admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 21:59:57 +00:00
parent 96c029ed04
commit 4ca3c216ca
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 4002 additions and 4002 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
2006/0xxx/CVE-2006-0004.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0004",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-0004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS06-010",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-010"
},
{
"name" : "VU#963628",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/963628"
},
{
"name" : "16634",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16634"
},
{
"name" : "ADV-2006-0579",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0579"
},
{
"name" : "oval:org.mitre.oval:def:1555",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1555"
},
{
"name" : "1015632",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015632"
},
{
"name" : "18865",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18865"
},
{
"name" : "powerpoint-tiff-information-disclosure(24490)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24490"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#963628",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/963628"
},
{
"name": "18865",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18865"
},
{
"name": "16634",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16634"
},
{
"name": "powerpoint-tiff-information-disclosure(24490)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24490"
},
{
"name": "oval:org.mitre.oval:def:1555",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1555"
},
{
"name": "MS06-010",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-010"
},
{
"name": "1015632",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015632"
},
{
"name": "ADV-2006-0579",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0579"
}
]
}
}

170
2006/0xxx/CVE-2006-0246.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0246",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in down.pl in Widexl Download Tracker 1.06 allows remote attackers to inject arbitrary web script or HTML via the ID parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://osvdb.org/ref/22/22462-widexl.txt",
"refsource" : "MISC",
"url" : "http://osvdb.org/ref/22/22462-widexl.txt"
},
{
"name" : "16265",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16265"
},
{
"name" : "ADV-2006-0213",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0213"
},
{
"name" : "22462",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22462"
},
{
"name" : "18472",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18472"
},
{
"name" : "downloadtracker-down-xss(24161)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24161"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in down.pl in Widexl Download Tracker 1.06 allows remote attackers to inject arbitrary web script or HTML via the ID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "downloadtracker-down-xss(24161)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24161"
},
{
"name": "22462",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22462"
},
{
"name": "ADV-2006-0213",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0213"
},
{
"name": "http://osvdb.org/ref/22/22462-widexl.txt",
"refsource": "MISC",
"url": "http://osvdb.org/ref/22/22462-widexl.txt"
},
{
"name": "18472",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18472"
},
{
"name": "16265",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16265"
}
]
}
}

200
2006/1xxx/CVE-2006-1062.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1062",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in lurker.cgi for Lurker 2.0 and earlier allows attackers to read arbitrary files via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[Lurker-users] 20060302 Serious security vulnerabilities found",
"refsource" : "MLIST",
"url" : "http://terpstra.ca/lurker/message/20060302.130003.4c5c2680.en.html"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=399034&group_id=8168",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=399034&group_id=8168"
},
{
"name" : "DSA-999",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-999"
},
{
"name" : "17003",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17003"
},
{
"name" : "ADV-2006-0850",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0850"
},
{
"name" : "23694",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23694"
},
{
"name" : "19136",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19136"
},
{
"name" : "19145",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19145"
},
{
"name" : "lurker-lurker-information-disclosure(25149)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25149"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in lurker.cgi for Lurker 2.0 and earlier allows attackers to read arbitrary files via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=399034&group_id=8168",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=399034&group_id=8168"
},
{
"name": "23694",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23694"
},
{
"name": "19145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19145"
},
{
"name": "DSA-999",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-999"
},
{
"name": "17003",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17003"
},
{
"name": "ADV-2006-0850",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0850"
},
{
"name": "[Lurker-users] 20060302 Serious security vulnerabilities found",
"refsource": "MLIST",
"url": "http://terpstra.ca/lurker/message/20060302.130003.4c5c2680.en.html"
},
{
"name": "lurker-lurker-information-disclosure(25149)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25149"
},
{
"name": "19136",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19136"
}
]
}
}

280
2006/3xxx/CVE-2006-3362.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3362",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060717 ToendaCMS <= 1.0.0 arbitrary file upload",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/440423/100/0/threaded"
},
{
"name" : "1964",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1964"
},
{
"name" : "2035",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2035"
},
{
"name" : "6344",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6344"
},
{
"name" : "http://retrogod.altervista.org/toenda_100_shizouka_xpl.html",
"refsource" : "MISC",
"url" : "http://retrogod.altervista.org/toenda_100_shizouka_xpl.html"
},
{
"name" : "http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager",
"refsource" : "CONFIRM",
"url" : "http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager"
},
{
"name" : "http://www.geeklog.net/article.php/geeklog-1.4.0sr4",
"refsource" : "CONFIRM",
"url" : "http://www.geeklog.net/article.php/geeklog-1.4.0sr4"
},
{
"name" : "18767",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18767"
},
{
"name" : "19072",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19072"
},
{
"name" : "30950",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30950"
},
{
"name" : "ADV-2006-2611",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2611"
},
{
"name" : "ADV-2006-2868",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2868"
},
{
"name" : "20886",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20886"
},
{
"name" : "21117",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21117"
},
{
"name" : "geeklog-multiple-scripts-file-include(27469)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27469"
},
{
"name" : "geeklog-connector-file-upload(27494)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27494"
},
{
"name" : "toendacms-connector-file-upload(27799)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27799"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19072",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19072"
},
{
"name": "18767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18767"
},
{
"name": "30950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30950"
},
{
"name": "http://www.geeklog.net/article.php/geeklog-1.4.0sr4",
"refsource": "CONFIRM",
"url": "http://www.geeklog.net/article.php/geeklog-1.4.0sr4"
},
{
"name": "geeklog-multiple-scripts-file-include(27469)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27469"
},
{
"name": "toendacms-connector-file-upload(27799)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27799"
},
{
"name": "http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager",
"refsource": "CONFIRM",
"url": "http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager"
},
{
"name": "ADV-2006-2868",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2868"
},
{
"name": "6344",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6344"
},
{
"name": "2035",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2035"
},
{
"name": "1964",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1964"
},
{
"name": "20886",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20886"
},
{
"name": "geeklog-connector-file-upload(27494)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27494"
},
{
"name": "20060717 ToendaCMS <= 1.0.0 arbitrary file upload",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440423/100/0/threaded"
},
{
"name": "21117",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21117"
},
{
"name": "http://retrogod.altervista.org/toenda_100_shizouka_xpl.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/toenda_100_shizouka_xpl.html"
},
{
"name": "ADV-2006-2611",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2611"
}
]
}
}

230
2006/3xxx/CVE-2006-3700.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3700",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Oracle Database 9.2.0.6 and 10.1.0.4 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB04 for Web Distributed Authoring and Versioning (DAV) and (2) DB23 for XMLDB."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html"
},
{
"name" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html",
"refsource" : "MISC",
"url" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html"
},
{
"name" : "HPSBMA02133",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
},
{
"name" : "SSRT061201",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
},
{
"name" : "TA06-200A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-200A.html"
},
{
"name" : "19054",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19054"
},
{
"name" : "ADV-2006-2863",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2863"
},
{
"name" : "ADV-2006-2947",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2947"
},
{
"name" : "1016529",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016529"
},
{
"name" : "21111",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21111"
},
{
"name" : "21165",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21165"
},
{
"name" : "oracle-cpu-july-2006(27897)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Oracle Database 9.2.0.6 and 10.1.0.4 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB04 for Web Distributed Authoring and Versioning (DAV) and (2) DB23 for XMLDB."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016529",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016529"
},
{
"name": "19054",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19054"
},
{
"name": "oracle-cpu-july-2006(27897)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897"
},
{
"name": "21165",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21165"
},
{
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
},
{
"name": "ADV-2006-2947",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2947"
},
{
"name": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html"
},
{
"name": "SSRT061201",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
},
{
"name": "TA06-200A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-200A.html"
},
{
"name": "21111",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21111"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html"
},
{
"name": "ADV-2006-2863",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2863"
}
]
}
}

230
2006/3xxx/CVE-2006-3713.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3713",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in OC4J for Oracle Application Server 10.1.3.0 has unknown impact and attack vectors, aka Oracle Vuln# AS09."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html"
},
{
"name" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html",
"refsource" : "MISC",
"url" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html"
},
{
"name" : "HPSBMA02133",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
},
{
"name" : "SSRT061201",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
},
{
"name" : "TA06-200A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-200A.html"
},
{
"name" : "19054",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19054"
},
{
"name" : "ADV-2006-2863",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2863"
},
{
"name" : "ADV-2006-2947",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2947"
},
{
"name" : "1016529",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016529"
},
{
"name" : "21111",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21111"
},
{
"name" : "21165",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21165"
},
{
"name" : "oracle-cpu-july-2006(27897)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in OC4J for Oracle Application Server 10.1.3.0 has unknown impact and attack vectors, aka Oracle Vuln# AS09."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016529",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016529"
},
{
"name": "19054",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19054"
},
{
"name": "oracle-cpu-july-2006(27897)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897"
},
{
"name": "21165",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21165"
},
{
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
},
{
"name": "ADV-2006-2947",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2947"
},
{
"name": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html"
},
{
"name": "SSRT061201",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
},
{
"name": "TA06-200A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-200A.html"
},
{
"name": "21111",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21111"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html"
},
{
"name": "ADV-2006-2863",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2863"
}
]
}
}

170
2006/3xxx/CVE-2006-3726.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3726",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in FileCOPA FTP Server before 1.01 released on 18th July 2006, allows remote authenticated attackers to execute arbitrary code via a long argument to the LIST command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3726",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.appsec.ch/docs/2006-07-19-fileCopa.txt",
"refsource" : "MISC",
"url" : "http://www.appsec.ch/docs/2006-07-19-fileCopa.txt"
},
{
"name" : "19065",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19065"
},
{
"name" : "ADV-2006-2870",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2870"
},
{
"name" : "27389",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27389"
},
{
"name" : "21108",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21108"
},
{
"name" : "filecopa-list-bo(27817)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27817"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in FileCOPA FTP Server before 1.01 released on 18th July 2006, allows remote authenticated attackers to execute arbitrary code via a long argument to the LIST command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "filecopa-list-bo(27817)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27817"
},
{
"name": "21108",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21108"
},
{
"name": "27389",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27389"
},
{
"name": "http://www.appsec.ch/docs/2006-07-19-fileCopa.txt",
"refsource": "MISC",
"url": "http://www.appsec.ch/docs/2006-07-19-fileCopa.txt"
},
{
"name": "ADV-2006-2870",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2870"
},
{
"name": "19065",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19065"
}
]
}
}

34
2006/3xxx/CVE-2006-3871.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3871",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2006-3871",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
}
]
}
}

220
2006/4xxx/CVE-2006-4489.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4489",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in MiniBill 2006-07-14 (1.2.2) allow remote attackers to execute arbitrary PHP code via (1) a URL in the config[include_dir] parameter in actions/ipn.php or (2) an FTP path in the config[plugin_dir] parameter in include/initPlugins.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2272",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2272"
},
{
"name" : "http://www.ultrize.com/minibill/index.php",
"refsource" : "CONFIRM",
"url" : "http://www.ultrize.com/minibill/index.php"
},
{
"name" : "http://www.ultrize.com/minibill/index.php?page=changelog",
"refsource" : "CONFIRM",
"url" : "http://www.ultrize.com/minibill/index.php?page=changelog"
},
{
"name" : "20061108 MiniBill 2 RFI ack",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2006-November/001115.html"
},
{
"name" : "19568",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19568"
},
{
"name" : "ADV-2006-3413",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3413"
},
{
"name" : "28258",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28258"
},
{
"name" : "28259",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28259"
},
{
"name" : "1016769",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016769"
},
{
"name" : "21688",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21688"
},
{
"name" : "minibill-ipn-file-include(28625)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28625"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in MiniBill 2006-07-14 (1.2.2) allow remote attackers to execute arbitrary PHP code via (1) a URL in the config[include_dir] parameter in actions/ipn.php or (2) an FTP path in the config[plugin_dir] parameter in include/initPlugins.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19568",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19568"
},
{
"name": "28258",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28258"
},
{
"name": "2272",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2272"
},
{
"name": "http://www.ultrize.com/minibill/index.php",
"refsource": "CONFIRM",
"url": "http://www.ultrize.com/minibill/index.php"
},
{
"name": "minibill-ipn-file-include(28625)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28625"
},
{
"name": "21688",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21688"
},
{
"name": "28259",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28259"
},
{
"name": "ADV-2006-3413",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3413"
},
{
"name": "http://www.ultrize.com/minibill/index.php?page=changelog",
"refsource": "CONFIRM",
"url": "http://www.ultrize.com/minibill/index.php?page=changelog"
},
{
"name": "20061108 MiniBill 2 RFI ack",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-November/001115.html"
},
{
"name": "1016769",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016769"
}
]
}
}

160
2006/4xxx/CVE-2006-4669.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4669",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in admin/system/include.php in Somery 0.4.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the skindir parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2329",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2329"
},
{
"name" : "19912",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19912"
},
{
"name" : "ADV-2006-3516",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3516"
},
{
"name" : "21825",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21825"
},
{
"name" : "somery-include-file-include(28816)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28816"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in admin/system/include.php in Somery 0.4.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the skindir parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3516",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3516"
},
{
"name": "2329",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2329"
},
{
"name": "21825",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21825"
},
{
"name": "19912",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19912"
},
{
"name": "somery-include-file-include(28816)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28816"
}
]
}
}

180
2006/4xxx/CVE-2006-4713.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4713",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in config.php in PSYWERKS PUMA 1.0 RC2 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060910 PUMA 1.0 RC 2 (config.php) Remote File Inclusion",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445723/100/0/threaded"
},
{
"name" : "http://www.bb-pcsecurity.de/Websecurity/415/org/PUMA_1.0_RC_2_(config.php)_R%20FI.htm",
"refsource" : "MISC",
"url" : "http://www.bb-pcsecurity.de/Websecurity/415/org/PUMA_1.0_RC_2_(config.php)_R%20FI.htm"
},
{
"name" : "2340",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2340"
},
{
"name" : "19940",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19940"
},
{
"name" : "ADV-2006-3545",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3545"
},
{
"name" : "1557",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1557"
},
{
"name" : "puma-config-file-include(28837)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28837"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in config.php in PSYWERKS PUMA 1.0 RC2 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.bb-pcsecurity.de/Websecurity/415/org/PUMA_1.0_RC_2_(config.php)_R%20FI.htm",
"refsource": "MISC",
"url": "http://www.bb-pcsecurity.de/Websecurity/415/org/PUMA_1.0_RC_2_(config.php)_R%20FI.htm"
},
{
"name": "19940",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19940"
},
{
"name": "1557",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1557"
},
{
"name": "2340",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2340"
},
{
"name": "puma-config-file-include(28837)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28837"
},
{
"name": "ADV-2006-3545",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3545"
},
{
"name": "20060910 PUMA 1.0 RC 2 (config.php) Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445723/100/0/threaded"
}
]
}
}

140
2006/7xxx/CVE-2006-7024.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-7024",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) func_prog parameter to (a) preload.php and (b) index.php; (2) header_prog parameter to (c) missing.php and (d) email.php, (e) files.php, (f) headlines.php, (g) search.php, (h) topics.php, and (i) users.php in _mods/; (3) theme_root parameter to (j) footer.php, (k) header.php, (l) pfooter.php, and (m) pheader.php in _inc; (4) mod_root parameter to _inc/header.php; and the (5) mod_dir and (6) php_ext parameters to (n) _inc/web_statsConfig.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "1943",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1943"
},
{
"name" : "18614",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18614"
},
{
"name" : "harpia-multiple-scripts-file-include(27308)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27308"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) func_prog parameter to (a) preload.php and (b) index.php; (2) header_prog parameter to (c) missing.php and (d) email.php, (e) files.php, (f) headlines.php, (g) search.php, (h) topics.php, and (i) users.php in _mods/; (3) theme_root parameter to (j) footer.php, (k) header.php, (l) pfooter.php, and (m) pheader.php in _inc; (4) mod_root parameter to _inc/header.php; and the (5) mod_dir and (6) php_ext parameters to (n) _inc/web_statsConfig.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "harpia-multiple-scripts-file-include(27308)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27308"
},
{
"name": "1943",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1943"
},
{
"name": "18614",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18614"
}
]
}
}

140
2010/2xxx/CVE-2010-2027.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2027",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mathematica 7, when running on Linux, allows local users to overwrite arbitrary files via a symlink attack on (1) files within /tmp/MathLink/ or (2) /tmp/fonts$$.conf."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100514 Mathematica on Linux /tmp/MathLink vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/511298/100/0/threaded"
},
{
"name" : "20100514 Mathematica on Linux /tmp/MathLink vulnerability",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=127380255201760&w=2"
},
{
"name" : "39805",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39805"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mathematica 7, when running on Linux, allows local users to overwrite arbitrary files via a symlink attack on (1) files within /tmp/MathLink/ or (2) /tmp/fonts$$.conf."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39805",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39805"
},
{
"name": "20100514 Mathematica on Linux /tmp/MathLink vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511298/100/0/threaded"
},
{
"name": "20100514 Mathematica on Linux /tmp/MathLink vulnerability",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=127380255201760&w=2"
}
]
}
}

200
2010/2xxx/CVE-2010-2100.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2100",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, and (6) strtr functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://php-security.org/2010/05/21/mops-2010-036-php-htmlentities-and-htmlspecialchars-interruption-information-leak-vulnerability/index.html",
"refsource" : "MISC",
"url" : "http://php-security.org/2010/05/21/mops-2010-036-php-htmlentities-and-htmlspecialchars-interruption-information-leak-vulnerability/index.html"
},
{
"name" : "http://php-security.org/2010/05/21/mops-2010-037-php-str_getcsv-interruption-information-leak-vulnerability/index.html",
"refsource" : "MISC",
"url" : "http://php-security.org/2010/05/21/mops-2010-037-php-str_getcsv-interruption-information-leak-vulnerability/index.html"
},
{
"name" : "http://php-security.org/2010/05/21/mops-2010-038-php-http_build_query-interruption-information-leak-vulnerability/index.html",
"refsource" : "MISC",
"url" : "http://php-security.org/2010/05/21/mops-2010-038-php-http_build_query-interruption-information-leak-vulnerability/index.html"
},
{
"name" : "http://php-security.org/2010/05/21/mops-2010-039-php-strpbrk-interruption-information-leak-vulnerability/index.html",
"refsource" : "MISC",
"url" : "http://php-security.org/2010/05/21/mops-2010-039-php-strpbrk-interruption-information-leak-vulnerability/index.html"
},
{
"name" : "http://php-security.org/2010/05/21/mops-2010-040-php-strtr-interruption-information-leak-vulnerability/index.html",
"refsource" : "MISC",
"url" : "http://php-security.org/2010/05/21/mops-2010-040-php-strtr-interruption-information-leak-vulnerability/index.html"
},
{
"name" : "HPSBOV02763",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133469208622507&w=2"
},
{
"name" : "SSRT100826",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133469208622507&w=2"
},
{
"name" : "SUSE-SR:2010:017",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name" : "SUSE-SR:2010:018",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, and (6) strtr functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBOV02763",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2"
},
{
"name": "http://php-security.org/2010/05/21/mops-2010-037-php-str_getcsv-interruption-information-leak-vulnerability/index.html",
"refsource": "MISC",
"url": "http://php-security.org/2010/05/21/mops-2010-037-php-str_getcsv-interruption-information-leak-vulnerability/index.html"
},
{
"name": "http://php-security.org/2010/05/21/mops-2010-038-php-http_build_query-interruption-information-leak-vulnerability/index.html",
"refsource": "MISC",
"url": "http://php-security.org/2010/05/21/mops-2010-038-php-http_build_query-interruption-information-leak-vulnerability/index.html"
},
{
"name": "SSRT100826",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2"
},
{
"name": "SUSE-SR:2010:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "http://php-security.org/2010/05/21/mops-2010-040-php-strtr-interruption-information-leak-vulnerability/index.html",
"refsource": "MISC",
"url": "http://php-security.org/2010/05/21/mops-2010-040-php-strtr-interruption-information-leak-vulnerability/index.html"
},
{
"name": "http://php-security.org/2010/05/21/mops-2010-039-php-strpbrk-interruption-information-leak-vulnerability/index.html",
"refsource": "MISC",
"url": "http://php-security.org/2010/05/21/mops-2010-039-php-strpbrk-interruption-information-leak-vulnerability/index.html"
},
{
"name": "http://php-security.org/2010/05/21/mops-2010-036-php-htmlentities-and-htmlspecialchars-interruption-information-leak-vulnerability/index.html",
"refsource": "MISC",
"url": "http://php-security.org/2010/05/21/mops-2010-036-php-htmlentities-and-htmlspecialchars-interruption-information-leak-vulnerability/index.html"
},
{
"name": "SUSE-SR:2010:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
}
]
}
}

210
2010/2xxx/CVE-2010-2538.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2538",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 might allow local users to obtain sensitive information via a BTRFS_IOC_CLONE_RANGE ioctl call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100721 CVE request: kernel: btrfs",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/07/21/4"
},
{
"name" : "[oss-security] 20100721 Re: CVE request: kernel: btrfs",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/07/21/10"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2ebc3464781ad24474abcbd2274e6254689853b5",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2ebc3464781ad24474abcbd2274e6254689853b5"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=616998",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=616998"
},
{
"name" : "SUSE-SA:2010:040",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html"
},
{
"name" : "USN-1041-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1041-1"
},
{
"name" : "41854",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41854"
},
{
"name" : "42758",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42758"
},
{
"name" : "ADV-2011-0070",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0070"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel before 2.6.35 might allow local users to obtain sensitive information via a BTRFS_IOC_CLONE_RANGE ioctl call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41854",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41854"
},
{
"name": "USN-1041-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1041-1"
},
{
"name": "[oss-security] 20100721 Re: CVE request: kernel: btrfs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/07/21/10"
},
{
"name": "SUSE-SA:2010:040",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35"
},
{
"name": "42758",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42758"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=616998",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=616998"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2ebc3464781ad24474abcbd2274e6254689853b5",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2ebc3464781ad24474abcbd2274e6254689853b5"
},
{
"name": "ADV-2011-0070",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0070"
},
{
"name": "[oss-security] 20100721 CVE request: kernel: btrfs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/07/21/4"
}
]
}
}

170
2010/3xxx/CVE-2010-3044.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3044",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3043."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-3044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.fortiguard.com/advisory/FGA-2011-03.html",
"refsource" : "MISC",
"url" : "http://www.fortiguard.com/advisory/FGA-2011-03.html"
},
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016"
},
{
"name" : "20110201 Multiple Cisco WebEx Player Vulnerabilities",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml"
},
{
"name" : "46075",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46075"
},
{
"name" : "1025016",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025016"
},
{
"name" : "cisco-wrf-arf-bo(65075)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65075"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3043."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-wrf-arf-bo(65075)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65075"
},
{
"name": "20110201 Multiple Cisco WebEx Player Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6913f.shtml"
},
{
"name": "http://www.fortiguard.com/advisory/FGA-2011-03.html",
"refsource": "MISC",
"url": "http://www.fortiguard.com/advisory/FGA-2011-03.html"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22016"
},
{
"name": "46075",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46075"
},
{
"name": "1025016",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025016"
}
]
}
}

160
2010/3xxx/CVE-2010-3587.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3587",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Common Applications component in Oracle Applications 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to User Management."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-3587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name" : "45870",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45870"
},
{
"name" : "42922",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42922"
},
{
"name" : "ADV-2011-0144",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0144"
},
{
"name" : "oracle-ebusiness-common-unauth-access(64780)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64780"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Common Applications component in Oracle Applications 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to User Management."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42922",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42922"
},
{
"name": "oracle-ebusiness-common-unauth-access(64780)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64780"
},
{
"name": "ADV-2011-0144",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0144"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name": "45870",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45870"
}
]
}
}

180
2010/3xxx/CVE-2010-3696.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3696",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote attackers to cause a denial of service (infinite loop and daemon outage) via a packet that has more than one sub-option. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20101001 CVE request: freeradius",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/10/01/3"
},
{
"name" : "[oss-security] 20101001 Re: CVE request: freeradius",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/10/01/8"
},
{
"name" : "http://freeradius.org/press/index.html#2.1.10",
"refsource" : "CONFIRM",
"url" : "http://freeradius.org/press/index.html#2.1.10"
},
{
"name" : "http://github.com/alandekok/freeradius-server/commit/4dc7800b866f889a1247685bbaa6dd4238a56279",
"refsource" : "CONFIRM",
"url" : "http://github.com/alandekok/freeradius-server/commit/4dc7800b866f889a1247685bbaa6dd4238a56279"
},
{
"name" : "https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=77",
"refsource" : "CONFIRM",
"url" : "https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=77"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=639390",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=639390"
},
{
"name" : "41621",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41621"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote attackers to cause a denial of service (infinite loop and daemon outage) via a packet that has more than one sub-option. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://github.com/alandekok/freeradius-server/commit/4dc7800b866f889a1247685bbaa6dd4238a56279",
"refsource": "CONFIRM",
"url": "http://github.com/alandekok/freeradius-server/commit/4dc7800b866f889a1247685bbaa6dd4238a56279"
},
{
"name": "41621",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41621"
},
{
"name": "[oss-security] 20101001 CVE request: freeradius",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/3"
},
{
"name": "http://freeradius.org/press/index.html#2.1.10",
"refsource": "CONFIRM",
"url": "http://freeradius.org/press/index.html#2.1.10"
},
{
"name": "[oss-security] 20101001 Re: CVE request: freeradius",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/10/01/8"
},
{
"name": "https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=77",
"refsource": "CONFIRM",
"url": "https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=77"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=639390",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=639390"
}
]
}
}

34
2010/3xxx/CVE-2010-3721.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3721",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2010-3721",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}

190
2011/0xxx/CVE-2011-0473.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0473",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with CANVAS elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=66560",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=66560"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html"
},
{
"name" : "http://www.srware.net/forum/viewtopic.php?f=18&t=2054",
"refsource" : "CONFIRM",
"url" : "http://www.srware.net/forum/viewtopic.php?f=18&t=2054"
},
{
"name" : "45788",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45788"
},
{
"name" : "70456",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70456"
},
{
"name" : "oval:org.mitre.oval:def:14460",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14460"
},
{
"name" : "42951",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42951"
},
{
"name" : "chrome-css-canvas-unspecified(64664)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64664"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with CANVAS elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html"
},
{
"name": "45788",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45788"
},
{
"name": "chrome-css-canvas-unspecified(64664)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64664"
},
{
"name": "http://www.srware.net/forum/viewtopic.php?f=18&t=2054",
"refsource": "CONFIRM",
"url": "http://www.srware.net/forum/viewtopic.php?f=18&t=2054"
},
{
"name": "70456",
"refsource": "OSVDB",
"url": "http://osvdb.org/70456"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=66560",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=66560"
},
{
"name": "oval:org.mitre.oval:def:14460",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14460"
},
{
"name": "42951",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42951"
}
]
}
}

290
2011/1xxx/CVE-2011-1005.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1005",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110221 CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/02/21/2"
},
{
"name" : "[oss-security] 20110221 Re: CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/02/21/5"
},
{
"name" : "http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/",
"refsource" : "CONFIRM",
"url" : "http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=678920",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=678920"
},
{
"name" : "http://support.apple.com/kb/HT5281",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5281"
},
{
"name" : "APPLE-SA-2012-05-09-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"name" : "FEDORA-2011-1876",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054422.html"
},
{
"name" : "FEDORA-2011-1913",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054436.html"
},
{
"name" : "MDVSA-2011:097",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:097"
},
{
"name" : "MDVSA-2011:098",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:098"
},
{
"name" : "RHSA-2011:0908",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0908.html"
},
{
"name" : "RHSA-2011:0909",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0909.html"
},
{
"name" : "RHSA-2011:0910",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0910.html"
},
{
"name" : "46458",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46458"
},
{
"name" : "70957",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70957"
},
{
"name" : "43420",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43420"
},
{
"name" : "43573",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43573"
},
{
"name" : "ADV-2011-0539",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0539"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2011:0910",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0910.html"
},
{
"name": "[oss-security] 20110221 Re: CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/02/21/5"
},
{
"name": "MDVSA-2011:098",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:098"
},
{
"name": "ADV-2011-0539",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0539"
},
{
"name": "RHSA-2011:0909",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0909.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=678920",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=678920"
},
{
"name": "43573",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43573"
},
{
"name": "[oss-security] 20110221 CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/02/21/2"
},
{
"name": "RHSA-2011:0908",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0908.html"
},
{
"name": "70957",
"refsource": "OSVDB",
"url": "http://osvdb.org/70957"
},
{
"name": "FEDORA-2011-1876",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054422.html"
},
{
"name": "FEDORA-2011-1913",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054436.html"
},
{
"name": "46458",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46458"
},
{
"name": "http://support.apple.com/kb/HT5281",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5281"
},
{
"name": "MDVSA-2011:097",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:097"
},
{
"name": "APPLE-SA-2012-05-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"name": "43420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43420"
},
{
"name": "http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/",
"refsource": "CONFIRM",
"url": "http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/"
}
]
}
}

34
2011/1xxx/CVE-2011-1014.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1014",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-0465. Reason: This candidate is a reservation duplicate of CVE-2011-0465. Notes: All CVE users should reference CVE-2011-0465 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-1014",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-0465. Reason: This candidate is a reservation duplicate of CVE-2011-0465. Notes: All CVE users should reference CVE-2011-0465 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

160
2011/1xxx/CVE-2011-1343.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1343",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus before 7.3.0.4 allows remote attackers to execute arbitrary SQL commands via \"dynamic SQL parameters.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg24029093",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg24029093"
},
{
"name" : "IZ83269",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg1IZ83269"
},
{
"name" : "43577",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43577"
},
{
"name" : "ADV-2011-0550",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0550"
},
{
"name" : "tivoli-netcool-webgui-sql-injection(65767)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65767"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus before 7.3.0.4 allows remote attackers to execute arbitrary SQL commands via \"dynamic SQL parameters.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "tivoli-netcool-webgui-sql-injection(65767)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65767"
},
{
"name": "ADV-2011-0550",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0550"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg24029093",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029093"
},
{
"name": "IZ83269",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IZ83269"
},
{
"name": "43577",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43577"
}
]
}
}

200
2011/1xxx/CVE-2011-1431.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1431",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the netqmail-1.06-tls patch for netqmail 1.06 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1431",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110307 Plaintext injection in STARTTLS (multiple implementations)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516901"
},
{
"name" : "http://www.kb.cert.org/vuls/id/MAPG-8D9M5Q",
"refsource" : "MISC",
"url" : "http://www.kb.cert.org/vuls/id/MAPG-8D9M5Q"
},
{
"name" : "http://www.postfix.org/CVE-2011-0411.html",
"refsource" : "MISC",
"url" : "http://www.postfix.org/CVE-2011-0411.html"
},
{
"name" : "http://inoa.net/qmail-tls/vu555316.patch",
"refsource" : "CONFIRM",
"url" : "http://inoa.net/qmail-tls/vu555316.patch"
},
{
"name" : "VU#555316",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/555316"
},
{
"name" : "46767",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46767"
},
{
"name" : "8144",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8144"
},
{
"name" : "ADV-2011-0612",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0612"
},
{
"name" : "multiple-starttls-command-execution(65932)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the netqmail-1.06-tls patch for netqmail 1.06 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "multiple-starttls-command-execution(65932)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
},
{
"name": "http://www.kb.cert.org/vuls/id/MAPG-8D9M5Q",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/MAPG-8D9M5Q"
},
{
"name": "http://inoa.net/qmail-tls/vu555316.patch",
"refsource": "CONFIRM",
"url": "http://inoa.net/qmail-tls/vu555316.patch"
},
{
"name": "http://www.postfix.org/CVE-2011-0411.html",
"refsource": "MISC",
"url": "http://www.postfix.org/CVE-2011-0411.html"
},
{
"name": "ADV-2011-0612",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0612"
},
{
"name": "46767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46767"
},
{
"name": "VU#555316",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/555316"
},
{
"name": "20110307 Plaintext injection in STARTTLS (multiple implementations)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516901"
},
{
"name": "8144",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8144"
}
]
}
}

200
2011/1xxx/CVE-2011-1920.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1920",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110516 CVE Request -- pmake -- Use of insecure temporary file for 'depend' target",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/05/16/2"
},
{
"name" : "[oss-security] 20110516 Re: CVE Request -- pmake -- Use of insecure temporary file for 'depend' target",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/05/16/8"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626673",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626673"
},
{
"name" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.lib.mk.diff?r1=1.239&r2=1.240&f=h",
"refsource" : "CONFIRM",
"url" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.lib.mk.diff?r1=1.239&r2=1.240&f=h"
},
{
"name" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.prog.mk.diff?r1=1.192&r2=1.193&f=h",
"refsource" : "CONFIRM",
"url" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.prog.mk.diff?r1=1.192&r2=1.193&f=h"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=705090",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=705090"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=705100",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=705100"
},
{
"name" : "47878",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47878"
},
{
"name" : "pmake-depend-symlink(67495)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67495"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626673",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626673"
},
{
"name": "47878",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47878"
},
{
"name": "[oss-security] 20110516 CVE Request -- pmake -- Use of insecure temporary file for 'depend' target",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/05/16/2"
},
{
"name": "[oss-security] 20110516 Re: CVE Request -- pmake -- Use of insecure temporary file for 'depend' target",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/05/16/8"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=705100",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=705100"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=705090",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=705090"
},
{
"name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.lib.mk.diff?r1=1.239&r2=1.240&f=h",
"refsource": "CONFIRM",
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.lib.mk.diff?r1=1.239&r2=1.240&f=h"
},
{
"name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.prog.mk.diff?r1=1.192&r2=1.193&f=h",
"refsource": "CONFIRM",
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/share/mk/bsd.prog.mk.diff?r1=1.192&r2=1.193&f=h"
},
{
"name": "pmake-depend-symlink(67495)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67495"
}
]
}
}

130
2014/3xxx/CVE-2014-3147.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3147",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the auto-complete feature in Splunk Enterprise before 6.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a CSV file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.splunk.com/view/SP-CAAAMSH",
"refsource" : "CONFIRM",
"url" : "http://www.splunk.com/view/SP-CAAAMSH"
},
{
"name" : "1030800",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1030800"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the auto-complete feature in Splunk Enterprise before 6.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a CSV file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030800",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1030800"
},
{
"name": "http://www.splunk.com/view/SP-CAAAMSH",
"refsource": "CONFIRM",
"url": "http://www.splunk.com/view/SP-CAAAMSH"
}
]
}
}

34
2014/3xxx/CVE-2014-3208.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3208",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3208",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2014/3xxx/CVE-2014-3326.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3326",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the web framework in Cisco Security Manager 4.5 and 4.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCup26957."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35029",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35029"
},
{
"name" : "20140724 Cisco Security Manager SQL Injection Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3326"
},
{
"name" : "68877",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68877"
},
{
"name" : "1030639",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030639"
},
{
"name" : "60455",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60455"
},
{
"name" : "cisco-security-cve20143326-sql-injection(94841)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94841"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the web framework in Cisco Security Manager 4.5 and 4.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCup26957."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35029",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35029"
},
{
"name": "60455",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60455"
},
{
"name": "cisco-security-cve20143326-sql-injection(94841)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94841"
},
{
"name": "68877",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68877"
},
{
"name": "1030639",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030639"
},
{
"name": "20140724 Cisco Security Manager SQL Injection Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3326"
}
]
}
}

630
2014/3xxx/CVE-2014-3505.json
View File

@ -1,317 +1,317 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3505",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
"refsource" : "MLIST",
"url" : "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
},
{
"name" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bff1ce4e6a1c57c3d0a5f9e4f85ba6385fccfe8b",
"refsource" : "CONFIRM",
"url" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bff1ce4e6a1c57c3d0a5f9e4f85ba6385fccfe8b"
},
{
"name" : "https://www.openssl.org/news/secadv_20140806.txt",
"refsource" : "CONFIRM",
"url" : "https://www.openssl.org/news/secadv_20140806.txt"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2014-1053.html",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2014-1053.html"
},
{
"name" : "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc",
"refsource" : "CONFIRM",
"url" : "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686997",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
},
{
"name" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682293",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
},
{
"name" : "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html",
"refsource" : "CONFIRM",
"url" : "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683389",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2014-1052.html",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2014-1052.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
},
{
"name" : "DSA-2998",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2998"
},
{
"name" : "FEDORA-2014-9301",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
},
{
"name" : "FEDORA-2014-9308",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
},
{
"name" : "GLSA-201412-39",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201412-39.xml"
},
{
"name" : "HPSBOV03099",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=141077370928502&w=2"
},
{
"name" : "HPSBUX03095",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140853041709441&w=2"
},
{
"name" : "SSRT101674",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140853041709441&w=2"
},
{
"name" : "HPSBHF03293",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142660345230545&w=2"
},
{
"name" : "SSRT101846",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142660345230545&w=2"
},
{
"name" : "MDVSA-2014:158",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:158"
},
{
"name" : "NetBSD-SA2014-008",
"refsource" : "NETBSD",
"url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
},
{
"name" : "RHSA-2014:1256",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1256.html"
},
{
"name" : "RHSA-2014:1297",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1297.html"
},
{
"name" : "openSUSE-SU-2014:1052",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
},
{
"name" : "openSUSE-SU-2016:0640",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"name" : "69081",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69081"
},
{
"name" : "1030693",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030693"
},
{
"name" : "59221",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59221"
},
{
"name" : "60687",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60687"
},
{
"name" : "60824",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60824"
},
{
"name" : "60917",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60917"
},
{
"name" : "60921",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60921"
},
{
"name" : "60938",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60938"
},
{
"name" : "61775",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61775"
},
{
"name" : "61959",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61959"
},
{
"name" : "59756",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59756"
},
{
"name" : "60803",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60803"
},
{
"name" : "61040",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61040"
},
{
"name" : "61100",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61100"
},
{
"name" : "61250",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61250"
},
{
"name" : "61184",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61184"
},
{
"name" : "59743",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59743"
},
{
"name" : "60778",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60778"
},
{
"name" : "58962",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58962"
},
{
"name" : "59700",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59700"
},
{
"name" : "59710",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59710"
},
{
"name" : "60022",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60022"
},
{
"name" : "60684",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60684"
},
{
"name" : "60221",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60221"
},
{
"name" : "60493",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60493"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:1297",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1297.html"
},
{
"name": "openSUSE-SU-2014:1052",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-1052.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-1052.html"
},
{
"name": "60221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60221"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
},
{
"name": "60778",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60778"
},
{
"name": "61184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61184"
},
{
"name": "SSRT101846",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142660345230545&w=2"
},
{
"name": "RHSA-2014:1256",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1256.html"
},
{
"name": "60022",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60022"
},
{
"name": "https://www.openssl.org/news/secadv_20140806.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv_20140806.txt"
},
{
"name": "61040",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61040"
},
{
"name": "61250",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61250"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
},
{
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bff1ce4e6a1c57c3d0a5f9e4f85ba6385fccfe8b",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bff1ce4e6a1c57c3d0a5f9e4f85ba6385fccfe8b"
},
{
"name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
},
{
"name": "GLSA-201412-39",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
},
{
"name": "HPSBHF03293",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142660345230545&w=2"
},
{
"name": "60803",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60803"
},
{
"name": "60824",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60824"
},
{
"name": "HPSBUX03095",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140853041709441&w=2"
},
{
"name": "59700",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59700"
},
{
"name": "FEDORA-2014-9308",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
},
{
"name": "1030693",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030693"
},
{
"name": "59743",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59743"
},
{
"name": "openSUSE-SU-2016:0640",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"name": "60917",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60917"
},
{
"name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html",
"refsource": "CONFIRM",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html"
},
{
"name": "NetBSD-SA2014-008",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
},
{
"name": "60493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60493"
},
{
"name": "59710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59710"
},
{
"name": "60921",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60921"
},
{
"name": "HPSBOV03099",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=141077370928502&w=2"
},
{
"name": "59221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59221"
},
{
"name": "69081",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69081"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
},
{
"name": "61100",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61100"
},
{
"name": "61775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61775"
},
{
"name": "DSA-2998",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2998"
},
{
"name": "FEDORA-2014-9301",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
},
{
"name": "SSRT101674",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140853041709441&w=2"
},
{
"name": "61959",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61959"
},
{
"name": "59756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59756"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
},
{
"name": "58962",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58962"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-1053.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-1053.html"
},
{
"name": "60938",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60938"
},
{
"name": "60684",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60684"
},
{
"name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
"refsource": "MLIST",
"url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
},
{
"name": "60687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60687"
},
{
"name": "MDVSA-2014:158",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:158"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
}
]
}
}

34
2014/3xxx/CVE-2014-3748.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3748",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3748",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/3xxx/CVE-2014-3946.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3946",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140603 Re: CVE ID request: typo3",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/06/03/2"
},
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"name" : "DSA-2942",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2942"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2942",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2942"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"name": "[oss-security] 20140603 Re: CVE ID request: typo3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/2"
}
]
}
}

150
2014/7xxx/CVE-2014-7157.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7157",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Exinda WAN Optimization Suite 7.0.0 (2160) allows remote attackers to inject arbitrary web script or HTML via the tabsel parameter to admin/launch."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140927 XSS Reflected vulnerabilities and CSRF in Exinda WAN Optimization Suite (CVE-2014-7157, CVE-2014-7158)",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Sep/108"
},
{
"name" : "http://packetstormsecurity.com/files/128459/Exinda-WAN-Optimization-Suite-7.0.0-CSRF-XSS.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128459/Exinda-WAN-Optimization-Suite-7.0.0-CSRF-XSS.html"
},
{
"name" : "70161",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70161"
},
{
"name" : "exindawan-cve20147157-xss(96701)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96701"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Exinda WAN Optimization Suite 7.0.0 (2160) allows remote attackers to inject arbitrary web script or HTML via the tabsel parameter to admin/launch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "exindawan-cve20147157-xss(96701)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96701"
},
{
"name": "http://packetstormsecurity.com/files/128459/Exinda-WAN-Optimization-Suite-7.0.0-CSRF-XSS.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128459/Exinda-WAN-Optimization-Suite-7.0.0-CSRF-XSS.html"
},
{
"name": "70161",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70161"
},
{
"name": "20140927 XSS Reflected vulnerabilities and CSRF in Exinda WAN Optimization Suite (CVE-2014-7157, CVE-2014-7158)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Sep/108"
}
]
}
}

34
2014/7xxx/CVE-2014-7332.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7332",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-7332",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

140
2014/7xxx/CVE-2014-7368.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7368",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Compassion Satisfaction (aka com.wCompassionSatisfactionWorkshopPresentation) application 0.75.13440.35155 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#174881",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/174881"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Compassion Satisfaction (aka com.wCompassionSatisfactionWorkshopPresentation) application 0.75.13440.35155 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#174881",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/174881"
}
]
}
}

140
2014/7xxx/CVE-2014-7799.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7799",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Squishy birds (aka com.tatmob.squishybirds) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#671993",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/671993"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Squishy birds (aka com.tatmob.squishybirds) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#671993",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/671993"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

170
2014/7xxx/CVE-2014-7875.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7875",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability on the HP LaserJet CM3530 Multifunction Printer CC519A and CC520A with firmware before 53.236.2 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2014-7875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBPI03147",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04483249"
},
{
"name" : "SSRT101766",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04483249"
},
{
"name" : "70863",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70863"
},
{
"name" : "1031153",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031153"
},
{
"name" : "62005",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62005"
},
{
"name" : "hp-laserjet-cve20147875-dos(98422)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98422"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability on the HP LaserJet CM3530 Multifunction Printer CC519A and CC520A with firmware before 53.236.2 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBPI03147",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04483249"
},
{
"name": "hp-laserjet-cve20147875-dos(98422)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98422"
},
{
"name": "70863",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70863"
},
{
"name": "1031153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031153"
},
{
"name": "SSRT101766",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04483249"
},
{
"name": "62005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62005"
}
]
}
}

34
2014/8xxx/CVE-2014-8406.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8406",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8406",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2014/8xxx/CVE-2014-8606.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8606",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to read arbitrary files via a .. (dot dot) in the file parameter in a json_return action in the xcloner_show page to wp-admin/admin-ajax.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.vapid.dhs.org/advisories/wordpress/plugins/Xcloner-v3.1.1/",
"refsource" : "MISC",
"url" : "http://www.vapid.dhs.org/advisories/wordpress/plugins/Xcloner-v3.1.1/"
},
{
"name" : "http://www.vapid.dhs.org/advisory.php?v=110",
"refsource" : "MISC",
"url" : "http://www.vapid.dhs.org/advisory.php?v=110"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to read arbitrary files via a .. (dot dot) in the file parameter in a json_return action in the xcloner_show page to wp-admin/admin-ajax.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapid.dhs.org/advisories/wordpress/plugins/Xcloner-v3.1.1/",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisories/wordpress/plugins/Xcloner-v3.1.1/"
},
{
"name": "http://www.vapid.dhs.org/advisory.php?v=110",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisory.php?v=110"
}
]
}
}

140
2014/8xxx/CVE-2014-8669.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8669",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/",
"refsource" : "MISC",
"url" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/"
},
{
"name" : "http://service.sap.com/sap/support/notes/0001835691",
"refsource" : "MISC",
"url" : "http://service.sap.com/sap/support/notes/0001835691"
},
{
"name" : "http://service.sap.com/sap/support/notes/0001872638",
"refsource" : "MISC",
"url" : "http://service.sap.com/sap/support/notes/0001872638"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://service.sap.com/sap/support/notes/0001872638",
"refsource": "MISC",
"url": "http://service.sap.com/sap/support/notes/0001872638"
},
{
"name": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/",
"refsource": "MISC",
"url": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/"
},
{
"name": "http://service.sap.com/sap/support/notes/0001835691",
"refsource": "MISC",
"url": "http://service.sap.com/sap/support/notes/0001835691"
}
]
}
}

34
2014/8xxx/CVE-2014-8907.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8907",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8907",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/9xxx/CVE-2014-9873.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9873",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28750726 and Qualcomm internal bug CR556860."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2014-9873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=ef29ae1d40536fef7fb95e4d5bb5b6b57bdf9420",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=ef29ae1d40536fef7fb95e4d5bb5b6b57bdf9420"
},
{
"name" : "92219",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92219"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28750726 and Qualcomm internal bug CR556860."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name": "92219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92219"
},
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=ef29ae1d40536fef7fb95e4d5bb5b6b57bdf9420",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=ef29ae1d40536fef7fb95e4d5bb5b6b57bdf9420"
}
]
}
}

120
2016/2xxx/CVE-2016-2142.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"ID" : "CVE-2016-2142",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "RHSA-2016:1038",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:1038"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:1038",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1038"
}
]
}
}

130
2016/2xxx/CVE-2016-2274.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2016-2274",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adcon Telemetry A850 Telemetry Gateway Base Station",
"version" : {
"version_data" : [
{
"version_value" : "Adcon Telemetry A850 Telemetry Gateway Base Station"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Adcon Telemetry A850 Telemetry Gateway Base Station. The Web Interface does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output; this could allow for cross-site scripting."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Adcon Telemetry A850 Telemetry Gateway Base Station XSS"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-2274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adcon Telemetry A850 Telemetry Gateway Base Station",
"version": {
"version_data": [
{
"version_value": "Adcon Telemetry A850 Telemetry Gateway Base Station"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-03",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-03"
},
{
"name" : "94781",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94781"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Adcon Telemetry A850 Telemetry Gateway Base Station. The Web Interface does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output; this could allow for cross-site scripting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Adcon Telemetry A850 Telemetry Gateway Base Station XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94781",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94781"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-343-03"
}
]
}
}

130
2016/2xxx/CVE-2016-2874.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2874",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 mishandles authorization, which allows remote authenticated users to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21987771",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21987771"
},
{
"name" : "95003",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95003"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 mishandles authorization, which allows remote authenticated users to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21987771",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987771"
},
{
"name": "95003",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95003"
}
]
}
}

34
2016/6xxx/CVE-2016-6300.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6300",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-6300",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}

160
2016/6xxx/CVE-2016-6932.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6932",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, and CVE-2016-6931."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-6932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html"
},
{
"name" : "GLSA-201610-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201610-10"
},
{
"name" : "RHSA-2016:1865",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1865.html"
},
{
"name" : "92927",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92927"
},
{
"name" : "1036791",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036791"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, and CVE-2016-6931."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201610-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-10"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-29.html"
},
{
"name": "RHSA-2016:1865",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1865.html"
},
{
"name": "92927",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92927"
},
{
"name": "1036791",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036791"
}
]
}
}

160
2017/18xxx/CVE-2017-18012.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18012",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://packetstormsecurity.com/files/145218/WordPress-Z-URL-Preview-1.6.1-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/145218/WordPress-Z-URL-Preview-1.6.1-Cross-Site-Scripting.html"
},
{
"name" : "https://plugins.svn.wordpress.org/z-url-preview/trunk/readme.txt",
"refsource" : "MISC",
"url" : "https://plugins.svn.wordpress.org/z-url-preview/trunk/readme.txt"
},
{
"name" : "https://wordpress.org/plugins/z-url-preview/#developers",
"refsource" : "MISC",
"url" : "https://wordpress.org/plugins/z-url-preview/#developers"
},
{
"name" : "https://wordpress.org/support/topic/z-url-preview-1-6-1-cross-site-scripting/",
"refsource" : "MISC",
"url" : "https://wordpress.org/support/topic/z-url-preview-1-6-1-cross-site-scripting/"
},
{
"name" : "https://wpvulndb.com/vulnerabilities/8990",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/8990"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8990",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8990"
},
{
"name": "https://plugins.svn.wordpress.org/z-url-preview/trunk/readme.txt",
"refsource": "MISC",
"url": "https://plugins.svn.wordpress.org/z-url-preview/trunk/readme.txt"
},
{
"name": "https://packetstormsecurity.com/files/145218/WordPress-Z-URL-Preview-1.6.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/145218/WordPress-Z-URL-Preview-1.6.1-Cross-Site-Scripting.html"
},
{
"name": "https://wordpress.org/plugins/z-url-preview/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/z-url-preview/#developers"
},
{
"name": "https://wordpress.org/support/topic/z-url-preview-1-6-1-cross-site-scripting/",
"refsource": "MISC",
"url": "https://wordpress.org/support/topic/z-url-preview-1-6-1-cross-site-scripting/"
}
]
}
}

180
2017/5xxx/CVE-2017-5016.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-5016",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android",
"version" : {
"version_data" : [
{
"version_value" : "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to prevent certain UI elements from being displayed by non-visible pages, which allowed a remote attacker to show certain UI elements on a page they don't control via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "insufficient policy enforcement"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
},
{
"name" : "https://crbug.com/673163",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/673163"
},
{
"name" : "DSA-3776",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3776"
},
{
"name" : "GLSA-201701-66",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-66"
},
{
"name" : "RHSA-2017:0206",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0206.html"
},
{
"name" : "95792",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95792"
},
{
"name" : "1037718",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037718"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to prevent certain UI elements from being displayed by non-visible pages, which allowed a remote attacker to show certain UI elements on a page they don't control via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "insufficient policy enforcement"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95792",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95792"
},
{
"name": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
},
{
"name": "GLSA-201701-66",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-66"
},
{
"name": "RHSA-2017:0206",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0206.html"
},
{
"name": "https://crbug.com/673163",
"refsource": "CONFIRM",
"url": "https://crbug.com/673163"
},
{
"name": "1037718",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037718"
},
{
"name": "DSA-3776",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3776"
}
]
}
}

34
2017/5xxx/CVE-2017-5288.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5288",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5288",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

274
2017/5xxx/CVE-2017-5429.json
View File

@ -1,139 +1,139 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2017-5429",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Thunderbird",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52.1"
}
]
}
},
{
"product_name" : "Firefox ESR",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "45.9"
},
{
"version_affected" : "<",
"version_value" : "52.1"
}
]
}
},
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "53"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, Firefox ESR 52.1, and Thunderbird 52.1"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-5429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "52.1"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "45.9"
},
{
"version_affected": "<",
"version_value": "52.1"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "53"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1343261%2C1350844%2C1341096%2C1342823%2C1348894%2C1348941%2C1349340%2C1352926%2C1353088%2C",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1343261%2C1350844%2C1341096%2C1342823%2C1348894%2C1348941%2C1349340%2C1352926%2C1353088%2C"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-10/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-10/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-11/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-11/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-12/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-12/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-13/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-13/"
},
{
"name" : "DSA-3831",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3831"
},
{
"name" : "RHSA-2017:1104",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1104"
},
{
"name" : "RHSA-2017:1106",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1106"
},
{
"name" : "RHSA-2017:1201",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1201"
},
{
"name" : "97940",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97940"
},
{
"name" : "1038320",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038320"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, Firefox ESR 52.1, and Thunderbird 52.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1106",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1106"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-12/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-12/"
},
{
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1343261%2C1350844%2C1341096%2C1342823%2C1348894%2C1348941%2C1349340%2C1352926%2C1353088%2C",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1343261%2C1350844%2C1341096%2C1342823%2C1348894%2C1348941%2C1349340%2C1352926%2C1353088%2C"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-11/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-11/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-10/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-10/"
},
{
"name": "97940",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97940"
},
{
"name": "DSA-3831",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3831"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-13/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-13/"
},
{
"name": "1038320",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038320"
},
{
"name": "RHSA-2017:1104",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1104"
},
{
"name": "RHSA-2017:1201",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1201"
}
]
}
}

160
2017/5xxx/CVE-2017-5552.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5552",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170120 CVE request Qemu: display: virtio-gpu-3d: memory leakage in virgl_resource_attach_backing",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/20/17"
},
{
"name" : "[oss-security] 20170120 Re: CVE request Qemu: display: virtio-gpu-3d: memory leakage in virgl_resource_attach_backing",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/21/5"
},
{
"name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=33243031dad02d161225ba99d782616da133f689",
"refsource" : "CONFIRM",
"url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=33243031dad02d161225ba99d782616da133f689"
},
{
"name" : "GLSA-201702-28",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-28"
},
{
"name" : "95773",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95773"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201702-28",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"name": "95773",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95773"
},
{
"name": "[oss-security] 20170120 Re: CVE request Qemu: display: virtio-gpu-3d: memory leakage in virgl_resource_attach_backing",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/21/5"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=33243031dad02d161225ba99d782616da133f689",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=33243031dad02d161225ba99d782616da133f689"
},
{
"name": "[oss-security] 20170120 CVE request Qemu: display: virtio-gpu-3d: memory leakage in virgl_resource_attach_backing",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/20/17"
}
]
}
}