admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:07:55 +00:00
parent 3d570e8696
commit 452e95c734
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
47 changed files with 3574 additions and 3574 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2006/0xxx/CVE-2006-0075.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0075", "ID": "CVE-2006-0075",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Direct static code injection vulnerability in phpBook 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via the e-mail field (mail variable) in a new message, which is written to a PHP file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060101 [eVuln] phpBook PHP Code Execution", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/420698/100/0/threaded" "lang": "eng",
}, "value": "Direct static code injection vulnerability in phpBook 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via the e-mail field (mail variable) in a new message, which is written to a PHP file."
{ }
"name" : "http://evuln.com/vulns/6/summary.html", ]
"refsource" : "MISC", },
"url" : "http://evuln.com/vulns/6/summary.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16106", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16106" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-0002", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/0002" ]
}, },
{ "references": {
"name" : "18268", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18268" "name": "20060101 [eVuln] phpBook PHP Code Execution",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/420698/100/0/threaded"
} },
} {
"name": "http://evuln.com/vulns/6/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/6/summary.html"
},
{
"name": "18268",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18268"
},
{
"name": "16106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16106"
},
{
"name": "ADV-2006-0002",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0002"
}
]
}
}

280
2006/0xxx/CVE-2006-0313.json
View File

@ -1,142 +1,142 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0313", "ID": "CVE-2006-0313",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in PDFdirectory before 1.0 allow remote attackers to execute arbitrary SQL commands via multiple unspecified vectors involving (1) util.php, (2) userpref.php, (3) user.php, (4) uploadfrm.php, (5) title.php, (6) team.php, (7) stats.php, (8) page.php, (9) org.php, (10) member.php, (11) index.php, (12) group.php, or (13) anniv.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sourceforge.net/project/shownotes.php?release_id=382411&group_id=122682", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=382411&group_id=122682" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in PDFdirectory before 1.0 allow remote attackers to execute arbitrary SQL commands via multiple unspecified vectors involving (1) util.php, (2) userpref.php, (3) user.php, (4) uploadfrm.php, (5) title.php, (6) team.php, (7) stats.php, (8) page.php, (9) org.php, (10) member.php, (11) index.php, (12) group.php, or (13) anniv.php."
{ }
"name" : "16273", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/16273" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-0231", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0231" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "22403", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/22403" ]
}, },
{ "references": {
"name" : "22404", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22404" "name": "22412",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/22412"
"name" : "22405", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22405" "name": "22407",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/22407"
"name" : "22406", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22406" "name": "22405",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/22405"
"name" : "22407", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22407" "name": "22411",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/22411"
"name" : "22408", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22408" "name": "http://sourceforge.net/project/shownotes.php?release_id=382411&group_id=122682",
}, "refsource": "CONFIRM",
{ "url": "http://sourceforge.net/project/shownotes.php?release_id=382411&group_id=122682"
"name" : "22409", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22409" "name": "16273",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/16273"
"name" : "22410", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22410" "name": "22404",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/22404"
"name" : "22411", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22411" "name": "18459",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18459"
"name" : "22412", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22412" "name": "22403",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/22403"
"name" : "22413", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22413" "name": "22410",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/22410"
"name" : "22414", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22414" "name": "ADV-2006-0231",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/0231"
"name" : "22415", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22415" "name": "22409",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/22409"
"name" : "18459", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18459" "name": "22406",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/22406"
} },
} {
"name": "22408",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22408"
},
{
"name": "22414",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22414"
},
{
"name": "22415",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22415"
},
{
"name": "22413",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22413"
}
]
}
}

140
2006/0xxx/CVE-2006-0584.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0584", "ID": "CVE-2006-0584",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PSCipher function in PeopleSoft People Tools 8.4x uses PKCS #5 with a fixed DES key to store user passwords, which makes it easier for local users to guess passwords using a dictionary attack that compares output strings."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060204 PeopleSoft (Oracle) PSCipher Encryption Weakness", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/424086/100/0/threaded" "lang": "eng",
}, "value": "The PSCipher function in PeopleSoft People Tools 8.4x uses PKCS #5 with a fixed DES key to store user passwords, which makes it easier for local users to guess passwords using a dictionary attack that compares output strings."
{ }
"name" : "16507", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/16507" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "22952", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22952" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "16507",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16507"
},
{
"name": "22952",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22952"
},
{
"name": "20060204 PeopleSoft (Oracle) PSCipher Encryption Weakness",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424086/100/0/threaded"
}
]
}
}

180
2006/0xxx/CVE-2006-0918.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0918", "ID": "CVE-2006-0918",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in RITLabs The Bat! 3.60.07 allows remote attackers to execute arbitrary code via a long Subject field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060223 NSA Group Security Advisory NSAG-¹198-23.02.2006 Vulnerability The Bat v. 3.60.07", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/425936/100/0/threaded" "lang": "eng",
}, "value": "Buffer overflow in RITLabs The Bat! 3.60.07 allows remote attackers to execute arbitrary code via a long Subject field."
{ }
"name" : "http://www.nsag.ru/vuln/953.html", ]
"refsource" : "MISC", },
"url" : "http://www.nsag.ru/vuln/953.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16797", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16797" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-0717", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/0717" ]
}, },
{ "references": {
"name" : "18989", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18989" "name": "20060223 NSA Group Security Advisory NSAG-¹198-23.02.2006 Vulnerability The Bat v. 3.60.07",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/425936/100/0/threaded"
"name" : "485", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/485" "name": "485",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/485"
"name" : "thebat-subject-bo(24882)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24882" "name": "thebat-subject-bo(24882)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24882"
} },
} {
"name": "16797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16797"
},
{
"name": "18989",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18989"
},
{
"name": "http://www.nsag.ru/vuln/953.html",
"refsource": "MISC",
"url": "http://www.nsag.ru/vuln/953.html"
},
{
"name": "ADV-2006-0717",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0717"
}
]
}
}

130
2006/1xxx/CVE-2006-1766.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1766", "ID": "CVE-2006-1766",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Papoo 2.1.5, and 3 beta1 and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) getlang and (2) reporeid parameter in (a) index.php, (3) menuid parameter in (b) plugin.php and (c) forumthread.php, and (4) msgid parameter in forumthread.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels0.blogspot.com/2006/04/papoo-multiple-sql-vuln.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels0.blogspot.com/2006/04/papoo-multiple-sql-vuln.html" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in Papoo 2.1.5, and 3 beta1 and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) getlang and (2) reporeid parameter in (a) index.php, (3) menuid parameter in (b) plugin.php and (c) forumthread.php, and (4) msgid parameter in forumthread.php."
{ }
"name" : "papoo-multiple-scripts-sql-injection(25728)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25728" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pridels0.blogspot.com/2006/04/papoo-multiple-sql-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/04/papoo-multiple-sql-vuln.html"
},
{
"name": "papoo-multiple-scripts-sql-injection(25728)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25728"
}
]
}
}

220
2006/3xxx/CVE-2006-3492.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3492", "ID": "CVE-2006-3492",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CORBA::ORBInvokeRec::set_answer_invoke function in orb.cc in MICO (Mico Is CORBA) 2.3.12 and earlier allows remote attackers to cause a denial of service (application crash) via a message with an incorrect \"object key\", which triggers an assert error."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060706 Mico crashes when contected with wrong IOR / DoS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/439439/100/0/threaded" "lang": "eng",
}, "value": "The CORBA::ORBInvokeRec::set_answer_invoke function in orb.cc in MICO (Mico Is CORBA) 2.3.12 and earlier allows remote attackers to cause a denial of service (application crash) via a message with an incorrect \"object key\", which triggers an assert error."
{ }
"name" : "20060709 Re: Mico crashes when contected with wrong IOR / DoS", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/439606" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20060710 Re: Mico crashes when contected with wrong IOR / DoS", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/439655/100/0/threaded" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20060706 Mico crashes when contected with wrong IOR / DoS", ]
"refsource" : "FULLDISC", }
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047708.html" ]
}, },
{ "references": {
"name" : "http://mico.org/down.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://mico.org/down.html" "name": "20060709 Re: Mico crashes when contected with wrong IOR / DoS",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/439606"
"name" : "18869", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/18869" "name": "20970",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20970"
"name" : "ADV-2006-2709", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2709" "name": "18869",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/18869"
"name" : "27029", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27029" "name": "20060706 Mico crashes when contected with wrong IOR / DoS",
}, "refsource": "FULLDISC",
{ "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047708.html"
"name" : "20970", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20970" "name": "20060710 Re: Mico crashes when contected with wrong IOR / DoS",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/439655/100/0/threaded"
"name" : "1210", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1210" "name": "27029",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/27029"
"name" : "mico-setanswerinvoke-dos(27686)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27686" "name": "1210",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/1210"
} },
} {
"name": "20060706 Mico crashes when contected with wrong IOR / DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439439/100/0/threaded"
},
{
"name": "http://mico.org/down.html",
"refsource": "CONFIRM",
"url": "http://mico.org/down.html"
},
{
"name": "mico-setanswerinvoke-dos(27686)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27686"
},
{
"name": "ADV-2006-2709",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2709"
}
]
}
}

160
2006/3xxx/CVE-2006-3912.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3912", "ID": "CVE-2006-3912",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the SFX module in WinRAR before 3.60 beta 8 has unspecified vectors and impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "1984", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/1984" "lang": "eng",
}, "value": "Stack-based buffer overflow in the SFX module in WinRAR before 3.60 beta 8 has unspecified vectors and impact."
{ }
"name" : "1985", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/1985" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1992", "description": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/1992" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.rarlabs.com/rarnew.htm", ]
"refsource" : "CONFIRM", }
"url" : "http://www.rarlabs.com/rarnew.htm" ]
}, },
{ "references": {
"name" : "27031", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27031" "name": "27031",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/27031"
} },
} {
"name": "1992",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1992"
},
{
"name": "http://www.rarlabs.com/rarnew.htm",
"refsource": "CONFIRM",
"url": "http://www.rarlabs.com/rarnew.htm"
},
{
"name": "1984",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1984"
},
{
"name": "1985",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1985"
}
]
}
}

300
2006/4xxx/CVE-2006-4089.json
View File

@ -1,152 +1,152 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4089", "ID": "CVE-2006-4089",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and earlier allow remote attackers to cause a denial of service (application crash), or have other unknown impact, via (1) a long Location field sent by a web server, which triggers an overflow in the reconnect function in reader/http/http.c; (2) a long URL sent by a web server when AlsaPlayer is seeking a media file for the playlist, which triggers overflows in new_list_item and CbUpdated in interface/gtk/PlaylistWindow.cpp; and (3) a long response sent by a CDDB server, which triggers an overflow in cddb_lookup in input/ccda/cdda_engine.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060809 Multiple buffer-overflows in AlsaPlayer 0.99.76", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/442725/100/0/threaded" "lang": "eng",
}, "value": "Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and earlier allow remote attackers to cause a denial of service (application crash), or have other unknown impact, via (1) a long Location field sent by a web server, which triggers an overflow in the reconnect function in reader/http/http.c; (2) a long URL sent by a web server when AlsaPlayer is seeking a media file for the playlist, which triggers overflows in new_list_item and CbUpdated in interface/gtk/PlaylistWindow.cpp; and (3) a long response sent by a CDDB server, which triggers an overflow in cddb_lookup in input/ccda/cdda_engine.c."
{ }
"name" : "20060809 Multiple buffer-overflows in AlsaPlayer 0.99.76", ]
"refsource" : "FULLDISC", },
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0249.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://aluigi.altervista.org/adv/alsapbof-adv.txt", "description": [
"refsource" : "MISC", {
"url" : "http://aluigi.altervista.org/adv/alsapbof-adv.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-1179", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2006/dsa-1179" ]
}, },
{ "references": {
"name" : "GLSA-200608-24", "reference_data": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200608-24.xml" "name": "19450",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/19450"
"name" : "SUSE-SR:2006:021", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2006_21_sr.html" "name": "27883",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/27883"
"name" : "19450", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/19450" "name": "1356",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/1356"
"name" : "ADV-2006-3235", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3235" "name": "27885",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/27885"
"name" : "27883", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27883" "name": "27884",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/27884"
"name" : "27884", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27884" "name": "21749",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21749"
"name" : "27885", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27885" "name": "alsaplayer-reconnect-bo(28306)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28306"
"name" : "21422", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21422" "name": "22018",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22018"
"name" : "21639", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21639" "name": "20060809 Multiple buffer-overflows in AlsaPlayer 0.99.76",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/442725/100/0/threaded"
"name" : "22018", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22018" "name": "http://aluigi.altervista.org/adv/alsapbof-adv.txt",
}, "refsource": "MISC",
{ "url": "http://aluigi.altervista.org/adv/alsapbof-adv.txt"
"name" : "21749", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21749" "name": "21422",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21422"
"name" : "1356", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1356" "name": "GLSA-200608-24",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200608-24.xml"
"name" : "alsaplayer-cddblookup-bo(28308)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28308" "name": "SUSE-SR:2006:021",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2006_21_sr.html"
"name" : "alsaplayer-gtkplaylist-bo(28307)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28307" "name": "DSA-1179",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1179"
"name" : "alsaplayer-reconnect-bo(28306)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28306" "name": "alsaplayer-cddblookup-bo(28308)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28308"
} },
} {
"name": "alsaplayer-gtkplaylist-bo(28307)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28307"
},
{
"name": "ADV-2006-3235",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3235"
},
{
"name": "20060809 Multiple buffer-overflows in AlsaPlayer 0.99.76",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0249.html"
},
{
"name": "21639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21639"
}
]
}
}

160
2006/4xxx/CVE-2006-4190.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4190", "ID": "CVE-2006-4190",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in autohtml.php in the AutoHTML module for PHP-Nuke allows local users to include arbitrary files via a .. (dot dot) in the name parameter for a modload operation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060815 local file include in PHP-Nuke (autohtml.php)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/443289/100/0/threaded" "lang": "eng",
}, "value": "Directory traversal vulnerability in autohtml.php in the AutoHTML module for PHP-Nuke allows local users to include arbitrary files via a .. (dot dot) in the name parameter for a modload operation."
{ }
"name" : "http://www.lezr.com/vb/showthread.php?p=104324", ]
"refsource" : "MISC", },
"url" : "http://www.lezr.com/vb/showthread.php?p=104324" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "19525", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/19525" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1398", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/1398" ]
}, },
{ "references": {
"name" : "phpnuke-autohtml-file-include(28388)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28388" "name": "1398",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/1398"
} },
} {
"name": "http://www.lezr.com/vb/showthread.php?p=104324",
"refsource": "MISC",
"url": "http://www.lezr.com/vb/showthread.php?p=104324"
},
{
"name": "19525",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19525"
},
{
"name": "phpnuke-autohtml-file-include(28388)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28388"
},
{
"name": "20060815 local file include in PHP-Nuke (autohtml.php)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443289/100/0/threaded"
}
]
}
}

150
2006/4xxx/CVE-2006-4202.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4202", "ID": "CVE-2006-4202",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in proje_goster.php in Spidey Blog Script 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "2186", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2186" "lang": "eng",
}, "value": "SQL injection vulnerability in proje_goster.php in Spidey Blog Script 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter."
{ }
"name" : "19518", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/19518" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "21482", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21482" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "spidey-blog-projegoster-sql-injection(28374)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28374" ]
} },
] "references": {
} "reference_data": [
} {
"name": "spidey-blog-projegoster-sql-injection(28374)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28374"
},
{
"name": "19518",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19518"
},
{
"name": "21482",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21482"
},
{
"name": "2186",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2186"
}
]
}
}

34
2010/2xxx/CVE-2010-2749.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2010-2749", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2010-2749",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
} }
] ]
} }
} }

170
2010/2xxx/CVE-2010-2867.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2010-2867", "ID": "CVE-2010-2867",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly handle a certain return value associated with the rcsL chunk in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie, related to a \"pointer offset vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100824 TPTI-10-14: Adobe Shockwave Director rcsL Chunk Pointer Offset Remote Code Execution Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/513299/100/0/threaded" "lang": "eng",
}, "value": "DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly handle a certain return value associated with the rcsL chunk in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie, related to a \"pointer offset vulnerability.\""
{ }
"name" : "http://dvlabs.tippingpoint.com/advisory/TPTI-10-14", ]
"refsource" : "MISC", },
"url" : "http://dvlabs.tippingpoint.com/advisory/TPTI-10-14" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-20.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-20.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:12021", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12021" ]
}, },
{ "references": {
"name" : "1024361", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024361" "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-14",
}, "refsource": "MISC",
{ "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-14"
"name" : "ADV-2010-2176", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2176" "name": "1024361",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1024361"
} },
} {
"name": "http://www.adobe.com/support/security/bulletins/apsb10-20.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name": "oval:org.mitre.oval:def:12021",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12021"
},
{
"name": "ADV-2010-2176",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2176"
},
{
"name": "20100824 TPTI-10-14: Adobe Shockwave Director rcsL Chunk Pointer Offset Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513299/100/0/threaded"
}
]
}
}

170
2010/2xxx/CVE-2010-2872.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2010-2872", "ID": "CVE-2010-2872",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Shockwave Player before 11.5.8.612 does not properly validate an offset value in the pami RIFF chunk in a Director movie, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted movie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100824 ZDI-10-161: Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/513306/100/0/threaded" "lang": "eng",
}, "value": "Adobe Shockwave Player before 11.5.8.612 does not properly validate an offset value in the pami RIFF chunk in a Director movie, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted movie."
{ }
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-161", ]
"refsource" : "MISC", },
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-161" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-20.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-20.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:11889", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11889" ]
}, },
{ "references": {
"name" : "1024361", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024361" "name": "1024361",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1024361"
"name" : "ADV-2010-2176", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2176" "name": "http://www.adobe.com/support/security/bulletins/apsb10-20.html",
} "refsource": "CONFIRM",
] "url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
} },
} {
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-161",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-161"
},
{
"name": "oval:org.mitre.oval:def:11889",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11889"
},
{
"name": "20100824 ZDI-10-161: Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513306/100/0/threaded"
},
{
"name": "ADV-2010-2176",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2176"
}
]
}
}

130
2010/3xxx/CVE-2010-3034.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2010-3034", "ID": "CVE-2010-3034",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified vectors, a different vulnerability than CVE-2010-0575."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=21291", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=21291" "lang": "eng",
}, "value": "Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified vectors, a different vulnerability than CVE-2010-0575."
{ }
"name" : "20100908 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", ]
"refsource" : "CISCO", },
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b466e9.shtml" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=21291",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=21291"
},
{
"name": "20100908 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b466e9.shtml"
}
]
}
}

190
2010/3xxx/CVE-2010-3273.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3273", "ID": "CVE-2010-3273",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110210 CORE-2011-0103 - ZOHO ManageEngine ADSelfService multiple vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/516396/100/0/threaded" "lang": "eng",
}, "value": "ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult."
{ }
"name" : "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities", ]
"refsource" : "MISC", },
"url" : "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "46331", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/46331" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "70869", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/70869" ]
}, },
{ "references": {
"name" : "43241", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43241" "name": "adselfservice-resetresult-security-bypass(65348)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65348"
"name" : "8089", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/8089" "name": "43241",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43241"
"name" : "ADV-2011-0392", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0392" "name": "ADV-2011-0392",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0392"
"name" : "adselfservice-resetresult-security-bypass(65348)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65348" "name": "20110210 CORE-2011-0103 - ZOHO ManageEngine ADSelfService multiple vulnerabilities",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/516396/100/0/threaded"
} },
} {
"name": "8089",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8089"
},
{
"name": "70869",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70869"
},
{
"name": "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities"
},
{
"name": "46331",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46331"
}
]
}
}

34
2010/3xxx/CVE-2010-3292.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3292", "ID": "CVE-2010-3292",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2010/4xxx/CVE-2010-4368.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4368", "ID": "CVE-2010-4368",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://awstats.sourceforge.net/docs/awstats_changelog.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://awstats.sourceforge.net/docs/awstats_changelog.txt" "lang": "eng",
}, "value": "awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname."
{ }
"name" : "http://www.exploitdevelopment.com/Vulnerabilities/2010-WEB-001.html", ]
"refsource" : "MISC", },
"url" : "http://www.exploitdevelopment.com/Vulnerabilities/2010-WEB-001.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#870532", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/870532" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#870532",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/870532"
},
{
"name": "http://awstats.sourceforge.net/docs/awstats_changelog.txt",
"refsource": "MISC",
"url": "http://awstats.sourceforge.net/docs/awstats_changelog.txt"
},
{
"name": "http://www.exploitdevelopment.com/Vulnerabilities/2010-WEB-001.html",
"refsource": "MISC",
"url": "http://www.exploitdevelopment.com/Vulnerabilities/2010-WEB-001.html"
}
]
}
}

150
2010/4xxx/CVE-2010-4394.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4394", "ID": "CVE-2010-4394",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.5 allows remote web servers to execute arbitrary code via a long Server header in a response to an HTTP request that occurs during parsing of a RealPix file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-282", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-282" "lang": "eng",
}, "value": "Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.5 allows remote web servers to execute arbitrary code via a long Server header in a response to an HTTP request that occurs during parsing of a RealPix file."
{ }
"name" : "http://service.real.com/realplayer/security/12102010_player/en/", ]
"refsource" : "CONFIRM", },
"url" : "http://service.real.com/realplayer/security/12102010_player/en/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "69853", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/69853" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1024861", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1024861" ]
} },
] "references": {
} "reference_data": [
} {
"name": "1024861",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024861"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-282",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-282"
},
{
"name": "http://service.real.com/realplayer/security/12102010_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/12102010_player/en/"
},
{
"name": "69853",
"refsource": "OSVDB",
"url": "http://osvdb.org/69853"
}
]
}
}

170
2011/1xxx/CVE-2011-1082.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-1082", "ID": "CVE-2011-1082",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file descriptors within other epoll data structures without properly checking for (1) closed loops or (2) deep chains, which allows local users to cause a denial of service (deadlock or stack memory consumption) via a crafted application that makes epoll_create and epoll_ctl system calls."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[linux-kernel] 20110205 [PATCH] epoll: Prevent deadlock through unsafe ->f_op->poll() calls.", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lkml.org/lkml/2011/2/5/220" "lang": "eng",
}, "value": "fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file descriptors within other epoll data structures without properly checking for (1) closed loops or (2) deep chains, which allows local users to cause a denial of service (deadlock or stack memory consumption) via a crafted application that makes epoll_create and epoll_ctl system calls."
{ }
"name" : "[oss-security] 20110301 CVE request: kernel: Multiple DoS issues in epoll", ]
"refsource" : "MLIST", },
"url" : "http://openwall.com/lists/oss-security/2011/03/02/1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20110302 Re: CVE request: kernel: Multiple DoS issues in epoll", "description": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2011/03/02/2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=22bacca48a1755f79b7e0f192ddb9fbb7fc6e64e", ]
"refsource" : "CONFIRM", }
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=22bacca48a1755f79b7e0f192ddb9fbb7fc6e64e" ]
}, },
{ "references": {
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38" "name": "[oss-security] 20110302 Re: CVE request: kernel: Multiple DoS issues in epoll",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2011/03/02/2"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=681575", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=681575" "name": "[linux-kernel] 20110205 [PATCH] epoll: Prevent deadlock through unsafe ->f_op->poll() calls.",
} "refsource": "MLIST",
] "url": "https://lkml.org/lkml/2011/2/5/220"
} },
} {
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=681575",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=681575"
},
{
"name": "[oss-security] 20110301 CVE request: kernel: Multiple DoS issues in epoll",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/02/1"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=22bacca48a1755f79b7e0f192ddb9fbb7fc6e64e",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=22bacca48a1755f79b7e0f192ddb9fbb7fc6e64e"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38"
}
]
}
}

210
2011/1xxx/CVE-2011-1770.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-1770", "ID": "CVE-2011-1770",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggers a buffer over-read."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[linux-kernel] 20110506 Re: [PATCH] dccp: handle invalid feature options length", "description_data": [
"refsource" : "MLIST", {
"url" : "http://marc.info/?l=linux-kernel&m=130469305815140&w=2" "lang": "eng",
}, "value": "Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggers a buffer over-read."
{ }
"name" : "[linux-kernel] 20110506 [PATCH] dccp: handle invalid feature options length", ]
"refsource" : "MLIST", },
"url" : "http://marc.info/?l=linux-kernel&m=130468845209036&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.33/ChangeLog-2.6.33.14", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.33/ChangeLog-2.6.33.14" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=703011", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=703011" ]
}, },
{ "references": {
"name" : "FEDORA-2011-7551", "reference_data": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061366.html" "name": "1025592",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1025592"
"name" : "FEDORA-2011-7823", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061236.html" "name": "[linux-kernel] 20110506 [PATCH] dccp: handle invalid feature options length",
}, "refsource": "MLIST",
{ "url": "http://marc.info/?l=linux-kernel&m=130468845209036&w=2"
"name" : "47769", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/47769" "name": "47769",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/47769"
"name" : "1025592", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1025592" "name": "[linux-kernel] 20110506 Re: [PATCH] dccp: handle invalid feature options length",
}, "refsource": "MLIST",
{ "url": "http://marc.info/?l=linux-kernel&m=130469305815140&w=2"
"name" : "44932", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/44932" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=703011",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=703011"
"name" : "8286", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/8286" "name": "44932",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/44932"
} },
} {
"name": "8286",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8286"
},
{
"name": "FEDORA-2011-7823",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061236.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.33/ChangeLog-2.6.33.14",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.33/ChangeLog-2.6.33.14"
},
{
"name": "FEDORA-2011-7551",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061366.html"
}
]
}
}

180
2011/1xxx/CVE-2011-1907.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1907", "ID": "CVE-2011-1907",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset replacement is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RRSIG query."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110506 Security Advisory: DNS BIND Security Advisory: RRSIG Queries Can Trigger Server Crash When Using Response Policy Zones", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/517900/100/0/threaded" "lang": "eng",
}, "value": "ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset replacement is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RRSIG query."
{ }
"name" : "https://www.isc.org/CVE-2011-1907", ]
"refsource" : "CONFIRM", },
"url" : "https://www.isc.org/CVE-2011-1907" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "47734", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/47734" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1025503", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1025503" ]
}, },
{ "references": {
"name" : "44416", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/44416" "name": "1025503",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1025503"
"name" : "ADV-2011-1183", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/1183" "name": "ADV-2011-1183",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/1183"
"name" : "iscbind-rrsig-dos(67297)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67297" "name": "44416",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/44416"
} },
} {
"name": "47734",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47734"
},
{
"name": "https://www.isc.org/CVE-2011-1907",
"refsource": "CONFIRM",
"url": "https://www.isc.org/CVE-2011-1907"
},
{
"name": "20110506 Security Advisory: DNS BIND Security Advisory: RRSIG Queries Can Trigger Server Crash When Using Response Policy Zones",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517900/100/0/threaded"
},
{
"name": "iscbind-rrsig-dos(67297)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67297"
}
]
}
}

160
2011/5xxx/CVE-2011-5002.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-5002", "ID": "CVE-2011-5002",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in Final Draft 8 before 8.02 allow remote attackers to execute arbitrary code via a .fdx or .fdxt file with long (1) Word, (2) Transition, (3) Location, (4) Extension, (5) SceneIntro, (6) TimeOfDay, and (7) Character elements."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "18184", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/18184" "lang": "eng",
}, "value": "Multiple stack-based buffer overflows in Final Draft 8 before 8.02 allow remote attackers to execute arbitrary code via a .fdx or .fdxt file with long (1) Word, (2) Transition, (3) Location, (4) Extension, (5) SceneIntro, (6) TimeOfDay, and (7) Character elements."
{ }
"name" : "http://www.security-assessment.com/files/documents/advisory/Final_Draft-Multiple_Stack_Buffer_Overflows.pdf", ]
"refsource" : "MISC", },
"url" : "http://www.security-assessment.com/files/documents/advisory/Final_Draft-Multiple_Stack_Buffer_Overflows.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "50850", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/50850" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "77454", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/77454" ]
}, },
{ "references": {
"name" : "47044", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/47044" "name": "50850",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/50850"
} },
} {
"name": "77454",
"refsource": "OSVDB",
"url": "http://osvdb.org/77454"
},
{
"name": "18184",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18184"
},
{
"name": "http://www.security-assessment.com/files/documents/advisory/Final_Draft-Multiple_Stack_Buffer_Overflows.pdf",
"refsource": "MISC",
"url": "http://www.security-assessment.com/files/documents/advisory/Final_Draft-Multiple_Stack_Buffer_Overflows.pdf"
},
{
"name": "47044",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47044"
}
]
}
}

140
2014/3xxx/CVE-2014-3059.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2014-3059", "ID": "CVE-2014-3059",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Administrative Console on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685705", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21685705" "lang": "eng",
}, "value": "Unspecified vulnerability in the Administrative Console on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network."
{ }
"name" : "IT03476", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03476" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ibm-xc10-cve20143059-sec-bypass(93533)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93533" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21685705",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685705"
},
{
"name": "IT03476",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03476"
},
{
"name": "ibm-xc10-cve20143059-sec-bypass(93533)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93533"
}
]
}
}

160
2014/3xxx/CVE-2014-3355.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2014-3355", "ID": "CVE-2014-3355",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID CSCug75942."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-metadata/cvrf/cisco-sa-20140924-metadata_cvrf.xml", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-metadata/cvrf/cisco-sa-20140924-metadata_cvrf.xml" "lang": "eng",
}, "value": "The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID CSCug75942."
{ }
"name" : "20140924 Cisco IOS Software Metadata Vulnerabilities", ]
"refsource" : "CISCO", },
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-metadata" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "70130", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/70130" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1030894", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1030894" ]
}, },
{ "references": {
"name" : "ciscoios-cve20143355-dos(96175)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96175" "name": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-metadata/cvrf/cisco-sa-20140924-metadata_cvrf.xml",
} "refsource": "CONFIRM",
] "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-metadata/cvrf/cisco-sa-20140924-metadata_cvrf.xml"
} },
} {
"name": "70130",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70130"
},
{
"name": "ciscoios-cve20143355-dos(96175)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96175"
},
{
"name": "20140924 Cisco IOS Software Metadata Vulnerabilities",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-metadata"
},
{
"name": "1030894",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030894"
}
]
}
}

300
2014/3xxx/CVE-2014-3480.json
View File

@ -1,152 +1,152 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-3480", "ID": "CVE-2014-3480",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[file] 20140612 file-5.19 is now available", "description_data": [
"refsource" : "MLIST", {
"url" : "http://mx.gw.com/pipermail/file/2014/001553.html" "lang": "eng",
}, "value": "The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file."
{ }
"name" : "http://www.php.net/ChangeLog-5.php", ]
"refsource" : "CONFIRM", },
"url" : "http://www.php.net/ChangeLog-5.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugs.php.net/bug.php?id=67412", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.php.net/bug.php?id=67412" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/file/file/commit/40bade80cbe2af1d0b2cd0420cebd5d5905a2382", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/file/file/commit/40bade80cbe2af1d0b2cd0420cebd5d5905a2382" ]
}, },
{ "references": {
"name" : "http://support.apple.com/kb/HT6443", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT6443" "name": "https://support.apple.com/HT204659",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT204659"
"name" : "https://support.apple.com/HT204659", },
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT204659" "name": "68238",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/68238"
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" "name": "RHSA-2014:1766",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" "name": "DSA-3021",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2014/dsa-3021"
"name" : "APPLE-SA-2015-04-08-2", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" "name": "HPSBUX03102",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=141017844705317&w=2"
"name" : "DSA-2974", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2014/dsa-2974" "name": "https://github.com/file/file/commit/40bade80cbe2af1d0b2cd0420cebd5d5905a2382",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/file/file/commit/40bade80cbe2af1d0b2cd0420cebd5d5905a2382"
"name" : "DSA-3021", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2014/dsa-3021" "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
"name" : "HPSBUX03102", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=141017844705317&w=2" "name": "DSA-2974",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2014/dsa-2974"
"name" : "SSRT101681", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=141017844705317&w=2" "name": "59794",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/59794"
"name" : "RHSA-2014:1765", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1765.html" "name": "http://www.php.net/ChangeLog-5.php",
}, "refsource": "CONFIRM",
{ "url": "http://www.php.net/ChangeLog-5.php"
"name" : "RHSA-2014:1766", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1766.html" "name": "[file] 20140612 file-5.19 is now available",
}, "refsource": "MLIST",
{ "url": "http://mx.gw.com/pipermail/file/2014/001553.html"
"name" : "openSUSE-SU-2014:1236", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html" "name": "APPLE-SA-2015-04-08-2",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
"name" : "68238", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/68238" "name": "http://support.apple.com/kb/HT6443",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT6443"
"name" : "59794", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/59794" "name": "https://bugs.php.net/bug.php?id=67412",
}, "refsource": "CONFIRM",
{ "url": "https://bugs.php.net/bug.php?id=67412"
"name" : "59831", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/59831" "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
} "refsource": "CONFIRM",
] "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
} },
} {
"name": "RHSA-2014:1765",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name": "SSRT101681",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=141017844705317&w=2"
},
{
"name": "59831",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59831"
},
{
"name": "openSUSE-SU-2014:1236",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00046.html"
}
]
}
}

34
2014/3xxx/CVE-2014-3724.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3724", "ID": "CVE-2014-3724",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2014/3xxx/CVE-2014-3807.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3807", "ID": "CVE-2014-3807",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive 6.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) blog, (2) bloggeruser, or (3) bloggerpasswd parameter to private/manage/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.com/files/126645/BarracudaDrive-6.7.2-Cross-Site-Scripting.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/126645/BarracudaDrive-6.7.2-Cross-Site-Scripting.html" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive 6.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) blog, (2) bloggeruser, or (3) bloggerpasswd parameter to private/manage/."
{ }
"name" : "67428", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/67428" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "58712", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/58712" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "67428",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67428"
},
{
"name": "58712",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58712"
},
{
"name": "http://packetstormsecurity.com/files/126645/BarracudaDrive-6.7.2-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126645/BarracudaDrive-6.7.2-Cross-Site-Scripting.html"
}
]
}
}

160
2014/3xxx/CVE-2014-3916.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3916", "ID": "CVE-2014-3916",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20140527 Fwd: [ruby-core:62800] [ruby-trunk - Bug #9709] Large string causes SEGV\twith x64-mingw32", "description_data": [
"refsource" : "MLIST", {
"url" : "http://seclists.org/oss-sec/2014/q2/362" "lang": "eng",
}, "value": "The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string."
{ }
"name" : "[oss-security] 20140529 Re: Fwd: [ruby-core:62800] [ruby-trunk - Bug #9709] Large string causes SEGV with x64-mingw32", ]
"refsource" : "MLIST", },
"url" : "http://seclists.org/oss-sec/2014/q2/375" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugs.ruby-lang.org/issues/9709", "description": [
"refsource" : "MISC", {
"url" : "https://bugs.ruby-lang.org/issues/9709" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "67705", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/67705" ]
}, },
{ "references": {
"name" : "ruby-cve20143916-dos(93505)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93505" "name": "ruby-cve20143916-dos(93505)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93505"
} },
} {
"name": "67705",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67705"
},
{
"name": "https://bugs.ruby-lang.org/issues/9709",
"refsource": "MISC",
"url": "https://bugs.ruby-lang.org/issues/9709"
},
{
"name": "[oss-security] 20140529 Re: Fwd: [ruby-core:62800] [ruby-trunk - Bug #9709] Large string causes SEGV with x64-mingw32",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/375"
},
{
"name": "[oss-security] 20140527 Fwd: [ruby-core:62800] [ruby-trunk - Bug #9709] Large string causes SEGV\twith x64-mingw32",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/362"
}
]
}
}

140
2014/7xxx/CVE-2014-7108.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7108", "ID": "CVE-2014-7108",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Stop Headaches and Migraines (aka com.StopHeadachesandMigraines) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Stop Headaches and Migraines (aka com.StopHeadachesandMigraines) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#352729", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/352729" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#352729",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/352729"
}
]
}
}

140
2014/7xxx/CVE-2014-7555.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7555", "ID": "CVE-2014-7555",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Apparound BLEND (aka com.apparound.mobile.catalogo) application 4.9.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Apparound BLEND (aka com.apparound.mobile.catalogo) application 4.9.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#582497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/582497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#855825", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/855825" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#855825",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/855825"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7690.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7690", "ID": "CVE-2014-7690",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The myfone Shopping (aka com.twm.pt.eccart) application 2.1.01.00.040 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The myfone Shopping (aka com.twm.pt.eccart) application 2.1.01.00.040 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#582497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/582497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#894457", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/894457" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#894457",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/894457"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

160
2014/7xxx/CVE-2014-7957.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-7957", "ID": "CVE-2014-7957",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the Pods plugin before 2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the toggled parameter in a toggle action in the pods-components page to wp-admin/admin.php, (2) delete a pod in a delete action in the pods page to wp-admin/admin.php, (3) reset pod settings and data via the pods_reset parameter in the pod-settings page to wp-admin/admin.php, (4) deactivate and reset pod data via the pods_reset_deactivate parameter in the pod-settings page to wp-admin/admin.php, (5) delete the admin role via the id parameter in a delete action in the pods-component-roles-and-capabilities page to wp-admin/admin.php, or (6) enable \"roles and capabilities\" in a toggle action in the pods-components page to wp-admin/admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150110 Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/534437/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Pods plugin before 2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the toggled parameter in a toggle action in the pods-components page to wp-admin/admin.php, (2) delete a pod in a delete action in the pods page to wp-admin/admin.php, (3) reset pod settings and data via the pods_reset parameter in the pod-settings page to wp-admin/admin.php, (4) deactivate and reset pod data via the pods_reset_deactivate parameter in the pod-settings page to wp-admin/admin.php, (5) delete the admin role via the id parameter in a delete action in the pods-component-roles-and-capabilities page to wp-admin/admin.php, or (6) enable \"roles and capabilities\" in a toggle action in the pods-components page to wp-admin/admin.php."
{ }
"name" : "20150112 Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2015/Jan/26" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://packetstormsecurity.com/files/129890/WordPress-Pods-2.4.3-CSRF-Cross-Site-Scripting.html", "description": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/129890/WordPress-Pods-2.4.3-CSRF-Cross-Site-Scripting.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://wordpress.org/plugins/pods/changelog/", ]
"refsource" : "CONFIRM", }
"url" : "https://wordpress.org/plugins/pods/changelog/" ]
}, },
{ "references": {
"name" : "71996", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/71996" "name": "71996",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/71996"
} },
} {
"name": "20150112 Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/26"
},
{
"name": "https://wordpress.org/plugins/pods/changelog/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/pods/changelog/"
},
{
"name": "http://packetstormsecurity.com/files/129890/WordPress-Pods-2.4.3-CSRF-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129890/WordPress-Pods-2.4.3-CSRF-Cross-Site-Scripting.html"
},
{
"name": "20150110 Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534437/100/0/threaded"
}
]
}
}

34
2014/8xxx/CVE-2014-8222.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-8222", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-8222",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }
} }

130
2014/8xxx/CVE-2014-8399.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@ubuntu.com",
"ID" : "CVE-2014-8399", "ID": "CVE-2014-8399",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration in systemd-shim 8 enables the Abandon debugging clause, which allows local users to cause a denial of service via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/desrt/systemd-shim/commit/d2e91c118f6128875274a638007702d1cc665893", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/desrt/systemd-shim/commit/d2e91c118f6128875274a638007702d1cc665893" "lang": "eng",
}, "value": "The default configuration in systemd-shim 8 enables the Abandon debugging clause, which allows local users to cause a denial of service via unspecified vectors."
{ }
"name" : "USN-2392-1", ]
"refsource" : "UBUNTU", },
"url" : "http://www.ubuntu.com/usn/USN-2392-1" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2392-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2392-1"
},
{
"name": "https://github.com/desrt/systemd-shim/commit/d2e91c118f6128875274a638007702d1cc665893",
"refsource": "CONFIRM",
"url": "https://github.com/desrt/systemd-shim/commit/d2e91c118f6128875274a638007702d1cc665893"
}
]
}
}

120
2014/8xxx/CVE-2014-8728.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8728", "ID": "CVE-2014-8728",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the login page (login/login) in Subex ROC Fraud Management (aka Fraud Management System and FMS) 7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ranger_user[name] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "35214", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/35214" "lang": "eng",
} "value": "SQL injection vulnerability in the login page (login/login) in Subex ROC Fraud Management (aka Fraud Management System and FMS) 7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ranger_user[name] parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35214",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35214"
}
]
}
}

34
2014/8xxx/CVE-2014-8922.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8922", "ID": "CVE-2014-8922",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

180
2014/9xxx/CVE-2014-9038.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9038", "ID": "CVE-2014-9038",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to conduct server-side request forgery (SSRF) attacks by referring to a 127.0.0.0/8 resource."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20141125 Re: WordPress 4.0.1 Security Release", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2014/11/25/12" "lang": "eng",
}, "value": "wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to conduct server-side request forgery (SSRF) attacks by referring to a 127.0.0.0/8 resource."
{ }
"name" : "https://core.trac.wordpress.org/changeset/30444", ]
"refsource" : "CONFIRM", },
"url" : "https://core.trac.wordpress.org/changeset/30444" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://wordpress.org/news/2014/11/wordpress-4-0-1/", "description": [
"refsource" : "CONFIRM", {
"url" : "https://wordpress.org/news/2014/11/wordpress-4-0-1/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://advisories.mageia.org/MGASA-2014-0493.html", ]
"refsource" : "CONFIRM", }
"url" : "http://advisories.mageia.org/MGASA-2014-0493.html" ]
}, },
{ "references": {
"name" : "DSA-3085", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2014/dsa-3085" "name": "DSA-3085",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2014/dsa-3085"
"name" : "MDVSA-2014:233", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:233" "name": "[oss-security] 20141125 Re: WordPress 4.0.1 Security Release",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2014/11/25/12"
"name" : "1031243", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031243" "name": "https://core.trac.wordpress.org/changeset/30444",
} "refsource": "CONFIRM",
] "url": "https://core.trac.wordpress.org/changeset/30444"
} },
} {
"name": "http://advisories.mageia.org/MGASA-2014-0493.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0493.html"
},
{
"name": "1031243",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031243"
},
{
"name": "MDVSA-2014:233",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:233"
},
{
"name": "https://wordpress.org/news/2014/11/wordpress-4-0-1/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/news/2014/11/wordpress-4-0-1/"
}
]
}
}

170
2014/9xxx/CVE-2014-9269.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9269", "ID": "CVE-2014-9269",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web script or HTML via the project cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20141201 CVE Request: Multiple XSS vulnerabilities in MantisBT", "description_data": [
"refsource" : "MLIST", {
"url" : "http://seclists.org/oss-sec/2014/q4/867" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web script or HTML via the project cookie."
{ }
"name" : "[oss-security] 20141204 Re: CVE Request: Multiple XSS vulnerabilities in MantisBT", ]
"refsource" : "MLIST", },
"url" : "http://seclists.org/oss-sec/2014/q4/902" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/mantisbt/mantisbt/commit/511564cc", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/mantisbt/mantisbt/commit/511564cc" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://www.mantisbt.org/bugs/view.php?id=17890", ]
"refsource" : "CONFIRM", }
"url" : "https://www.mantisbt.org/bugs/view.php?id=17890" ]
}, },
{ "references": {
"name" : "DSA-3120", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2015/dsa-3120" "name": "https://www.mantisbt.org/bugs/view.php?id=17890",
}, "refsource": "CONFIRM",
{ "url": "https://www.mantisbt.org/bugs/view.php?id=17890"
"name" : "62101", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/62101" "name": "https://github.com/mantisbt/mantisbt/commit/511564cc",
} "refsource": "CONFIRM",
] "url": "https://github.com/mantisbt/mantisbt/commit/511564cc"
} },
} {
"name": "62101",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62101"
},
{
"name": "[oss-security] 20141201 CVE Request: Multiple XSS vulnerabilities in MantisBT",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q4/867"
},
{
"name": "[oss-security] 20141204 Re: CVE Request: Multiple XSS vulnerabilities in MantisBT",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q4/902"
},
{
"name": "DSA-3120",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3120"
}
]
}
}

150
2016/2xxx/CVE-2016-2158.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2016-2158", "ID": "CVE-2016-2158",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3, when the forcelogin feature is enabled, allows remote attackers to obtain sensitive category-detail information from the navigation branch by leveraging the guest role for an Ajax request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160321 moodle security release", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/03/21/1" "lang": "eng",
}, "value": "lib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3, when the forcelogin feature is enabled, allows remote attackers to obtain sensitive category-detail information from the navigation branch by leveraging the guest role for an Ajax request."
{ }
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52774", ]
"refsource" : "CONFIRM", },
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52774" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://moodle.org/mod/forum/discuss.php?d=330180", "description": [
"refsource" : "CONFIRM", {
"url" : "https://moodle.org/mod/forum/discuss.php?d=330180" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1035333", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1035333" ]
} },
] "references": {
} "reference_data": [
} {
"name": "[oss-security] 20160321 moodle security release",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/03/21/1"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=330180",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=330180"
},
{
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52774",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52774"
},
{
"name": "1035333",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035333"
}
]
}
}

400
2016/2xxx/CVE-2016-2182.json
View File

@ -1,202 +1,202 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2016-2182", "ID": "CVE-2016-2182",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://git.openssl.org/?p=openssl.git;a=commit;h=07bed46f332fce8c1d157689a2cdf915a982ae34", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://git.openssl.org/?p=openssl.git;a=commit;h=07bed46f332fce8c1d157689a2cdf915a982ae34" "lang": "eng",
}, "value": "The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors."
{ }
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448", ]
"refsource" : "CONFIRM", },
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html" ]
}, },
{ "references": {
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html" "name": "1036688",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1036688"
"name" : "http://www.splunk.com/view/SP-CAAAPSV", },
"refsource" : "CONFIRM", {
"url" : "http://www.splunk.com/view/SP-CAAAPSV" "name": "https://www.tenable.com/security/tns-2016-20",
}, "refsource": "CONFIRM",
{ "url": "https://www.tenable.com/security/tns-2016-20"
"name" : "http://www.splunk.com/view/SP-CAAAPUE", },
"refsource" : "CONFIRM", {
"url" : "http://www.splunk.com/view/SP-CAAAPUE" "name": "RHSA-2018:2185",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2185"
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759", },
"refsource" : "CONFIRM", {
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759" "name": "RHSA-2018:2186",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2186"
"name" : "https://bto.bluecoat.com/security-advisory/sa132", },
"refsource" : "CONFIRM", {
"url" : "https://bto.bluecoat.com/security-advisory/sa132" "name": "http://www.splunk.com/view/SP-CAAAPUE",
}, "refsource": "CONFIRM",
{ "url": "http://www.splunk.com/view/SP-CAAAPUE"
"name" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312", },
"refsource" : "CONFIRM", {
"url" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312" "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10171", },
"refsource" : "CONFIRM", {
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10171" "name": "92557",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/92557"
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21995039", },
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21995039" "name": "1037968",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1037968"
"name" : "https://www.tenable.com/security/tns-2016-16", },
"refsource" : "CONFIRM", {
"url" : "https://www.tenable.com/security/tns-2016-16" "name": "RHSA-2016:1940",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
"name" : "https://source.android.com/security/bulletin/2017-03-01.html", },
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-03-01.html" "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312",
}, "refsource": "CONFIRM",
{ "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us",
}, "refsource": "CONFIRM",
{ "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us"
"name" : "https://www.tenable.com/security/tns-2016-20", },
"refsource" : "CONFIRM", {
"url" : "https://www.tenable.com/security/tns-2016-20" "name": "http://www.splunk.com/view/SP-CAAAPSV",
}, "refsource": "CONFIRM",
{ "url": "http://www.splunk.com/view/SP-CAAAPSV"
"name" : "https://www.tenable.com/security/tns-2016-21", },
"refsource" : "CONFIRM", {
"url" : "https://www.tenable.com/security/tns-2016-21" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" "name": "https://www.tenable.com/security/tns-2016-16",
}, "refsource": "CONFIRM",
{ "url": "https://www.tenable.com/security/tns-2016-16"
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us", },
"refsource" : "CONFIRM", {
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us" "name": "https://www.tenable.com/security/tns-2016-21",
}, "refsource": "CONFIRM",
{ "url": "https://www.tenable.com/security/tns-2016-21"
"name" : "FreeBSD-SA-16:26", },
"refsource" : "FREEBSD", {
"url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc" "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10171",
}, "refsource": "CONFIRM",
{ "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10171"
"name" : "RHSA-2016:1940", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1940.html" "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name" : "RHSA-2018:2185", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2185" "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=07bed46f332fce8c1d157689a2cdf915a982ae34",
}, "refsource": "CONFIRM",
{ "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=07bed46f332fce8c1d157689a2cdf915a982ae34"
"name" : "RHSA-2018:2186", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2186" "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
"name" : "RHSA-2018:2187", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2187" "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
"name" : "92557", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/92557" "name": "https://bto.bluecoat.com/security-advisory/sa132",
}, "refsource": "CONFIRM",
{ "url": "https://bto.bluecoat.com/security-advisory/sa132"
"name" : "1037968", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037968" "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
"name" : "1036688", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036688" "name": "FreeBSD-SA-16:26",
} "refsource": "FREEBSD",
] "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
} },
} {
"name": "https://source.android.com/security/bulletin/2017-03-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01.html"
},
{
"name": "RHSA-2018:2187",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2187"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"
}
]
}
}

190
2016/2xxx/CVE-2016-2385.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-2385", "ID": "CVE-2016-2385",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the encode_msg function in encode_msg.c in the SEAS module in Kamailio (formerly OpenSER and SER) before 4.3.5 allows remote attackers to cause a denial of service (memory corruption and process crash) or possibly execute arbitrary code via a large SIP packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20160330 CVE-2016-2385 Kamailio SEAS module heap buffer overflow", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/537926/100/0/threaded" "lang": "eng",
}, "value": "Heap-based buffer overflow in the encode_msg function in encode_msg.c in the SEAS module in Kamailio (formerly OpenSER and SER) before 4.3.5 allows remote attackers to cause a denial of service (memory corruption and process crash) or possibly execute arbitrary code via a large SIP packet."
{ }
"name" : "39638", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/39638/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://packetstormsecurity.com/files/136477/Kamailio-4.3.4-Heap-Overflow.html", "description": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/136477/Kamailio-4.3.4-Heap-Overflow.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://census-labs.com/news/2016/03/30/kamailio-seas-heap-overflow/", ]
"refsource" : "MISC", }
"url" : "https://census-labs.com/news/2016/03/30/kamailio-seas-heap-overflow/" ]
}, },
{ "references": {
"name" : "http://www.kamailio.org/pub/kamailio/4.3.5/ChangeLog", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.kamailio.org/pub/kamailio/4.3.5/ChangeLog" "name": "http://packetstormsecurity.com/files/136477/Kamailio-4.3.4-Heap-Overflow.html",
}, "refsource": "MISC",
{ "url": "http://packetstormsecurity.com/files/136477/Kamailio-4.3.4-Heap-Overflow.html"
"name" : "https://github.com/kamailio/kamailio/commit/f50c9c853e7809810099c970780c30b0765b0643", },
"refsource" : "CONFIRM", {
"url" : "https://github.com/kamailio/kamailio/commit/f50c9c853e7809810099c970780c30b0765b0643" "name": "https://github.com/kamailio/kamailio/commit/f50c9c853e7809810099c970780c30b0765b0643",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/kamailio/kamailio/commit/f50c9c853e7809810099c970780c30b0765b0643"
"name" : "DSA-3535", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2016/dsa-3535" "name": "https://census-labs.com/news/2016/03/30/kamailio-seas-heap-overflow/",
}, "refsource": "MISC",
{ "url": "https://census-labs.com/news/2016/03/30/kamailio-seas-heap-overflow/"
"name" : "DSA-3537", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2016/dsa-3537" "name": "DSA-3535",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2016/dsa-3535"
} },
} {
"name": "39638",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39638/"
},
{
"name": "DSA-3537",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3537"
},
{
"name": "20160330 CVE-2016-2385 Kamailio SEAS module heap buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537926/100/0/threaded"
},
{
"name": "http://www.kamailio.org/pub/kamailio/4.3.5/ChangeLog",
"refsource": "CONFIRM",
"url": "http://www.kamailio.org/pub/kamailio/4.3.5/ChangeLog"
}
]
}
}

130
2016/2xxx/CVE-2016-2568.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-2568", "ID": "CVE-2016-2568",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160226 Re: CVE Request: pkexec tty hijacking via TIOCSTI ioctl", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/02/26/3" "lang": "eng",
}, "value": "pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1300746", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1300746" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160226 Re: CVE Request: pkexec tty hijacking via TIOCSTI ioctl",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/02/26/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1300746",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300746"
}
]
}
}

160
2016/6xxx/CVE-2016-6145.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6145", "ID": "CVE-2016-6145",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailed_error_on_connect option is not supported or is configured as \"False,\" which allows remote attackers to enumerate database users via a series of login attempts, aka SAP Security Note 2216869."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20160819 Onapsis Security Advisory ONAPSIS-2016-027: SAP HANA User information disclosure", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2016/Aug/92" "lang": "eng",
}, "value": "The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides different error messages for failed login attempts depending on whether the username exists and is locked when the detailed_error_on_connect option is not supported or is configured as \"False,\" which allows remote attackers to enumerate database users via a series of login attempts, aka SAP Security Note 2216869."
{ }
"name" : "https://www.onapsis.com/blog/onapsis-publishes-15-advisories-sap-hana-and-building-components", ]
"refsource" : "MISC", },
"url" : "https://www.onapsis.com/blog/onapsis-publishes-15-advisories-sap-hana-and-building-components" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.onapsis.com/research/security-advisories/sap-hana-user-information-disclosure", "description": [
"refsource" : "MISC", {
"url" : "https://www.onapsis.com/research/security-advisories/sap-hana-user-information-disclosure" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.com/files/138444/SAP-HANA-DB-1.00.091.00.1418659308-Information-Disclosure.html", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.com/files/138444/SAP-HANA-DB-1.00.091.00.1418659308-Information-Disclosure.html" ]
}, },
{ "references": {
"name" : "92346", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/92346" "name": "92346",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/92346"
} },
} {
"name": "https://www.onapsis.com/blog/onapsis-publishes-15-advisories-sap-hana-and-building-components",
"refsource": "MISC",
"url": "https://www.onapsis.com/blog/onapsis-publishes-15-advisories-sap-hana-and-building-components"
},
{
"name": "20160819 Onapsis Security Advisory ONAPSIS-2016-027: SAP HANA User information disclosure",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Aug/92"
},
{
"name": "http://packetstormsecurity.com/files/138444/SAP-HANA-DB-1.00.091.00.1418659308-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/138444/SAP-HANA-DB-1.00.091.00.1418659308-Information-Disclosure.html"
},
{
"name": "https://www.onapsis.com/research/security-advisories/sap-hana-user-information-disclosure",
"refsource": "MISC",
"url": "https://www.onapsis.com/research/security-advisories/sap-hana-user-information-disclosure"
}
]
}
}

34
2016/6xxx/CVE-2016-6822.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6822", "ID": "CVE-2016-6822",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2016/7xxx/CVE-2016-7757.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-7757", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-7757",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

120
2017/5xxx/CVE-2017-5909.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5909", "ID": "CVE-2017-5909",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Electronic Funds Source (EFS) Mobile Driver Source app 2.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f", "description_data": [
"refsource" : "MISC", {
"url" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f" "lang": "eng",
} "value": "The Electronic Funds Source (EFS) Mobile Driver Source app 2.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f",
"refsource": "MISC",
"url": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f"
}
]
}
}

130
2017/5xxx/CVE-2017-5945.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5945", "ID": "CVE-2017-5945",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in the PoodLL Filter plugin through 3.0.20 for Moodle. The vulnerability exists due to insufficient filtration of user-supplied data in the \"poodll_audio_url\" HTTP GET parameter passed to the \"filter_poodll_moodle32_2016112802/poodll/mp3recorderskins/brazil/index.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/justinhunt/moodle-filter_poodll/issues/23", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/justinhunt/moodle-filter_poodll/issues/23" "lang": "eng",
}, "value": "An issue was discovered in the PoodLL Filter plugin through 3.0.20 for Moodle. The vulnerability exists due to insufficient filtration of user-supplied data in the \"poodll_audio_url\" HTTP GET parameter passed to the \"filter_poodll_moodle32_2016112802/poodll/mp3recorderskins/brazil/index.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."
{ }
"name" : "96212", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96212" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/justinhunt/moodle-filter_poodll/issues/23",
"refsource": "MISC",
"url": "https://github.com/justinhunt/moodle-filter_poodll/issues/23"
},
{
"name": "96212",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96212"
}
]
}
}