admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:04:27 +00:00
parent 61203c39dc
commit 3c278177ee
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
48 changed files with 3287 additions and 3287 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

198
2006/0xxx/CVE-2006-0287.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0287",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 10.1.0.5 and Application Server 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# OHS02."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0287",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name" : "VU#545804",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/545804"
},
{
"name" : "16287",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16287"
},
{
"name" : "ADV-2006-0243",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0243"
},
{
"name" : "ADV-2006-0323",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name" : "1015499",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015499"
},
{
"name" : "18493",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18493"
},
{
"name" : "18608",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18608"
},
{
"name" : "oracle-january2006-update(24321)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 10.1.0.5 and Application Server 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# OHS02."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-january2006-update(24321)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "18493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "16287",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16287"
},
{
"name": "VU#545804",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"name": "1015499",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015499"
},
{
"name": "ADV-2006-0243",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18608"
}
]
}
}

138
2006/0xxx/CVE-2006-0495.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0495",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Add Thread to Favorites feature in usercp2.php in MyBB (aka MyBulletinBoard) 1.02 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header ($url variable)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060129 MyBB 1.2 usercp2.php [ $url ] CrossSiteScripting ( XSS )",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/423443/100/0/threaded"
},
{
"name" : "16419",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16419"
},
{
"name" : "mybb-usercp2-xss(24392)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24392"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Add Thread to Favorites feature in usercp2.php in MyBB (aka MyBulletinBoard) 1.02 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header ($url variable)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mybb-usercp2-xss(24392)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24392"
},
{
"name": "16419",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16419"
},
{
"name": "20060129 MyBB 1.2 usercp2.php [ $url ] CrossSiteScripting ( XSS )",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423443/100/0/threaded"
}
]
}
}

148
2006/1xxx/CVE-2006-1093.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1093",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain sensitive information via unknown attack vectors, which causes JSP source code to be revealed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1093",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21231377",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21231377"
},
{
"name" : "16908",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16908"
},
{
"name" : "ADV-2006-0788",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0788"
},
{
"name" : "1015716",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015716"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain sensitive information via unknown attack vectors, which causes JSP source code to be revealed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015716",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015716"
},
{
"name": "16908",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16908"
},
{
"name": "ADV-2006-0788",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0788"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21231377",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21231377"
}
]
}
}

128
2006/1xxx/CVE-2006-1432.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1432",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "fusionZONE couponZONE 4.2 allows remote attackers to obtain the full path of the web server, and other sensitive information, via invalid values, as demonstrated using manipulations associated with SQL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/03/couponzone-v42-multiple-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/03/couponzone-v42-multiple-vuln.html"
},
{
"name" : "couponzone-local-path-disclosure(25486)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25486"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "fusionZONE couponZONE 4.2 allows remote attackers to obtain the full path of the web server, and other sensitive information, via invalid values, as demonstrated using manipulations associated with SQL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "couponzone-local-path-disclosure(25486)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25486"
},
{
"name": "http://pridels0.blogspot.com/2006/03/couponzone-v42-multiple-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/03/couponzone-v42-multiple-vuln.html"
}
]
}
}

128
2006/1xxx/CVE-2006-1910.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1910",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040614 Serendipity Blog vuln",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-04/0282.html"
},
{
"name" : "17566",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17566"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17566",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17566"
},
{
"name": "20040614 Serendipity Blog vuln",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-04/0282.html"
}
]
}
}

158
2006/5xxx/CVE-2006-5059.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5059",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in WWWthreads 5.4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the Cat parameter to (1) dosearch.php, (2) postlist.php, (3) showmembers.php, (4) faq_english.php, (5) online.php, (6) login.php, (7) newuser.php, (8) wwwthreads.php, (9) search.php, or (10) postlist.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060924 wwwthreads <= 5.4.2 croos site script vulnerbilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446911/100/0/threaded"
},
{
"name" : "20178",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20178"
},
{
"name" : "ADV-2006-3858",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3858"
},
{
"name" : "22211",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22211"
},
{
"name" : "1645",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1645"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WWWthreads 5.4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the Cat parameter to (1) dosearch.php, (2) postlist.php, (3) showmembers.php, (4) faq_english.php, (5) online.php, (6) login.php, (7) newuser.php, (8) wwwthreads.php, (9) search.php, or (10) postlist.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1645",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1645"
},
{
"name": "ADV-2006-3858",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3858"
},
{
"name": "20060924 wwwthreads <= 5.4.2 croos site script vulnerbilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446911/100/0/threaded"
},
{
"name": "22211",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22211"
},
{
"name": "20178",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20178"
}
]
}
}

128
2006/5xxx/CVE-2006-5265.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5265",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Microsoft Dynamics GP (formerly Great Plains) 9.0 and earlier allows remote attackers to cause a denial of service (crash) via an invalid magic number in a Distributed Process Server (DPS) message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "29991",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29991"
},
{
"name" : "accountingsoftware-magic-number-dos(25844)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25844"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Dynamics GP (formerly Great Plains) 9.0 and earlier allows remote attackers to cause a denial of service (crash) via an invalid magic number in a Distributed Process Server (DPS) message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29991",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29991"
},
{
"name": "accountingsoftware-magic-number-dos(25844)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25844"
}
]
}
}

128
2006/5xxx/CVE-2006-5381.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5381",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Contenido CMS stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain database credentials and other information via a direct request to (1) db_msql.inc, (2) db_mssql.inc, (3) db_mysqli.inc, (4) db_oci8.inc, (5) db_odbc.inc, (6) db_oracle.inc, (7) db_pgsql.inc, or (8) db_sybase.inc in the conlib/ directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061013 CMS contenido Path Disclosure",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/448563/100/0/threaded"
},
{
"name" : "1738",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1738"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Contenido CMS stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain database credentials and other information via a direct request to (1) db_msql.inc, (2) db_mssql.inc, (3) db_mysqli.inc, (4) db_oci8.inc, (5) db_odbc.inc, (6) db_oracle.inc, (7) db_pgsql.inc, or (8) db_sybase.inc in the conlib/ directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061013 CMS contenido Path Disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448563/100/0/threaded"
},
{
"name": "1738",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1738"
}
]
}
}

258
2006/5xxx/CVE-2006-5461.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5461",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-5461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[avahi-tickets] 20061106 [Avahi] #69: Avahi needs to check the originating process of netlink messages",
"refsource" : "MLIST",
"url" : "https://tango.0pointer.de/pipermail/avahi-tickets/2006-November/000320.html"
},
{
"name" : "http://avahi.org/milestone/Avahi%200.6.15",
"refsource" : "CONFIRM",
"url" : "http://avahi.org/milestone/Avahi%200.6.15"
},
{
"name" : "GLSA-200611-13",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200611-13.xml"
},
{
"name" : "MDKSA-2006:215",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:215"
},
{
"name" : "SUSE-SR:2006:026",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
},
{
"name" : "USN-380-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/380-1/"
},
{
"name" : "21016",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21016"
},
{
"name" : "ADV-2006-4474",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4474"
},
{
"name" : "1017257",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017257"
},
{
"name" : "22807",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22807"
},
{
"name" : "22852",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22852"
},
{
"name" : "23020",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23020"
},
{
"name" : "23042",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23042"
},
{
"name" : "22932",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22932"
},
{
"name" : "avahi-netlink-security-bypass(30207)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30207"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22932",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22932"
},
{
"name": "23042",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23042"
},
{
"name": "SUSE-SR:2006:026",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
},
{
"name": "22852",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22852"
},
{
"name": "USN-380-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/380-1/"
},
{
"name": "ADV-2006-4474",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4474"
},
{
"name": "23020",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23020"
},
{
"name": "22807",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22807"
},
{
"name": "http://avahi.org/milestone/Avahi%200.6.15",
"refsource": "CONFIRM",
"url": "http://avahi.org/milestone/Avahi%200.6.15"
},
{
"name": "1017257",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017257"
},
{
"name": "[avahi-tickets] 20061106 [Avahi] #69: Avahi needs to check the originating process of netlink messages",
"refsource": "MLIST",
"url": "https://tango.0pointer.de/pipermail/avahi-tickets/2006-November/000320.html"
},
{
"name": "MDKSA-2006:215",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:215"
},
{
"name": "avahi-netlink-security-bypass(30207)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30207"
},
{
"name": "GLSA-200611-13",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200611-13.xml"
},
{
"name": "21016",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21016"
}
]
}
}

178
2006/5xxx/CVE-2006-5497.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5497",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in themes/program/themesettings.inc.php in Segue CMS 1.5.8 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the themesdir parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2600",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2600"
},
{
"name" : "http://sourceforge.net/forum/forum.php?forum_id=625467",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/forum/forum.php?forum_id=625467"
},
{
"name" : "20640",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20640"
},
{
"name" : "ADV-2006-4122",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4122"
},
{
"name" : "29904",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29904"
},
{
"name" : "22491",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22491"
},
{
"name" : "seguecms-themesettings-file-include(29692)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29692"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in themes/program/themesettings.inc.php in Segue CMS 1.5.8 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the themesdir parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4122",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4122"
},
{
"name": "20640",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20640"
},
{
"name": "2600",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2600"
},
{
"name": "seguecms-themesettings-file-include(29692)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29692"
},
{
"name": "22491",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22491"
},
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=625467",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=625467"
},
{
"name": "29904",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29904"
}
]
}
}

138
2006/5xxx/CVE-2006-5900.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5900",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the incubator/tests/Zend/Http/_files/testRedirections.php sample code in Zend Framework Preview 0.2.0 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061103 XSS Vulnerability in Zend Framework Preview 0.2.0",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/450707/100/0/threaded"
},
{
"name" : "http://www.armorize.com/resources/vulnerDetail.php?cve_name=Armorize-ADV-2006-0009",
"refsource" : "MISC",
"url" : "http://www.armorize.com/resources/vulnerDetail.php?cve_name=Armorize-ADV-2006-0009"
},
{
"name" : "1863",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1863"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the incubator/tests/Zend/Http/_files/testRedirections.php sample code in Zend Framework Preview 0.2.0 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1863",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1863"
},
{
"name": "20061103 XSS Vulnerability in Zend Framework Preview 0.2.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450707/100/0/threaded"
},
{
"name": "http://www.armorize.com/resources/vulnerDetail.php?cve_name=Armorize-ADV-2006-0009",
"refsource": "MISC",
"url": "http://www.armorize.com/resources/vulnerDetail.php?cve_name=Armorize-ADV-2006-0009"
}
]
}
}

128
2007/2xxx/CVE-2007-2371.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2371",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login, which allows remote attackers to cause a denial of service (loss of configuration data), and possibly perform direct static code injection, via a saveGlobalconfig action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3671",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3671"
},
{
"name" : "23342",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23342"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login, which allows remote attackers to cause a denial of service (loss of configuration data), and possibly perform direct static code injection, via a saveGlobalconfig action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23342",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23342"
},
{
"name": "3671",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3671"
}
]
}
}

32
2010/0xxx/CVE-2010-0398.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0398",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0398",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

198
2010/0xxx/CVE-2010-0404.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0404",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in phpgwapi/inc/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100514 phpGroupWare SQL Injections and Local File Inclusion Vulnerabilities (CVE-2010-0403 and CVE-2010-0404)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/511299/100/0/threaded"
},
{
"name" : "[phpgroupware-users] 20100512 Phpgroupware security release 0.9.16.016",
"refsource" : "MLIST",
"url" : "http://lists.gnu.org/archive/html/phpgroupware-users/2010-05/msg00004.html"
},
{
"name" : "http://download.phpgroupware.org/",
"refsource" : "CONFIRM",
"url" : "http://download.phpgroupware.org/"
},
{
"name" : "http://forums.phpgroupware.org/index.php?t=msg&th=98662&start=0&rid=0",
"refsource" : "CONFIRM",
"url" : "http://forums.phpgroupware.org/index.php?t=msg&th=98662&start=0&rid=0"
},
{
"name" : "DSA-2046",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2046"
},
{
"name" : "39665",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39665"
},
{
"name" : "39731",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39731"
},
{
"name" : "ADV-2010-1145",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1145"
},
{
"name" : "ADV-2010-1146",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1146"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in phpgwapi/inc/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-1146",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1146"
},
{
"name": "ADV-2010-1145",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1145"
},
{
"name": "http://download.phpgroupware.org/",
"refsource": "CONFIRM",
"url": "http://download.phpgroupware.org/"
},
{
"name": "[phpgroupware-users] 20100512 Phpgroupware security release 0.9.16.016",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/phpgroupware-users/2010-05/msg00004.html"
},
{
"name": "http://forums.phpgroupware.org/index.php?t=msg&th=98662&start=0&rid=0",
"refsource": "CONFIRM",
"url": "http://forums.phpgroupware.org/index.php?t=msg&th=98662&start=0&rid=0"
},
{
"name": "20100514 phpGroupWare SQL Injections and Local File Inclusion Vulnerabilities (CVE-2010-0403 and CVE-2010-0404)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511299/100/0/threaded"
},
{
"name": "39731",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39731"
},
{
"name": "DSA-2046",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2046"
},
{
"name": "39665",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39665"
}
]
}
}

148
2010/0xxx/CVE-2010-0580.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0580",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz48680, the \"SIP Message Processing Arbitrary Code Execution Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-0580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=20064",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=20064"
},
{
"name" : "20100324 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20f32.shtml"
},
{
"name" : "1023744",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023744"
},
{
"name" : "39068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39068"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz48680, the \"SIP Message Processing Arbitrary Code Execution Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1023744",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023744"
},
{
"name": "39068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39068"
},
{
"name": "20100324 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b20f32.shtml"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=20064",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=20064"
}
]
}
}

238
2010/0xxx/CVE-2010-0743.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0743",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple format string vulnerabilities in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) 1.0.3, 0.9.5, and earlier and (2) iSCSI Enterprise Target (aka iscsitarget) 0.4.16 allow remote attackers to cause a denial of service (tgtd daemon crash) or possibly have unspecified other impact via vectors that involve the isns_attr_query and qry_rsp_handle functions, and are related to (a) client appearance and (b) client disappearance messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0743",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100331 iscsitarget/scsi-target-tuils format string CVE assignment",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127005132403189&w=2"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574935",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574935"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/tomo/tgt.git;a=commit;h=107d922706cd36f3bb79bcca9bc4678c32f22e59",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/tomo/tgt.git;a=commit;h=107d922706cd36f3bb79bcca9bc4678c32f22e59"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=576359",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=576359"
},
{
"name" : "DSA-2042",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2042"
},
{
"name" : "MDVSA-2010:131",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:131"
},
{
"name" : "SUSE-SR:2010:017",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name" : "39127",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39127"
},
{
"name" : "oval:org.mitre.oval:def:11248",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11248"
},
{
"name" : "39142",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39142"
},
{
"name" : "39726",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39726"
},
{
"name" : "ADV-2010-1786",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1786"
},
{
"name" : "lstf-isns-format-string(57496)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57496"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple format string vulnerabilities in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) 1.0.3, 0.9.5, and earlier and (2) iSCSI Enterprise Target (aka iscsitarget) 0.4.16 allow remote attackers to cause a denial of service (tgtd daemon crash) or possibly have unspecified other impact via vectors that involve the isns_attr_query and qry_rsp_handle functions, and are related to (a) client appearance and (b) client disappearance messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "lstf-isns-format-string(57496)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57496"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=576359",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=576359"
},
{
"name": "MDVSA-2010:131",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:131"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574935",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574935"
},
{
"name": "oval:org.mitre.oval:def:11248",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11248"
},
{
"name": "39142",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39142"
},
{
"name": "[oss-security] 20100331 iscsitarget/scsi-target-tuils format string CVE assignment",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127005132403189&w=2"
},
{
"name": "39127",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39127"
},
{
"name": "SUSE-SR:2010:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/tomo/tgt.git;a=commit;h=107d922706cd36f3bb79bcca9bc4678c32f22e59",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/tomo/tgt.git;a=commit;h=107d922706cd36f3bb79bcca9bc4678c32f22e59"
},
{
"name": "DSA-2042",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2042"
},
{
"name": "ADV-2010-1786",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1786"
},
{
"name": "39726",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39726"
}
]
}
}

378
2010/1xxx/CVE-2010-1197.json
View File

@ -1,192 +1,192 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1197",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both \"Content-Disposition: attachment\" and \"Content-Type: multipart\" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-32.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-32.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=537120",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=537120"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100091069",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100091069"
},
{
"name" : "FEDORA-2010-10344",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html"
},
{
"name" : "FEDORA-2010-10361",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html"
},
{
"name" : "MDVSA-2010:125",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:125"
},
{
"name" : "RHSA-2010:0499",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0499.html"
},
{
"name" : "RHSA-2010:0500",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0500.html"
},
{
"name" : "RHSA-2010:0501",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0501.html"
},
{
"name" : "SUSE-SA:2010:030",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html"
},
{
"name" : "USN-930-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-930-1"
},
{
"name" : "USN-930-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-930-2"
},
{
"name" : "41050",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41050"
},
{
"name" : "41103",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41103"
},
{
"name" : "oval:org.mitre.oval:def:10168",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10168"
},
{
"name" : "oval:org.mitre.oval:def:14186",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14186"
},
{
"name" : "1024138",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024138"
},
{
"name" : "40326",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40326"
},
{
"name" : "40401",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40401"
},
{
"name" : "40481",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40481"
},
{
"name" : "ADV-2010-1551",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1551"
},
{
"name" : "ADV-2010-1556",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1556"
},
{
"name" : "ADV-2010-1557",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1557"
},
{
"name" : "ADV-2010-1640",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1640"
},
{
"name" : "ADV-2010-1773",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1773"
},
{
"name" : "ADV-2010-1592",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1592"
},
{
"name" : "firefox-contentdisposition-security-bypass(59667)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59667"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both \"Content-Disposition: attachment\" and \"Content-Type: multipart\" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40481"
},
{
"name": "USN-930-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-930-1"
},
{
"name": "oval:org.mitre.oval:def:14186",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14186"
},
{
"name": "FEDORA-2010-10361",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html"
},
{
"name": "1024138",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024138"
},
{
"name": "ADV-2010-1640",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1640"
},
{
"name": "oval:org.mitre.oval:def:10168",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10168"
},
{
"name": "41050",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41050"
},
{
"name": "RHSA-2010:0501",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0501.html"
},
{
"name": "ADV-2010-1557",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1557"
},
{
"name": "MDVSA-2010:125",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:125"
},
{
"name": "ADV-2010-1773",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1773"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=537120",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=537120"
},
{
"name": "RHSA-2010:0499",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0499.html"
},
{
"name": "ADV-2010-1556",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1556"
},
{
"name": "ADV-2010-1592",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1592"
},
{
"name": "USN-930-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-930-2"
},
{
"name": "41103",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41103"
},
{
"name": "ADV-2010-1551",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1551"
},
{
"name": "RHSA-2010:0500",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0500.html"
},
{
"name": "SUSE-SA:2010:030",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html"
},
{
"name": "40401",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40401"
},
{
"name": "FEDORA-2010-10344",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html"
},
{
"name": "firefox-contentdisposition-security-bypass(59667)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59667"
},
{
"name": "40326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40326"
},
{
"name": "http://www.mozilla.org/security/announce/2010/mfsa2010-32.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-32.html"
},
{
"name": "http://support.avaya.com/css/P8/documents/100091069",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100091069"
}
]
}
}

32
2010/3xxx/CVE-2010-3045.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3045",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3045",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

148
2010/3xxx/CVE-2010-3058.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3058",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, establishes an open UDP port, which might allow remote attackers to overwrite memory locations and execute arbitrary code, or cause a denial of service (application hang), via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3058",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21443820",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21443820"
},
{
"name" : "IC69883",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883"
},
{
"name" : "42549",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/42549"
},
{
"name" : "41044",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41044"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, establishes an open UDP port, which might allow remote attackers to overwrite memory locations and execute arbitrary code, or cause a denial of service (application hang), via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21443820",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21443820"
},
{
"name": "41044",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41044"
},
{
"name": "IC69883",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC69883"
},
{
"name": "42549",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42549"
}
]
}
}

198
2010/3xxx/CVE-2010-3138.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3138",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player or Media Player Classic to a directory that contains a .avi, .mka, .ra, or .ram file, aka \"Indeo Codec Insecure Library Loading Vulnerability.\" NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14765",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14765"
},
{
"name" : "14788",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14788"
},
{
"name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4956.php",
"refsource" : "MISC",
"url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4956.php"
},
{
"name" : "MS12-014",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-014"
},
{
"name" : "TA12-045A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-045A.html"
},
{
"name" : "67588",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/67588"
},
{
"name" : "oval:org.mitre.oval:def:7132",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7132"
},
{
"name" : "41114",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41114"
},
{
"name" : "ADV-2010-2190",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2190"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player or Media Player Classic to a directory that contains a .avi, .mka, .ra, or .ram file, aka \"Indeo Codec Insecure Library Loading Vulnerability.\" NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA12-045A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-045A.html"
},
{
"name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4956.php",
"refsource": "MISC",
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4956.php"
},
{
"name": "14765",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14765"
},
{
"name": "oval:org.mitre.oval:def:7132",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7132"
},
{
"name": "ADV-2010-2190",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2190"
},
{
"name": "67588",
"refsource": "OSVDB",
"url": "http://osvdb.org/67588"
},
{
"name": "14788",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14788"
},
{
"name": "41114",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41114"
},
{
"name": "MS12-014",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-014"
}
]
}
}

138
2010/3xxx/CVE-2010-3372.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3372",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in NorduGrid Advanced Resource Connector (ARC) before 0.8.3 allows local users to gain privileges via vectors related to the LD_LIBRARY_PATH environment variable. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.nordugrid.org/arc/releases/0_8_3/release_notes_0_8_3.html",
"refsource" : "CONFIRM",
"url" : "http://www.nordugrid.org/arc/releases/0_8_3/release_notes_0_8_3.html"
},
{
"name" : "42496",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42496"
},
{
"name" : "arc-ldlibpath-priv-escalation(64434)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64434"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in NorduGrid Advanced Resource Connector (ARC) before 0.8.3 allows local users to gain privileges via vectors related to the LD_LIBRARY_PATH environment variable. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.nordugrid.org/arc/releases/0_8_3/release_notes_0_8_3.html",
"refsource": "CONFIRM",
"url": "http://www.nordugrid.org/arc/releases/0_8_3/release_notes_0_8_3.html"
},
{
"name": "42496",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42496"
},
{
"name": "arc-ldlibpath-priv-escalation(64434)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64434"
}
]
}
}

148
2010/3xxx/CVE-2010-3414.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3414",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 6.0.472.59 on Mac OS X does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. NOTE: this issue exists because of an incorrect fix for CVE-2010-3112 on Mac OS X."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=45400",
"refsource" : "MISC",
"url" : "http://code.google.com/p/chromium/issues/detail?id=45400"
},
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=53361",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=53361"
},
{
"name" : "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html"
},
{
"name" : "oval:org.mitre.oval:def:13941",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13941"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 6.0.472.59 on Mac OS X does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. NOTE: this issue exists because of an incorrect fix for CVE-2010-3112 on Mac OS X."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/chromium/issues/detail?id=45400",
"refsource": "MISC",
"url": "http://code.google.com/p/chromium/issues/detail?id=45400"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=53361",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=53361"
},
{
"name": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html"
},
{
"name": "oval:org.mitre.oval:def:13941",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13941"
}
]
}
}

138
2010/4xxx/CVE-2010-4512.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4512",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cobbler before 2.0.4 uses an incorrect umask value, which allows local users to have an unspecified impact by leveraging world writable permissions for files and directories."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz",
"refsource" : "CONFIRM",
"url" : "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=554567",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=554567"
},
{
"name" : "42602",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42602"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cobbler before 2.0.4 uses an incorrect umask value, which allows local users to have an unspecified impact by leveraging world writable permissions for files and directories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42602",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42602"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=554567",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554567"
},
{
"name": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz",
"refsource": "CONFIRM",
"url": "http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz"
}
]
}
}

138
2010/4xxx/CVE-2010-4964.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4964",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 allows remote attackers to execute arbitrary commands via shell metacharacters in the Password field, related to a \"semicolon injection\" vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110910 D-Link DCS-2121 Semicolon Vulnerability",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/09/10/1"
},
{
"name" : "[oss-security] 20110914 Re: D-Link DCS-2121 Semicolon Vulnerability",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/09/14/4"
},
{
"name" : "http://newsoft-tech.blogspot.com/2010/09/d-link-dcs-2121-and-state-of-embedded.html",
"refsource" : "MISC",
"url" : "http://newsoft-tech.blogspot.com/2010/09/d-link-dcs-2121-and-state-of-embedded.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 allows remote attackers to execute arbitrary commands via shell metacharacters in the Password field, related to a \"semicolon injection\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110910 D-Link DCS-2121 Semicolon Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/09/10/1"
},
{
"name": "http://newsoft-tech.blogspot.com/2010/09/d-link-dcs-2121-and-state-of-embedded.html",
"refsource": "MISC",
"url": "http://newsoft-tech.blogspot.com/2010/09/d-link-dcs-2121-and-state-of-embedded.html"
},
{
"name": "[oss-security] 20110914 Re: D-Link DCS-2121 Semicolon Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/09/14/4"
}
]
}
}

228
2014/3xxx/CVE-2014-3155.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3155",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "net/spdy/spdy_write_queue.cc in the SPDY implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging incorrect queue maintenance."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-3155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2014/06/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2014/06/stable-channel-update.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=369539",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=369539"
},
{
"name" : "https://src.chromium.org/viewvc/chrome?revision=267984&view=revision",
"refsource" : "CONFIRM",
"url" : "https://src.chromium.org/viewvc/chrome?revision=267984&view=revision"
},
{
"name" : "https://src.chromium.org/viewvc/chrome?revision=268730&view=revision",
"refsource" : "CONFIRM",
"url" : "https://src.chromium.org/viewvc/chrome?revision=268730&view=revision"
},
{
"name" : "https://src.chromium.org/viewvc/chrome?revision=269246&view=revision",
"refsource" : "CONFIRM",
"url" : "https://src.chromium.org/viewvc/chrome?revision=269246&view=revision"
},
{
"name" : "DSA-2959",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2959"
},
{
"name" : "GLSA-201408-16",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201408-16.xml"
},
{
"name" : "67980",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67980"
},
{
"name" : "58585",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58585"
},
{
"name" : "59090",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59090"
},
{
"name" : "60372",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60372"
},
{
"name" : "60061",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60061"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "net/spdy/spdy_write_queue.cc in the SPDY implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging incorrect queue maintenance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "67980",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67980"
},
{
"name": "https://src.chromium.org/viewvc/chrome?revision=268730&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/chrome?revision=268730&view=revision"
},
{
"name": "59090",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59090"
},
{
"name": "http://googlechromereleases.blogspot.com/2014/06/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2014/06/stable-channel-update.html"
},
{
"name": "GLSA-201408-16",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201408-16.xml"
},
{
"name": "60372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60372"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=369539",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=369539"
},
{
"name": "60061",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60061"
},
{
"name": "https://src.chromium.org/viewvc/chrome?revision=269246&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/chrome?revision=269246&view=revision"
},
{
"name": "https://src.chromium.org/viewvc/chrome?revision=267984&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/chrome?revision=267984&view=revision"
},
{
"name": "58585",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58585"
},
{
"name": "DSA-2959",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2959"
}
]
}
}

138
2014/4xxx/CVE-2014-4106.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4106",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-4106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-052",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052"
},
{
"name" : "69614",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69614"
},
{
"name" : "1030818",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030818"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69614",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69614"
},
{
"name": "1030818",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030818"
},
{
"name": "MS14-052",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052"
}
]
}
}

138
2014/4xxx/CVE-2014-4710.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4710",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in zero_user_account.php in ZeroCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the Full Name field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "34170",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/34170"
},
{
"name" : "https://community.qualys.com/blogs/securitylabs/2014/07/24/yet-another-zerocms-cross-site-scripting-vulnerability-cve-2014-4710",
"refsource" : "MISC",
"url" : "https://community.qualys.com/blogs/securitylabs/2014/07/24/yet-another-zerocms-cross-site-scripting-vulnerability-cve-2014-4710"
},
{
"name" : "http://packetstormsecurity.com/files/127634/ZeroCMS-1.0-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127634/ZeroCMS-1.0-Cross-Site-Scripting.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in zero_user_account.php in ZeroCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the Full Name field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.qualys.com/blogs/securitylabs/2014/07/24/yet-another-zerocms-cross-site-scripting-vulnerability-cve-2014-4710",
"refsource": "MISC",
"url": "https://community.qualys.com/blogs/securitylabs/2014/07/24/yet-another-zerocms-cross-site-scripting-vulnerability-cve-2014-4710"
},
{
"name": "http://packetstormsecurity.com/files/127634/ZeroCMS-1.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127634/ZeroCMS-1.0-Cross-Site-Scripting.html"
},
{
"name": "34170",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/34170"
}
]
}
}

32
2014/8xxx/CVE-2014-8141.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8141",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8141",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2014/8xxx/CVE-2014-8256.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8256",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8256",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

178
2014/8xxx/CVE-2014-8393.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8393",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, and Corel PDF Fusion."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150112 Corel Software DLL Hijacking",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534452/100/0/threaded"
},
{
"name" : "20150112 Corel Software DLL Hijacking",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Jan/33"
},
{
"name" : "http://packetstormsecurity.com/files/129922/Corel-Software-DLL-Hijacking.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129922/Corel-Software-DLL-Hijacking.html"
},
{
"name" : "http://www.coresecurity.com/advisories/corel-software-dll-hijacking",
"refsource" : "MISC",
"url" : "http://www.coresecurity.com/advisories/corel-software-dll-hijacking"
},
{
"name" : "72005",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72005"
},
{
"name" : "1031522",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031522"
},
{
"name" : "62210",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62210"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, and Corel PDF Fusion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150112 Corel Software DLL Hijacking",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534452/100/0/threaded"
},
{
"name": "72005",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72005"
},
{
"name": "62210",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62210"
},
{
"name": "http://www.coresecurity.com/advisories/corel-software-dll-hijacking",
"refsource": "MISC",
"url": "http://www.coresecurity.com/advisories/corel-software-dll-hijacking"
},
{
"name": "1031522",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031522"
},
{
"name": "20150112 Corel Software DLL Hijacking",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/33"
},
{
"name": "http://packetstormsecurity.com/files/129922/Corel-Software-DLL-Hijacking.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129922/Corel-Software-DLL-Hijacking.html"
}
]
}
}

138
2014/8xxx/CVE-2014-8778.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8778",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Checkmarx CxSAST (formerly CxSuite) before 7.1.8 allows remote authenticated users to bypass the CxQL sandbox protection mechanism and execute arbitrary C# code by asserting the (1) System.Security.Permissions.PermissionState.Unrestricted or (2) System.Security.Permissions.SecurityPermissionFlag.AllFlags permission."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150903 Checkmarx CxQL Sandbox bypass (CVE-2014-8778)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/536387/100/0/threaded"
},
{
"name" : "20150907 Checkmarx CxQL Sandbox bypass (CVE-2014-8778)",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Sep/17"
},
{
"name" : "http://packetstormsecurity.com/files/133437/Checkmarx-CxQL-7.1.5-Sandbox-Bypass.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/133437/Checkmarx-CxQL-7.1.5-Sandbox-Bypass.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Checkmarx CxSAST (formerly CxSuite) before 7.1.8 allows remote authenticated users to bypass the CxQL sandbox protection mechanism and execute arbitrary C# code by asserting the (1) System.Security.Permissions.PermissionState.Unrestricted or (2) System.Security.Permissions.SecurityPermissionFlag.AllFlags permission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/133437/Checkmarx-CxQL-7.1.5-Sandbox-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133437/Checkmarx-CxQL-7.1.5-Sandbox-Bypass.html"
},
{
"name": "20150903 Checkmarx CxQL Sandbox bypass (CVE-2014-8778)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536387/100/0/threaded"
},
{
"name": "20150907 Checkmarx CxQL Sandbox bypass (CVE-2014-8778)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Sep/17"
}
]
}
}

32
2014/9xxx/CVE-2014-9169.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9169",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-9169",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

32
2014/9xxx/CVE-2014-9356.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9356",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9356",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

178
2014/9xxx/CVE-2014-9432.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9432",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in templates/2k11/admin/overview.inc.tpl in Serendipity before 2.0-rc2 allow remote attackers to inject arbitrary web script or HTML via a blog comment in the QUERY_STRING to serendipity/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141223 Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534315/100/0/threaded"
},
{
"name" : "20141223 Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Dec/108"
},
{
"name" : "http://sroesemann.blogspot.de/2014/12/bericht-zu-sroeadv-2014-02.html",
"refsource" : "MISC",
"url" : "http://sroesemann.blogspot.de/2014/12/bericht-zu-sroeadv-2014-02.html"
},
{
"name" : "http://packetstormsecurity.com/files/129709/CMS-Serendipity-2.0-rc1-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129709/CMS-Serendipity-2.0-rc1-Cross-Site-Scripting.html"
},
{
"name" : "http://blog.s9y.org/archives/259-Serendipity-2.0-rc2-released.html",
"refsource" : "CONFIRM",
"url" : "http://blog.s9y.org/archives/259-Serendipity-2.0-rc2-released.html"
},
{
"name" : "https://github.com/s9y/Serendipity/commit/36cde3030aaa27a46bf94086e062dfe56b60230b",
"refsource" : "CONFIRM",
"url" : "https://github.com/s9y/Serendipity/commit/36cde3030aaa27a46bf94086e062dfe56b60230b"
},
{
"name" : "serendipity-index-xss(99464)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99464"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in templates/2k11/admin/overview.inc.tpl in Serendipity before 2.0-rc2 allow remote attackers to inject arbitrary web script or HTML via a blog comment in the QUERY_STRING to serendipity/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/129709/CMS-Serendipity-2.0-rc1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129709/CMS-Serendipity-2.0-rc1-Cross-Site-Scripting.html"
},
{
"name": "serendipity-index-xss(99464)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99464"
},
{
"name": "20141223 Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534315/100/0/threaded"
},
{
"name": "http://blog.s9y.org/archives/259-Serendipity-2.0-rc2-released.html",
"refsource": "CONFIRM",
"url": "http://blog.s9y.org/archives/259-Serendipity-2.0-rc2-released.html"
},
{
"name": "http://sroesemann.blogspot.de/2014/12/bericht-zu-sroeadv-2014-02.html",
"refsource": "MISC",
"url": "http://sroesemann.blogspot.de/2014/12/bericht-zu-sroeadv-2014-02.html"
},
{
"name": "20141223 Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/108"
},
{
"name": "https://github.com/s9y/Serendipity/commit/36cde3030aaa27a46bf94086e062dfe56b60230b",
"refsource": "CONFIRM",
"url": "https://github.com/s9y/Serendipity/commit/36cde3030aaa27a46bf94086e062dfe56b60230b"
}
]
}
}

158
2014/9xxx/CVE-2014-9488.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9488",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html",
"refsource" : "MISC",
"url" : "https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html"
},
{
"name" : "http://advisories.mageia.org/MGASA-2015-0139.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2015-0139.html"
},
{
"name" : "FEDORA-2015-9357",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159449.html"
},
{
"name" : "MDVSA-2015:199",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:199"
},
{
"name" : "openSUSE-SU-2015:0595",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00077.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-9357",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159449.html"
},
{
"name": "openSUSE-SU-2015:0595",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00077.html"
},
{
"name": "https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html",
"refsource": "MISC",
"url": "https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0139.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0139.html"
},
{
"name": "MDVSA-2015:199",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:199"
}
]
}
}

148
2016/2xxx/CVE-2016-2140.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"ID" : "CVE-2016-2140",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160308 Re: [OSSA 2016-007] Nova host data leak through resize/migration (CVE-2016-2140)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/03/08/6"
},
{
"name" : "https://bugs.launchpad.net/nova/+bug/1548450",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/nova/+bug/1548450"
},
{
"name" : "https://security.openstack.org/ossa/OSSA-2016-007.html",
"refsource" : "CONFIRM",
"url" : "https://security.openstack.org/ossa/OSSA-2016-007.html"
},
{
"name" : "84277",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/84277"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/nova/+bug/1548450",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/nova/+bug/1548450"
},
{
"name": "https://security.openstack.org/ossa/OSSA-2016-007.html",
"refsource": "CONFIRM",
"url": "https://security.openstack.org/ossa/OSSA-2016-007.html"
},
{
"name": "84277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84277"
},
{
"name": "[oss-security] 20160308 Re: [OSSA 2016-007] Nova host data leak through resize/migration (CVE-2016-2140)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/03/08/6"
}
]
}
}

158
2016/2xxx/CVE-2016-2527.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2527",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser in Wireshark 2.0.x before 2.0.2 does not ensure that a '\\0' character is present at the end of certain strings, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2016-07.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2016-07.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11982",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11982"
},
{
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=140aad08e081489b5cdb715cb5bca01db856fded",
"refsource" : "CONFIRM",
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=140aad08e081489b5cdb715cb5bca01db856fded"
},
{
"name" : "GLSA-201604-05",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201604-05"
},
{
"name" : "1035118",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035118"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser in Wireshark 2.0.x before 2.0.2 does not ensure that a '\\0' character is present at the end of certain strings, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11982",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11982"
},
{
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=140aad08e081489b5cdb715cb5bca01db856fded",
"refsource": "CONFIRM",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=140aad08e081489b5cdb715cb5bca01db856fded"
},
{
"name": "GLSA-201604-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201604-05"
},
{
"name": "1035118",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035118"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2016-07.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2016-07.html"
}
]
}
}

32
2016/2xxx/CVE-2016-2761.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2761",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2761",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

188
2016/2xxx/CVE-2016-2845.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2845",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation reports, related to FrameFetchContext.cpp and ResourceFetcher.cpp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-2845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://homakov.blogspot.com/2014/01/using-content-security-policy-for-evil.html",
"refsource" : "MISC",
"url" : "http://homakov.blogspot.com/2014/01/using-content-security-policy-for-evil.html"
},
{
"name" : "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html"
},
{
"name" : "https://bugs.chromium.org/p/chromium/issues/detail?id=542060",
"refsource" : "CONFIRM",
"url" : "https://bugs.chromium.org/p/chromium/issues/detail?id=542060"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=591402",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=591402"
},
{
"name" : "https://codereview.chromium.org/1454003003/",
"refsource" : "CONFIRM",
"url" : "https://codereview.chromium.org/1454003003/"
},
{
"name" : "USN-2920-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2920-1"
},
{
"name" : "84168",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/84168"
},
{
"name" : "1035185",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035185"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation reports, related to FrameFetchContext.cpp and ResourceFetcher.cpp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codereview.chromium.org/1454003003/",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1454003003/"
},
{
"name": "1035185",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035185"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=591402",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=591402"
},
{
"name": "https://bugs.chromium.org/p/chromium/issues/detail?id=542060",
"refsource": "CONFIRM",
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=542060"
},
{
"name": "http://homakov.blogspot.com/2014/01/using-content-security-policy-for-evil.html",
"refsource": "MISC",
"url": "http://homakov.blogspot.com/2014/01/using-content-security-policy-for-evil.html"
},
{
"name": "84168",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84168"
},
{
"name": "USN-2920-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2920-1"
},
{
"name": "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html"
}
]
}
}

168
2016/3xxx/CVE-2016-3108.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3108",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160519 Pulp 2.8.3 Released to address multiple CVEs",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/05/20/1"
},
{
"name" : "https://bugzilla.redhat.com/attachment.cgi?id=1146475",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/attachment.cgi?id=1146475"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1325934",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1325934"
},
{
"name" : "https://github.com/pulp/pulp/pull/2528",
"refsource" : "CONFIRM",
"url" : "https://github.com/pulp/pulp/pull/2528"
},
{
"name" : "https://pulp.plan.io/issues/1830",
"refsource" : "CONFIRM",
"url" : "https://pulp.plan.io/issues/1830"
},
{
"name" : "RHBA-2016:1501",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHBA-2016:1501"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/attachment.cgi?id=1146475",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/attachment.cgi?id=1146475"
},
{
"name": "https://github.com/pulp/pulp/pull/2528",
"refsource": "CONFIRM",
"url": "https://github.com/pulp/pulp/pull/2528"
},
{
"name": "RHBA-2016:1501",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2016:1501"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1325934",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1325934"
},
{
"name": "https://pulp.plan.io/issues/1830",
"refsource": "CONFIRM",
"url": "https://pulp.plan.io/issues/1830"
},
{
"name": "[oss-security] 20160519 Pulp 2.8.3 Released to address multiple CVEs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/20/1"
}
]
}
}

32
2016/3xxx/CVE-2016-3143.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3143",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3143",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

148
2016/3xxx/CVE-2016-3634.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3634",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to field_tag matching."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160408 CVE-2016-3634 - libtiff illegel read",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/04/08/13"
},
{
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2547",
"refsource" : "MISC",
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2547"
},
{
"name" : "GLSA-201701-16",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-16"
},
{
"name" : "93335",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93335"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to field_tag matching."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160408 CVE-2016-3634 - libtiff illegel read",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/08/13"
},
{
"name": "93335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93335"
},
{
"name": "GLSA-201701-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-16"
},
{
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2547",
"refsource": "MISC",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2547"
}
]
}
}

32
2016/6xxx/CVE-2016-6514.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6514",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6514",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

128
2016/6xxx/CVE-2016-6898.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6898",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XML external entity (XXE) vulnerability in the Hyper Management Module (HMM) in Huawei E9000 rack servers with software before V100R001C00SPC296 allows remote authenticated users to read arbitrary files or cause a denial of service (web service outage) via a crafted XML document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-e9000-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-e9000-en"
},
{
"name" : "92620",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92620"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML external entity (XXE) vulnerability in the Hyper Management Module (HMM) in Huawei E9000 rack servers with software before V100R001C00SPC296 allows remote authenticated users to read arbitrary files or cause a denial of service (web service outage) via a crafted XML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92620",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92620"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-e9000-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-e9000-en"
}
]
}
}

168
2016/7xxx/CVE-2016-7567.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7567",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45804",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45804/"
},
{
"name" : "[oss-security] 20160927 CVE Request - OpenSLP 2.0 Memory Corruption",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/09/27/4"
},
{
"name" : "[oss-security] 20160928 Re: CVE Request - OpenSLP 2.0 Memory Corruption",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/09/28/1"
},
{
"name" : "https://sourceforge.net/p/openslp/mercurial/ci/34fb3aa5e6b4997fa21cb614e480de36da5dbc9a/",
"refsource" : "CONFIRM",
"url" : "https://sourceforge.net/p/openslp/mercurial/ci/34fb3aa5e6b4997fa21cb614e480de36da5dbc9a/"
},
{
"name" : "GLSA-201707-05",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201707-05"
},
{
"name" : "93186",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93186"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160927 CVE Request - OpenSLP 2.0 Memory Corruption",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/27/4"
},
{
"name": "93186",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93186"
},
{
"name": "[oss-security] 20160928 Re: CVE Request - OpenSLP 2.0 Memory Corruption",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/28/1"
},
{
"name": "GLSA-201707-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-05"
},
{
"name": "45804",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45804/"
},
{
"name": "https://sourceforge.net/p/openslp/mercurial/ci/34fb3aa5e6b4997fa21cb614e480de36da5dbc9a/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/openslp/mercurial/ci/34fb3aa5e6b4997fa21cb614e480de36da5dbc9a/"
}
]
}
}

32
2016/7xxx/CVE-2016-7744.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7744",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7744",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

138
2016/7xxx/CVE-2016-7837.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2016-7837",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BlueZ",
"version" : {
"version_data" : [
{
"version_value" : "5.41 and earlier"
}
]
}
}
]
},
"vendor_name" : "BlueZ Project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Overflow"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BlueZ",
"version": {
"version_data": [
{
"version_value": "5.41 and earlier"
}
]
}
}
]
},
"vendor_name": "BlueZ Project"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601",
"refsource" : "CONFIRM",
"url" : "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601"
},
{
"name" : "JVN#38755305",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN38755305/index.html"
},
{
"name" : "95067",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95067"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#38755305",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN38755305/index.html"
},
{
"name": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601"
},
{
"name": "95067",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95067"
}
]
}
}

32
2016/7xxx/CVE-2016-7918.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7918",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7918",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}