160",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=141451023707502&w=2"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675898",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675898"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676110",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676110"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27042296",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27042296"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676303",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676303"
},
{
"name": "59228",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59228"
},
{
"name": "59246",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59246"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1116665",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1116665"
},
{
"name": "[oss-security] 20140616 CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/06/15/10"
},
{
"name": "59245",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59245"
},
{
"name": "HPSBMU03090",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140801096002766&w=2"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21674128",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674128"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676931",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676931"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "60177",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60177"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21675496",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21675496"
},
{
"name": "DSA-2940",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2940"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675266",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675266"
},
{
"name": "59014",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59014"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677110",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677110"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
},
{
"name": "67121",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67121"
},
{
"name": "59480",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59480"
},
{
"name": "HPSBGN03041",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140119284401582&w=2"
},
{
"name": "59479",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59479"
},
{
"name": "59704",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59704"
},
{
"name": "58947",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58947"
},
{
"name": "59718",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59718"
},
{
"name": "59430",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59430"
},
{
"name": "58851",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58851"
}
]
}
}

150
2014/0xxx/CVE-2014-0330.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0330",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in adminui/user_list.php on the Dell KACE K1000 management appliance 5.5.90545 allows remote attackers to inject arbitrary web script or HTML via the LABEL_ID parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-0330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#813382",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/813382"
},
{
"name" : "65333",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65333"
},
{
"name" : "102855",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102855"
},
{
"name" : "kace-cve20140330-xss(90954)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90954"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in adminui/user_list.php on the Dell KACE K1000 management appliance 5.5.90545 allows remote attackers to inject arbitrary web script or HTML via the LABEL_ID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "65333",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65333"
},
{
"name": "102855",
"refsource": "OSVDB",
"url": "http://osvdb.org/102855"
},
{
"name": "kace-cve20140330-xss(90954)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90954"
},
{
"name": "VU#813382",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/813382"
}
]
}
}

34
2014/0xxx/CVE-2014-0346.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0346",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0160. Reason: This candidate is a reservation duplicate of CVE-2014-0160. Notes: All CVE users should reference CVE-2014-0160 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-0346",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0160. Reason: This candidate is a reservation duplicate of CVE-2014-0160. Notes: All CVE users should reference CVE-2014-0160 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

120
2014/0xxx/CVE-2014-0580.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0580",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2014-0580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://helpx.adobe.com/security/products/flash-player/apsb14-27.html",
"refsource" : "CONFIRM",
"url" : "http://helpx.adobe.com/security/products/flash-player/apsb14-27.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://helpx.adobe.com/security/products/flash-player/apsb14-27.html",
"refsource": "CONFIRM",
"url": "http://helpx.adobe.com/security/products/flash-player/apsb14-27.html"
}
]
}
}

34
2014/0xxx/CVE-2014-0788.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0788",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-0788",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

210
2014/0xxx/CVE-2014-0791.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0791",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Server License Request packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-0791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140102 CVE for freerdp int overflow?",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/01/02/5"
},
{
"name" : "[oss-security] 20140103 Re: CVE for freerdp int overflow?",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/01/03/4"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=998941",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=998941"
},
{
"name" : "https://github.com/FreeRDP/FreeRDP/pull/1649",
"refsource" : "MISC",
"url" : "https://github.com/FreeRDP/FreeRDP/pull/1649"
},
{
"name" : "https://github.com/sidhpurwala-huzaifa/FreeRDP/commit/e2745807c4c3e0a590c0f69a9b655dc74ebaa03e",
"refsource" : "MISC",
"url" : "https://github.com/sidhpurwala-huzaifa/FreeRDP/commit/e2745807c4c3e0a590c0f69a9b655dc74ebaa03e"
},
{
"name" : "http://advisories.mageia.org/MGASA-2014-0287.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2014-0287.html"
},
{
"name" : "MDVSA-2015:171",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:171"
},
{
"name" : "openSUSE-SU-2016:2400",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-09/msg00101.html"
},
{
"name" : "openSUSE-SU-2016:2402",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-09/msg00102.html"
},
{
"name" : "openSUSE-SU-2014:0862",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-07/msg00008.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Server License Request packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140102 CVE for freerdp int overflow?",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/01/02/5"
},
{
"name": "openSUSE-SU-2016:2400",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00101.html"
},
{
"name": "openSUSE-SU-2014:0862",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00008.html"
},
{
"name": "[oss-security] 20140103 Re: CVE for freerdp int overflow?",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/01/03/4"
},
{
"name": "openSUSE-SU-2016:2402",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00102.html"
},
{
"name": "MDVSA-2015:171",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:171"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=998941",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=998941"
},
{
"name": "https://github.com/sidhpurwala-huzaifa/FreeRDP/commit/e2745807c4c3e0a590c0f69a9b655dc74ebaa03e",
"refsource": "MISC",
"url": "https://github.com/sidhpurwala-huzaifa/FreeRDP/commit/e2745807c4c3e0a590c0f69a9b655dc74ebaa03e"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0287.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0287.html"
},
{
"name": "https://github.com/FreeRDP/FreeRDP/pull/1649",
"refsource": "MISC",
"url": "https://github.com/FreeRDP/FreeRDP/pull/1649"
}
]
}
}

160
2014/1xxx/CVE-2014-1201.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1201",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series with firmware 11.19.85_1FE3A allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the HTTP_PORT parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140110 [CVE -2014-1201] Lorex security DVR ActiveX control buffer overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/530739/100/0/threaded"
},
{
"name" : "https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-report.txt",
"refsource" : "MISC",
"url" : "https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-report.txt"
},
{
"name" : "https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-testcase.html",
"refsource" : "MISC",
"url" : "https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-testcase.html"
},
{
"name" : "101903",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/101903"
},
{
"name" : "lorex-cve20141201-bo(90223)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90223"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series with firmware 11.19.85_1FE3A allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the HTTP_PORT parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140110 [CVE -2014-1201] Lorex security DVR ActiveX control buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/530739/100/0/threaded"
},
{
"name": "https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-testcase.html",
"refsource": "MISC",
"url": "https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-testcase.html"
},
{
"name": "https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-report.txt",
"refsource": "MISC",
"url": "https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-report.txt"
},
{
"name": "lorex-cve20141201-bo(90223)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90223"
},
{
"name": "101903",
"refsource": "OSVDB",
"url": "http://osvdb.org/101903"
}
]
}
}

440
2014/1xxx/CVE-2014-1479.json
View File

@ -1,222 +1,222 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1479",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2014-1479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-02.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-02.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=911864",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=911864"
},
{
"name" : "https://8pecxstudios.com/?page_id=44080",
"refsource" : "CONFIRM",
"url" : "https://8pecxstudios.com/?page_id=44080"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "http://download.novell.com/Download?buildid=VYQsgaFpQ2k",
"refsource" : "CONFIRM",
"url" : "http://download.novell.com/Download?buildid=VYQsgaFpQ2k"
},
{
"name" : "http://download.novell.com/Download?buildid=Y2fux-JW1Qc",
"refsource" : "CONFIRM",
"url" : "http://download.novell.com/Download?buildid=Y2fux-JW1Qc"
},
{
"name" : "DSA-2858",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2858"
},
{
"name" : "FEDORA-2014-2041",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html"
},
{
"name" : "FEDORA-2014-2083",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html"
},
{
"name" : "GLSA-201504-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201504-01"
},
{
"name" : "RHSA-2014:0132",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0132.html"
},
{
"name" : "RHSA-2014:0133",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0133.html"
},
{
"name" : "SUSE-SU-2014:0248",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html"
},
{
"name" : "openSUSE-SU-2014:0212",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html"
},
{
"name" : "openSUSE-SU-2014:0213",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html"
},
{
"name" : "openSUSE-SU-2014:0419",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html"
},
{
"name" : "USN-2102-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2102-1"
},
{
"name" : "USN-2102-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2102-2"
},
{
"name" : "USN-2119-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2119-1"
},
{
"name" : "65320",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65320"
},
{
"name" : "102866",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102866"
},
{
"name" : "1029717",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029717"
},
{
"name" : "1029720",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029720"
},
{
"name" : "1029721",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029721"
},
{
"name" : "56706",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56706"
},
{
"name" : "56761",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56761"
},
{
"name" : "56763",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56763"
},
{
"name" : "56767",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56767"
},
{
"name" : "56787",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56787"
},
{
"name" : "56858",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56858"
},
{
"name" : "56888",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56888"
},
{
"name" : "56922",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56922"
},
{
"name" : "firefox-cve20141479-sec-bypass(90898)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90898"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2119-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2119-1"
},
{
"name": "http://download.novell.com/Download?buildid=Y2fux-JW1Qc",
"refsource": "CONFIRM",
"url": "http://download.novell.com/Download?buildid=Y2fux-JW1Qc"
},
{
"name": "1029721",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029721"
},
{
"name": "openSUSE-SU-2014:0212",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html"
},
{
"name": "1029717",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029717"
},
{
"name": "https://8pecxstudios.com/?page_id=44080",
"refsource": "CONFIRM",
"url": "https://8pecxstudios.com/?page_id=44080"
},
{
"name": "RHSA-2014:0132",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0132.html"
},
{
"name": "56922",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56922"
},
{
"name": "56787",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56787"
},
{
"name": "1029720",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029720"
},
{
"name": "56858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56858"
},
{
"name": "firefox-cve20141479-sec-bypass(90898)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90898"
},
{
"name": "102866",
"refsource": "OSVDB",
"url": "http://osvdb.org/102866"
},
{
"name": "DSA-2858",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2858"
},
{
"name": "56763",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56763"
},
{
"name": "USN-2102-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2102-2"
},
{
"name": "RHSA-2014:0133",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0133.html"
},
{
"name": "GLSA-201504-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "65320",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65320"
},
{
"name": "http://www.mozilla.org/security/announce/2014/mfsa2014-02.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-02.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=911864",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=911864"
},
{
"name": "http://download.novell.com/Download?buildid=VYQsgaFpQ2k",
"refsource": "CONFIRM",
"url": "http://download.novell.com/Download?buildid=VYQsgaFpQ2k"
},
{
"name": "56888",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56888"
},
{
"name": "FEDORA-2014-2083",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html"
},
{
"name": "openSUSE-SU-2014:0419",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html"
},
{
"name": "56761",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56761"
},
{
"name": "FEDORA-2014-2041",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html"
},
{
"name": "SUSE-SU-2014:0248",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html"
},
{
"name": "openSUSE-SU-2014:0213",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html"
},
{
"name": "USN-2102-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2102-1"
},
{
"name": "56767",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56767"
},
{
"name": "56706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56706"
}
]
}
}

190
2014/1xxx/CVE-2014-1733.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1733",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PointerCompare function in codegen.cc in Seccomp-BPF, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly merge blocks, which might allow remote attackers to bypass intended sandbox restrictions by leveraging renderer access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-1733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=351103",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=351103"
},
{
"name" : "https://src.chromium.org/viewvc/chrome?revision=260157&view=revision",
"refsource" : "CONFIRM",
"url" : "https://src.chromium.org/viewvc/chrome?revision=260157&view=revision"
},
{
"name" : "DSA-2920",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2920"
},
{
"name" : "GLSA-201408-16",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201408-16.xml"
},
{
"name" : "openSUSE-SU-2014:0668",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html"
},
{
"name" : "openSUSE-SU-2014:0669",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html"
},
{
"name" : "58301",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58301"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PointerCompare function in codegen.cc in Seccomp-BPF, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly merge blocks, which might allow remote attackers to bypass intended sandbox restrictions by leveraging renderer access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "58301",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58301"
},
{
"name": "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html"
},
{
"name": "openSUSE-SU-2014:0669",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=351103",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=351103"
},
{
"name": "GLSA-201408-16",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201408-16.xml"
},
{
"name": "openSUSE-SU-2014:0668",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html"
},
{
"name": "DSA-2920",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2920"
},
{
"name": "https://src.chromium.org/viewvc/chrome?revision=260157&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/chrome?revision=260157&view=revision"
}
]
}
}

150
2014/4xxx/CVE-2014-4160.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4160",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas node in SAP NetWeaver Business Client (NWBC) allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) sap-accessibility parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.emaze.net/2014/05/sap-multiple-vulnerabilities.html",
"refsource" : "MISC",
"url" : "http://blog.emaze.net/2014/05/sap-multiple-vulnerabilities.html"
},
{
"name" : "http://scn.sap.com/docs/DOC-8218",
"refsource" : "CONFIRM",
"url" : "http://scn.sap.com/docs/DOC-8218"
},
{
"name" : "https://service.sap.com/sap/support/notes/1932505",
"refsource" : "CONFIRM",
"url" : "https://service.sap.com/sap/support/notes/1932505"
},
{
"name" : "67995",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67995"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas node in SAP NetWeaver Business Client (NWBC) allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) sap-accessibility parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "67995",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67995"
},
{
"name": "http://blog.emaze.net/2014/05/sap-multiple-vulnerabilities.html",
"refsource": "MISC",
"url": "http://blog.emaze.net/2014/05/sap-multiple-vulnerabilities.html"
},
{
"name": "http://scn.sap.com/docs/DOC-8218",
"refsource": "CONFIRM",
"url": "http://scn.sap.com/docs/DOC-8218"
},
{
"name": "https://service.sap.com/sap/support/notes/1932505",
"refsource": "CONFIRM",
"url": "https://service.sap.com/sap/support/notes/1932505"
}
]
}
}

150
2014/4xxx/CVE-2014-4444.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4444",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User Switching login."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/kb/HT6535",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT6535"
},
{
"name" : "APPLE-SA-2014-10-16-1",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
},
{
"name" : "1031063",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031063"
},
{
"name" : "macosx-cve20144444-sec-bypass(97623)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97623"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User Switching login."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "macosx-cve20144444-sec-bypass(97623)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97623"
},
{
"name": "APPLE-SA-2014-10-16-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
},
{
"name": "1031063",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031063"
},
{
"name": "https://support.apple.com/kb/HT6535",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT6535"
}
]
}
}

140
2014/4xxx/CVE-2014-4614.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4614",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Piwigo before 2.6.2 allow remote attackers to hijack the authentication of administrators for requests that use the (1) pwg.groups.addUser, (2) pwg.groups.deleteUser, (3) pwg.groups.setInfo, (4) pwg.users.setInfo, (5) pwg.permissions.add, or (6) pwg.permissions.remove method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140624 Re: CVE request: Piwigo before 2.6.2 ws.php Arbitrary User Creation CSRF",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q2/623"
},
{
"name" : "http://piwigo.org/bugs/view.php?id=0003055",
"refsource" : "CONFIRM",
"url" : "http://piwigo.org/bugs/view.php?id=0003055"
},
{
"name" : "http://piwigo.org/releases/2.6.2",
"refsource" : "CONFIRM",
"url" : "http://piwigo.org/releases/2.6.2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Piwigo before 2.6.2 allow remote attackers to hijack the authentication of administrators for requests that use the (1) pwg.groups.addUser, (2) pwg.groups.deleteUser, (3) pwg.groups.setInfo, (4) pwg.users.setInfo, (5) pwg.permissions.add, or (6) pwg.permissions.remove method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140624 Re: CVE request: Piwigo before 2.6.2 ws.php Arbitrary User Creation CSRF",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/623"
},
{
"name": "http://piwigo.org/bugs/view.php?id=0003055",
"refsource": "CONFIRM",
"url": "http://piwigo.org/bugs/view.php?id=0003055"
},
{
"name": "http://piwigo.org/releases/2.6.2",
"refsource": "CONFIRM",
"url": "http://piwigo.org/releases/2.6.2"
}
]
}
}

240
2014/4xxx/CVE-2014-4617.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4617",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[gnupg-announce] 20140623 [security fix] GnuPG 1.4.17 released",
"refsource" : "MLIST",
"url" : "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html"
},
{
"name" : "[gnupg-announce] 20140624 [security fix] GnuPG 2.0.24 released",
"refsource" : "MLIST",
"url" : "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html"
},
{
"name" : "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=014b2103fcb12f261135e3954f26e9e07b39e342",
"refsource" : "CONFIRM",
"url" : "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=014b2103fcb12f261135e3954f26e9e07b39e342"
},
{
"name" : "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a",
"refsource" : "CONFIRM",
"url" : "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name" : "DSA-2968",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2968"
},
{
"name" : "DSA-2967",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2967"
},
{
"name" : "openSUSE-SU-2014:0866",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-07/msg00010.html"
},
{
"name" : "USN-2258-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2258-1"
},
{
"name" : "59213",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59213"
},
{
"name" : "59534",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59534"
},
{
"name" : "59578",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59578"
},
{
"name" : "59351",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59351"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "59351",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59351"
},
{
"name": "59578",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59578"
},
{
"name": "[gnupg-announce] 20140624 [security fix] GnuPG 2.0.24 released",
"refsource": "MLIST",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html"
},
{
"name": "DSA-2967",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2967"
},
{
"name": "openSUSE-SU-2014:0866",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00010.html"
},
{
"name": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=014b2103fcb12f261135e3954f26e9e07b39e342",
"refsource": "CONFIRM",
"url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=014b2103fcb12f261135e3954f26e9e07b39e342"
},
{
"name": "USN-2258-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2258-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "DSA-2968",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2968"
},
{
"name": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a",
"refsource": "CONFIRM",
"url": "http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a"
},
{
"name": "59534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59534"
},
{
"name": "59213",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59213"
},
{
"name": "[gnupg-announce] 20140623 [security fix] GnuPG 1.4.17 released",
"refsource": "MLIST",
"url": "http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html"
}
]
}
}

150
2014/4xxx/CVE-2014-4997.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4997",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140707 Vulnerability Report for Ruby Gem point-cli-0.0.1",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/07/07/16"
},
{
"name" : "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/07/17/5"
},
{
"name" : "http://www.vapid.dhs.org/advisories/point-cli-0.0.1.html",
"refsource" : "MISC",
"url" : "http://www.vapid.dhs.org/advisories/point-cli-0.0.1.html"
},
{
"name" : "68735",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68735"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/17/5"
},
{
"name": "[oss-security] 20140707 Vulnerability Report for Ruby Gem point-cli-0.0.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/07/16"
},
{
"name": "http://www.vapid.dhs.org/advisories/point-cli-0.0.1.html",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisories/point-cli-0.0.1.html"
},
{
"name": "68735",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68735"
}
]
}
}

140
2014/5xxx/CVE-2014-5113.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5113",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in test.php in Visualware MyConnection Server 9.7i allow remote attackers to inject arbitrary web script or HTML via the (1) testtype, (2) ver, (3) cm, (4) map, (5) lines, (6) pps, (7) bpp, (8) codec, (9) provtext, (10) provtextextra, (11) provlink, or (12) duration parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5113",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/127545/MyConnection-Server-MCS-9.7i-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127545/MyConnection-Server-MCS-9.7i-Cross-Site-Scripting.html"
},
{
"name" : "http://treadstonesecurity.blogspot.ca/2014/07/myconnection-server-mcs-reflective-xss.html",
"refsource" : "MISC",
"url" : "http://treadstonesecurity.blogspot.ca/2014/07/myconnection-server-mcs-reflective-xss.html"
},
{
"name" : "68793",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68793"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in test.php in Visualware MyConnection Server 9.7i allow remote attackers to inject arbitrary web script or HTML via the (1) testtype, (2) ver, (3) cm, (4) map, (5) lines, (6) pps, (7) bpp, (8) codec, (9) provtext, (10) provtextextra, (11) provlink, or (12) duration parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127545/MyConnection-Server-MCS-9.7i-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127545/MyConnection-Server-MCS-9.7i-Cross-Site-Scripting.html"
},
{
"name": "68793",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68793"
},
{
"name": "http://treadstonesecurity.blogspot.ca/2014/07/myconnection-server-mcs-reflective-xss.html",
"refsource": "MISC",
"url": "http://treadstonesecurity.blogspot.ca/2014/07/myconnection-server-mcs-reflective-xss.html"
}
]
}
}

170
2014/9xxx/CVE-2014-9914.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9914",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2014-9914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9709674e68646cee5a24e3000b3558d25412203a",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9709674e68646cee5a24e3000b3558d25412203a"
},
{
"name" : "http://source.android.com/security/bulletin/2017-02-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2017-02-01.html"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2"
},
{
"name" : "https://github.com/torvalds/linux/commit/9709674e68646cee5a24e3000b3558d25412203a",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/9709674e68646cee5a24e3000b3558d25412203a"
},
{
"name" : "96100",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96100"
},
{
"name" : "1037798",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037798"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037798",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037798"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9709674e68646cee5a24e3000b3558d25412203a",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9709674e68646cee5a24e3000b3558d25412203a"
},
{
"name": "http://source.android.com/security/bulletin/2017-02-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2017-02-01.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2"
},
{
"name": "96100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96100"
},
{
"name": "https://github.com/torvalds/linux/commit/9709674e68646cee5a24e3000b3558d25412203a",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/9709674e68646cee5a24e3000b3558d25412203a"
}
]
}
}

160
2016/3xxx/CVE-2016-3028.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3028",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-3028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21990317",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21990317"
},
{
"name" : "IV89257",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257"
},
{
"name" : "IV89322",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89322"
},
{
"name" : "IV89326",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89326"
},
{
"name" : "93176",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93176"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IV89257",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89257"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21990317",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990317"
},
{
"name": "93176",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93176"
},
{
"name": "IV89322",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89322"
},
{
"name": "IV89326",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV89326"
}
]
}
}

150
2016/3xxx/CVE-2016-3479.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3479",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Portable Clusterware component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name" : "91787",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91787"
},
{
"name" : "91898",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91898"
},
{
"name" : "1036363",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036363"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Portable Clusterware component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91898",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91898"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "1036363",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036363"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
}
]
}
}

130
2016/3xxx/CVE-2016-3748.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3748",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The sockets subsystem in Android 6.x before 2016-07-01 allows attackers to bypass intended system-call restrictions via a crafted application that makes an ioctl call, aka internal bug 28171804."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"name" : "https://android.googlesource.com/platform/external/sepolicy/+/556bb0f55324e8839d7b735a0de9bc31028e839e",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/external/sepolicy/+/556bb0f55324e8839d7b735a0de9bc31028e839e"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sockets subsystem in Android 6.x before 2016-07-01 allows attackers to bypass intended system-call restrictions via a crafted application that makes an ioctl call, aka internal bug 28171804."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/external/sepolicy/+/556bb0f55324e8839d7b735a0de9bc31028e839e",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/external/sepolicy/+/556bb0f55324e8839d7b735a0de9bc31028e839e"
},
{
"name": "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
}
]
}
}

140
2016/7xxx/CVE-2016-7118.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7118",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "fs/fcntl.c in the \"aufs 3.2.x+setfl-debian\" patch in the linux-image package 3.2.0-4 (kernel 3.2.81-1) in Debian wheezy mishandles F_SETFL fcntl calls on directories, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via standard filesystem operations, as demonstrated by scp from an AUFS filesystem."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160831 Re: CVE request: Kernel Oops when issuing fcntl on an AUFS directory",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/08/31/3"
},
{
"name" : "[oss-security] 20160831 CVE request: Kernel Oops when issuing fcntl on an AUFS directory",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2016/q3/395"
},
{
"name" : "92697",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92697"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "fs/fcntl.c in the \"aufs 3.2.x+setfl-debian\" patch in the linux-image package 3.2.0-4 (kernel 3.2.81-1) in Debian wheezy mishandles F_SETFL fcntl calls on directories, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via standard filesystem operations, as demonstrated by scp from an AUFS filesystem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92697",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92697"
},
{
"name": "[oss-security] 20160831 Re: CVE request: Kernel Oops when issuing fcntl on an AUFS directory",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/08/31/3"
},
{
"name": "[oss-security] 20160831 CVE request: Kernel Oops when issuing fcntl on an AUFS directory",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2016/q3/395"
}
]
}
}

34
2016/7xxx/CVE-2016-7373.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7373",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7373",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2016/7xxx/CVE-2016-7706.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7706",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7706",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/8xxx/CVE-2016-8059.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8059",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-8059",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/8xxx/CVE-2016-8143.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8143",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8143",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2016/8xxx/CVE-2016-8426.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2016-8426",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Kernel-3.10"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31799206. References: N-CVE-2016-8426."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-8426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Kernel-3.10"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-01-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-01-01.html"
},
{
"name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
"refsource" : "CONFIRM",
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"name" : "95231",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95231"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31799206. References: N-CVE-2016-8426."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-01-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-01-01.html"
},
{
"name": "95231",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95231"
},
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
}
]
}
}

172
2016/8xxx/CVE-2016-8651.json
View File

@ -1,88 +1,88 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psampaio@redhat.com",
"ID" : "CVE-2016-8651",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "OpenShift Enterprise",
"version" : {
"version_data" : [
{
"version_value" : "3"
}
]
}
}
]
},
"vendor_name" : "Red Hat"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "3.1/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version" : "3.0"
}
],
[
{
"vectorString" : "2.3/AV:A/AC:M/Au:S/C:P/I:N/A:N",
"version" : "2.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenShift Enterprise",
"version": {
"version_data": [
{
"version_value": "3"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651"
},
{
"name" : "RHSA-2016:2915",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:2915"
},
{
"name" : "94935",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94935"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "3.1/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
[
{
"vectorString": "2.3/AV:A/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94935",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94935"
},
{
"name": "RHSA-2016:2915",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:2915"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8651"
}
]
}
}

270
2016/9xxx/CVE-2016-9565.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9565",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20161215 Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/539925/100/0/threaded"
},
{
"name" : "40920",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40920/"
},
{
"name" : "20161215 Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/Dec/57"
},
{
"name" : "http://packetstormsecurity.com/files/140169/Nagios-Core-Curl-Command-Injection-Code-Execution.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/140169/Nagios-Core-Curl-Command-Injection-Code-Execution.html"
},
{
"name" : "https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html",
"refsource" : "MISC",
"url" : "https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html"
},
{
"name" : "https://www.nagios.org/projects/nagios-core/history/4x/",
"refsource" : "CONFIRM",
"url" : "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"name" : "GLSA-201702-26",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-26"
},
{
"name" : "GLSA-201710-20",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201710-20"
},
{
"name" : "RHSA-2017:0211",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
},
{
"name" : "RHSA-2017:0212",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name" : "RHSA-2017:0213",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"name" : "RHSA-2017:0214",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name" : "RHSA-2017:0258",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0258.html"
},
{
"name" : "RHSA-2017:0259",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0259.html"
},
{
"name" : "94922",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94922"
},
{
"name" : "1037488",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037488"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201710-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-20"
},
{
"name": "20161215 Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539925/100/0/threaded"
},
{
"name": "1037488",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037488"
},
{
"name": "94922",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94922"
},
{
"name": "RHSA-2017:0258",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0258.html"
},
{
"name": "RHSA-2017:0212",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0212.html"
},
{
"name": "RHSA-2017:0213",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0213.html"
},
{
"name": "http://packetstormsecurity.com/files/140169/Nagios-Core-Curl-Command-Injection-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/140169/Nagios-Core-Curl-Command-Injection-Code-Execution.html"
},
{
"name": "20161215 Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Dec/57"
},
{
"name": "40920",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40920/"
},
{
"name": "https://www.nagios.org/projects/nagios-core/history/4x/",
"refsource": "CONFIRM",
"url": "https://www.nagios.org/projects/nagios-core/history/4x/"
},
{
"name": "GLSA-201702-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-26"
},
{
"name": "RHSA-2017:0259",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0259.html"
},
{
"name": "https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html",
"refsource": "MISC",
"url": "https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html"
},
{
"name": "RHSA-2017:0214",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0214.html"
},
{
"name": "RHSA-2017:0211",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0211.html"
}
]
}
}

34
2016/9xxx/CVE-2016-9674.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9674",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-9674",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

200
2016/9xxx/CVE-2016-9809.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9809",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161201 gstreamer multiple issues",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/12/01/2"
},
{
"name" : "[oss-security] 20161204 Re: gstreamer multiple issues",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/12/05/8"
},
{
"name" : "https://bugzilla.gnome.org/show_bug.cgi?id=774896",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.gnome.org/show_bug.cgi?id=774896"
},
{
"name" : "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2",
"refsource" : "CONFIRM",
"url" : "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2"
},
{
"name" : "DSA-3818",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3818"
},
{
"name" : "GLSA-201705-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201705-10"
},
{
"name" : "RHSA-2017:0018",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0018.html"
},
{
"name" : "RHSA-2017:0021",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0021.html"
},
{
"name" : "95147",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95147"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3818",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3818"
},
{
"name": "RHSA-2017:0021",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0021.html"
},
{
"name": "95147",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95147"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=774896",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=774896"
},
{
"name": "RHSA-2017:0018",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0018.html"
},
{
"name": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2",
"refsource": "CONFIRM",
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.2"
},
{
"name": "[oss-security] 20161204 Re: gstreamer multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/8"
},
{
"name": "GLSA-201705-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"name": "[oss-security] 20161201 gstreamer multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/01/2"
}
]
}
}

34
2019/2xxx/CVE-2019-2307.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2307",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2307",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2348.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2348",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2348",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2019/2xxx/CVE-2019-2458.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2458",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Outside In Technology",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "8.5.3"
},
{
"version_affected" : "=",
"version_value" : "8.5.4"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Outside In Technology",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.5.3"
},
{
"version_affected": "=",
"version_value": "8.5.4"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name" : "106579",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106579"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106579",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106579"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
}
]
}
}