admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:22:48 +00:00
parent c7022cf52f
commit 517c748976
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
56 changed files with 4104 additions and 4104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

250
2006/0xxx/CVE-2006-0008.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0008",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the \"shell about dialog box\" and clicking the \"End-User License Agreement\" link, which executes Notepad with the privileges of the program that displays the about box."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-0008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060215 Security advisory: Windows IME Vulnerability (MS06-009)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/425141/100/0/threaded"
},
{
"name" : "http://www.ryanstyle.com/alert/my/5/ms06_009_eng.html",
"refsource" : "MISC",
"url" : "http://www.ryanstyle.com/alert/my/5/ms06_009_eng.html"
},
{
"name" : "MS06-009",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-009"
},
{
"name" : "VU#739844",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/739844"
},
{
"name" : "16643",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16643"
},
{
"name" : "ADV-2006-0578",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0578"
},
{
"name" : "oval:org.mitre.oval:def:1595",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1595"
},
{
"name" : "oval:org.mitre.oval:def:1650",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1650"
},
{
"name" : "oval:org.mitre.oval:def:1664",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1664"
},
{
"name" : "oval:org.mitre.oval:def:1688",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1688"
},
{
"name" : "oval:org.mitre.oval:def:727",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A727"
},
{
"name" : "1015631",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015631"
},
{
"name" : "18859",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18859"
},
{
"name" : "win-korean-ime-privilege-elevation(24492)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24492"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the \"shell about dialog box\" and clicking the \"End-User License Agreement\" link, which executes Notepad with the privileges of the program that displays the about box."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:1688",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1688"
},
{
"name": "ADV-2006-0578",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0578"
},
{
"name": "16643",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16643"
},
{
"name": "win-korean-ime-privilege-elevation(24492)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24492"
},
{
"name": "1015631",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015631"
},
{
"name": "18859",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18859"
},
{
"name": "VU#739844",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/739844"
},
{
"name": "MS06-009",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-009"
},
{
"name": "oval:org.mitre.oval:def:1595",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1595"
},
{
"name": "oval:org.mitre.oval:def:727",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A727"
},
{
"name": "http://www.ryanstyle.com/alert/my/5/ms06_009_eng.html",
"refsource": "MISC",
"url": "http://www.ryanstyle.com/alert/my/5/ms06_009_eng.html"
},
{
"name": "20060215 Security advisory: Windows IME Vulnerability (MS06-009)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425141/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:1664",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1664"
},
{
"name": "oval:org.mitre.oval:def:1650",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1650"
}
]
}
}

34
2006/0xxx/CVE-2006-0560.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0560",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2006-0560",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
}
]
}
}

180
2006/0xxx/CVE-2006-0575.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0575",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "convert-fcrontab in Fcron 2.9.5 and 3.0.0 allows remote attackers to create or overwrite arbitrary files via \"..\" sequences and a symlink attack on the temporary file that is used during conversion."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060202 Re: Fcrontab - memory corruption on heap.",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=113890734603201&w=2"
},
{
"name" : "2006-0006",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2006/0006"
},
{
"name" : "25693",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25693"
},
{
"name" : "ADV-2006-0435",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0435"
},
{
"name" : "22905",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22905"
},
{
"name" : "18719",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18719"
},
{
"name" : "fcron-dotdot-directory-traversal(24504)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24504"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "convert-fcrontab in Fcron 2.9.5 and 3.0.0 allows remote attackers to create or overwrite arbitrary files via \"..\" sequences and a symlink attack on the temporary file that is used during conversion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22905",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22905"
},
{
"name": "25693",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25693"
},
{
"name": "fcron-dotdot-directory-traversal(24504)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24504"
},
{
"name": "2006-0006",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0006"
},
{
"name": "ADV-2006-0435",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0435"
},
{
"name": "18719",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18719"
},
{
"name": "20060202 Re: Fcrontab - memory corruption on heap.",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=113890734603201&w=2"
}
]
}
}

160
2006/0xxx/CVE-2006-0606.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0606",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Unknown Domain Shoutbox 2005.07.21 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060209 [eVuln] Unknown Domain Shoutbox multiple XSS & SQL Injection Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/424679/100/0/threaded"
},
{
"name" : "http://evuln.com/vulns/55/summary.html",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/55/summary.html"
},
{
"name" : "16543",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16543"
},
{
"name" : "ADV-2006-0476",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0476"
},
{
"name" : "18759",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18759"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Unknown Domain Shoutbox 2005.07.21 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060209 [eVuln] Unknown Domain Shoutbox multiple XSS & SQL Injection Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424679/100/0/threaded"
},
{
"name": "ADV-2006-0476",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0476"
},
{
"name": "16543",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16543"
},
{
"name": "18759",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18759"
},
{
"name": "http://evuln.com/vulns/55/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/55/summary.html"
}
]
}
}

210
2006/0xxx/CVE-2006-0838.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0838",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext passwords in the (1) CMS_DBPASS, (2) CMSM_DBPASS, and (3) RPT_DBPASS fields in /etc/neusecure.conf, and in (4) /opt/NeuSecure/bin/ns_archiver.log, which allows local users to gain privileges. NOTE: IBM has privately confirmed to CVE that a fix is available for these issues."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060216 Password disclosure and remote access in Netcool/NeuSecure Security information management platform",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/425304/100/0/threaded"
},
{
"name" : "20060216 Password disclosure and remote access in Netcool/NeuSecure Security information management platform",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0364.html"
},
{
"name" : "16698",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16698"
},
{
"name" : "16693",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16693"
},
{
"name" : "23270",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23270"
},
{
"name" : "23271",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23271"
},
{
"name" : "1015642",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015642"
},
{
"name" : "18922",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18922"
},
{
"name" : "netcool-neosecure-config-weak-permission(24785)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24785"
},
{
"name" : "netcool-neosecure-plaintext-password(24787)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24787"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext passwords in the (1) CMS_DBPASS, (2) CMSM_DBPASS, and (3) RPT_DBPASS fields in /etc/neusecure.conf, and in (4) /opt/NeuSecure/bin/ns_archiver.log, which allows local users to gain privileges. NOTE: IBM has privately confirmed to CVE that a fix is available for these issues."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "netcool-neosecure-config-weak-permission(24785)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24785"
},
{
"name": "20060216 Password disclosure and remote access in Netcool/NeuSecure Security information management platform",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425304/100/0/threaded"
},
{
"name": "16698",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16698"
},
{
"name": "16693",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16693"
},
{
"name": "23270",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23270"
},
{
"name": "23271",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23271"
},
{
"name": "18922",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18922"
},
{
"name": "20060216 Password disclosure and remote access in Netcool/NeuSecure Security information management platform",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0364.html"
},
{
"name": "netcool-neosecure-plaintext-password(24787)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24787"
},
{
"name": "1015642",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015642"
}
]
}
}

160
2006/1xxx/CVE-2006-1009.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1009",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "M4 Project enigma-suite before 0.73.3 (Windows) has a default password of \"nominal\" for the \"enigma-client\" account, which allows local users to gain access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.bytereef.org/m4-project-blog.html",
"refsource" : "CONFIRM",
"url" : "http://www.bytereef.org/m4-project-blog.html"
},
{
"name" : "ADV-2006-0787",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0787"
},
{
"name" : "23572",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23572"
},
{
"name" : "19077",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19077"
},
{
"name" : "enigma-suite-default-acoount(24993)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24993"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "M4 Project enigma-suite before 0.73.3 (Windows) has a default password of \"nominal\" for the \"enigma-client\" account, which allows local users to gain access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19077",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19077"
},
{
"name": "enigma-suite-default-acoount(24993)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24993"
},
{
"name": "http://www.bytereef.org/m4-project-blog.html",
"refsource": "CONFIRM",
"url": "http://www.bytereef.org/m4-project-blog.html"
},
{
"name": "ADV-2006-0787",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0787"
},
{
"name": "23572",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23572"
}
]
}
}

180
2006/3xxx/CVE-2006-3504.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3504",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as \"safe\", which could allow attackers to execute Javascript code in local context when the \"Open 'safe' files after downloading\" option is enabled in Safari."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2006-08-01",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"name" : "TA06-214A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name" : "19289",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19289"
},
{
"name" : "ADV-2006-3101",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name" : "27743",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27743"
},
{
"name" : "21253",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21253"
},
{
"name" : "macosx-launchservices-script-execution(28146)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28146"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as \"safe\", which could allow attackers to execute Javascript code in local context when the \"Open 'safe' files after downloading\" option is enabled in Safari."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2006-08-01",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"name": "ADV-2006-3101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name": "21253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21253"
},
{
"name": "macosx-launchservices-script-execution(28146)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28146"
},
{
"name": "19289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19289"
},
{
"name": "TA06-214A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name": "27743",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27743"
}
]
}
}

120
2006/3xxx/CVE-2006-3742.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3742",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows attackers to login without a password by attempting to log in multiple times."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-3742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "FEDORA-2006-942",
"refsource" : "FEDORA",
"url" : "http://lwn.net/Alerts/197302/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows attackers to login without a password by attempting to log in multiple times."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2006-942",
"refsource": "FEDORA",
"url": "http://lwn.net/Alerts/197302/"
}
]
}
}

170
2006/4xxx/CVE-2006-4039.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4039",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) gastname, (2) gastwohnort, or (3) gasteintrag parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060803 GaesteChaos <= 0.2 Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/442205/100/200/threaded"
},
{
"name" : "20060803 GaesteChaos <= 0.2 Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=115464286427745&w=2"
},
{
"name" : "19343",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19343"
},
{
"name" : "ADV-2006-3155",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3155"
},
{
"name" : "21357",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21357"
},
{
"name" : "gastechaos-eintragen-sql-injection(28218)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28218"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) gastname, (2) gastwohnort, or (3) gasteintrag parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060803 GaesteChaos <= 0.2 Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=115464286427745&w=2"
},
{
"name": "ADV-2006-3155",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3155"
},
{
"name": "21357",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21357"
},
{
"name": "20060803 GaesteChaos <= 0.2 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442205/100/200/threaded"
},
{
"name": "gastechaos-eintragen-sql-injection(28218)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28218"
},
{
"name": "19343",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19343"
}
]
}
}

140
2006/4xxx/CVE-2006-4070.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4070",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in Imendio Planner 0.13 allows user-assisted attackers to execute arbitrary code via format string specifiers in a filename."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4070",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060807 IMENDIO PLANNER REMOTE FILENAME FORMAT STRING VULNERABILITY",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/442439/100/0/threaded"
},
{
"name" : "19307",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19307"
},
{
"name" : "1361",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1361"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in Imendio Planner 0.13 allows user-assisted attackers to execute arbitrary code via format string specifiers in a filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1361",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1361"
},
{
"name": "20060807 IMENDIO PLANNER REMOTE FILENAME FORMAT STRING VULNERABILITY",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442439/100/0/threaded"
},
{
"name": "19307",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19307"
}
]
}
}

210
2006/4xxx/CVE-2006-4256.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4256",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka \"cross-site referencing.\" NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060816 [scip_Advisory 2456] Horde Framework and Horde IMP /index.php cross site referencing",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/443360/100/0/threaded"
},
{
"name" : "[horde-announce] 20060817 Horde 3.1.3 (final)",
"refsource" : "MLIST",
"url" : "http://lists.horde.org/archives/announce/2006/000292.html"
},
{
"name" : "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2456",
"refsource" : "MISC",
"url" : "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2456"
},
{
"name" : "DSA-1406",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2007/dsa-1406"
},
{
"name" : "ADV-2006-3309",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3309"
},
{
"name" : "1016713",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016713"
},
{
"name" : "21500",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21500"
},
{
"name" : "27565",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27565"
},
{
"name" : "1422",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1422"
},
{
"name" : "horde-index-xss(28411)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28411"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka \"cross-site referencing.\" NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2456",
"refsource": "MISC",
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2456"
},
{
"name": "[horde-announce] 20060817 Horde 3.1.3 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2006/000292.html"
},
{
"name": "27565",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27565"
},
{
"name": "1422",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1422"
},
{
"name": "20060816 [scip_Advisory 2456] Horde Framework and Horde IMP /index.php cross site referencing",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443360/100/0/threaded"
},
{
"name": "21500",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21500"
},
{
"name": "ADV-2006-3309",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3309"
},
{
"name": "DSA-1406",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "horde-index-xss(28411)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28411"
},
{
"name": "1016713",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016713"
}
]
}
}

130
2010/2xxx/CVE-2010-2087.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2087",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf",
"refsource" : "MISC",
"url" : "http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf"
},
{
"name" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt",
"refsource" : "MISC",
"url" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt"
},
{
"name": "http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf",
"refsource": "MISC",
"url": "http://www.blackhat.com/presentations/bh-dc-10/Byrne_David/BlackHat-DC-2010-Byrne-SGUI-slides.pdf"
}
]
}
}

34
2010/2xxx/CVE-2010-2471.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2471",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2471",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2010/2xxx/CVE-2010-2655.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2655",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. (dot dot) in the DIR parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2655",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14237",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14237/"
},
{
"name" : "http://dsecrg.com/pages/vul/show.php?id=154",
"refsource" : "MISC",
"url" : "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"name" : "41383",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41383"
},
{
"name" : "66124",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/66124"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. (dot dot) in the DIR parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14237",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"name": "66124",
"refsource": "OSVDB",
"url": "http://osvdb.org/66124"
},
{
"name": "41383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41383"
},
{
"name": "http://dsecrg.com/pages/vul/show.php?id=154",
"refsource": "MISC",
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
}
]
}
}

170
2010/2xxx/CVE-2010-2876.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2876",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Shockwave Player before 11.5.8.612 does not properly validate values associated with buffer-size calculation for a 0xFFFFFFF8 record in a (1) .dir or (2) .dcr Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100824 ZDI-10-164: Adobe Shockwave Player Director File FFFFFF88 Record Processing Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/513312/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-164",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-164"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-20.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name" : "oval:org.mitre.oval:def:11805",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11805"
},
{
"name" : "1024361",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024361"
},
{
"name" : "ADV-2010-2176",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2176"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Shockwave Player before 11.5.8.612 does not properly validate values associated with buffer-size calculation for a 0xFFFFFFF8 record in a (1) .dir or (2) .dcr Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100824 ZDI-10-164: Adobe Shockwave Player Director File FFFFFF88 Record Processing Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513312/100/0/threaded"
},
{
"name": "1024361",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024361"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-20.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-20.html"
},
{
"name": "oval:org.mitre.oval:def:11805",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11805"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-164",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-164"
},
{
"name": "ADV-2010-2176",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2176"
}
]
}
}

120
2010/3xxx/CVE-2010-3154.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3154",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Adobe Extension Manager CS5 5.0.298 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .mxi or .mxp file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14784",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14784/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Adobe Extension Manager CS5 5.0.298 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .mxi or .mxp file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14784",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14784/"
}
]
}
}

190
2010/3xxx/CVE-2010-3336.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3336",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka \"MSO Large SPID Read AV Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-3336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS10-087",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087"
},
{
"name" : "TA10-313A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-313A.html"
},
{
"name" : "44660",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44660"
},
{
"name" : "oval:org.mitre.oval:def:11947",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11947"
},
{
"name" : "1024705",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024705"
},
{
"name" : "38521",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38521"
},
{
"name" : "42144",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42144"
},
{
"name" : "ADV-2010-2923",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2923"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka \"MSO Large SPID Read AV Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024705",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024705"
},
{
"name": "42144",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42144"
},
{
"name": "oval:org.mitre.oval:def:11947",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11947"
},
{
"name": "44660",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44660"
},
{
"name": "38521",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38521"
},
{
"name": "ADV-2010-2923",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2923"
},
{
"name": "MS10-087",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087"
},
{
"name": "TA10-313A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-313A.html"
}
]
}
}

140
2010/3xxx/CVE-2010-3608.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3608",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) password (pw) parameters to (a) admin.php or (b) user.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15075",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15075"
},
{
"name" : "http://packetstormsecurity.org/1009-exploits/wpquiz27-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1009-exploits/wpquiz27-sql.txt"
},
{
"name" : "43384",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43384"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) password (pw) parameters to (a) admin.php or (b) user.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43384"
},
{
"name": "15075",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15075"
},
{
"name": "http://packetstormsecurity.org/1009-exploits/wpquiz27-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1009-exploits/wpquiz27-sql.txt"
}
]
}
}

150
2010/4xxx/CVE-2010-4005.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4005",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy 1.5.2 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: vector 1 exists because of an incorrect fix for CVE-2005-4790.2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=644606",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=644606"
},
{
"name" : "MDVSA-2011:035",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:035"
},
{
"name" : "SUSE-SR:2010:023",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
},
{
"name" : "ADV-2011-0457",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0457"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy 1.5.2 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: vector 1 exists because of an incorrect fix for CVE-2005-4790.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:035",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:035"
},
{
"name": "SUSE-SR:2010:023",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=644606",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=644606"
},
{
"name": "ADV-2011-0457",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0457"
}
]
}
}

250
2010/4xxx/CVE-2010-4346.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4346",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The install_special_mapping function in mm/mmap.c in the Linux kernel before 2.6.37-rc6 does not make an expected security_file_mmap function call, which allows local users to bypass intended mmap_min_addr restrictions and possibly conduct NULL pointer dereference attacks via a crafted assembly-language application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name" : "[linux-kernel] 20101209 [PATCH] install_special_mapping skips security_file_mmap check.",
"refsource" : "MLIST",
"url" : "https://lkml.org/lkml/2010/12/9/222"
},
{
"name" : "[oss-security] 20101209 Re: [taviso@cmpxchg8b.com: [PATCH] install_special_mapping skips security_file_mmap check.]",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/12/09/13"
},
{
"name" : "[oss-security] 20101209 [taviso@cmpxchg8b.com: [PATCH] install_special_mapping skips security_file_mmap check.]",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/12/09/12"
},
{
"name" : "[oss-security] 20101210 Re: Subject: CVE request: kernel: install_special_mapping skips security_file_mmap check",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/12/10/3"
},
{
"name" : "[oss-security] 20101210 Subject: CVE request: kernel: install_special_mapping skips security_file_mmap check",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/12/10/2"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=462e635e5b73ba9a4c03913b77138cd57ce4b050",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=462e635e5b73ba9a4c03913b77138cd57ce4b050"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc6",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc6"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=662189",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=662189"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name" : "MDVSA-2011:029",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029"
},
{
"name" : "45323",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45323"
},
{
"name" : "42570",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42570"
},
{
"name" : "46397",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46397"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The install_special_mapping function in mm/mmap.c in the Linux kernel before 2.6.37-rc6 does not make an expected security_file_mmap function call, which allows local users to bypass intended mmap_min_addr restrictions and possibly conduct NULL pointer dereference attacks via a crafted assembly-language application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=662189",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=662189"
},
{
"name": "46397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46397"
},
{
"name": "[oss-security] 20101209 Re: [taviso@cmpxchg8b.com: [PATCH] install_special_mapping skips security_file_mmap check.]",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/12/09/13"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=462e635e5b73ba9a4c03913b77138cd57ce4b050",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=462e635e5b73ba9a4c03913b77138cd57ce4b050"
},
{
"name": "[linux-kernel] 20101209 [PATCH] install_special_mapping skips security_file_mmap check.",
"refsource": "MLIST",
"url": "https://lkml.org/lkml/2010/12/9/222"
},
{
"name": "[oss-security] 20101210 Re: Subject: CVE request: kernel: install_special_mapping skips security_file_mmap check",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/12/10/3"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc6",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc6"
},
{
"name": "MDVSA-2011:029",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029"
},
{
"name": "45323",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45323"
},
{
"name": "[oss-security] 20101210 Subject: CVE request: kernel: install_special_mapping skips security_file_mmap check",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/12/10/2"
},
{
"name": "[oss-security] 20101209 [taviso@cmpxchg8b.com: [PATCH] install_special_mapping skips security_file_mmap check.]",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/12/09/12"
},
{
"name": "42570",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42570"
}
]
}
}

170
2011/1xxx/CVE-2011-1102.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1102",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2011-2.html",
"refsource" : "CONFIRM",
"url" : "http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2011-2.html"
},
{
"name" : "46547",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46547"
},
{
"name" : "1025124",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025124"
},
{
"name" : "43049",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43049"
},
{
"name" : "ADV-2011-0509",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0509"
},
{
"name" : "fsecure-webreporting-xss(65665)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65665"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43049",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43049"
},
{
"name": "ADV-2011-0509",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0509"
},
{
"name": "fsecure-webreporting-xss(65665)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65665"
},
{
"name": "http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2011-2.html",
"refsource": "CONFIRM",
"url": "http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2011-2.html"
},
{
"name": "46547",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46547"
},
{
"name": "1025124",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025124"
}
]
}
}

280
2011/1xxx/CVE-2011-1137.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1137",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "16129",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/16129/"
},
{
"name" : "http://bugs.proftpd.org/show_bug.cgi?id=3586",
"refsource" : "CONFIRM",
"url" : "http://bugs.proftpd.org/show_bug.cgi?id=3586"
},
{
"name" : "http://bugs.proftpd.org/show_bug.cgi?id=3587",
"refsource" : "CONFIRM",
"url" : "http://bugs.proftpd.org/show_bug.cgi?id=3587"
},
{
"name" : "http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/mod_sftp.c?r1=1.29.2.1&r2=1.29.2.2",
"refsource" : "CONFIRM",
"url" : "http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/mod_sftp.c?r1=1.29.2.1&r2=1.29.2.2"
},
{
"name" : "http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.c?r1=1.14.2.2&r2=1.14.2.3",
"refsource" : "CONFIRM",
"url" : "http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.c?r1=1.14.2.2&r2=1.14.2.3"
},
{
"name" : "http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.h?r1=1.3&r2=1.3.2.1",
"refsource" : "CONFIRM",
"url" : "http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.h?r1=1.3&r2=1.3.2.1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=681718",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=681718"
},
{
"name" : "DSA-2185",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2185"
},
{
"name" : "FEDORA-2011-5033",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058356.html"
},
{
"name" : "FEDORA-2011-5040",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058344.html"
},
{
"name" : "SSA:2011-095-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.485806"
},
{
"name" : "46183",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46183"
},
{
"name" : "43234",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43234"
},
{
"name" : "43635",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43635"
},
{
"name" : "43978",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43978"
},
{
"name" : "ADV-2011-0617",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0617"
},
{
"name" : "ADV-2011-0857",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0857"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSA:2011-095-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.485806"
},
{
"name": "http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.h?r1=1.3&r2=1.3.2.1",
"refsource": "CONFIRM",
"url": "http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.h?r1=1.3&r2=1.3.2.1"
},
{
"name": "16129",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/16129/"
},
{
"name": "43978",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43978"
},
{
"name": "ADV-2011-0857",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0857"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=681718",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=681718"
},
{
"name": "46183",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46183"
},
{
"name": "DSA-2185",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2185"
},
{
"name": "http://bugs.proftpd.org/show_bug.cgi?id=3586",
"refsource": "CONFIRM",
"url": "http://bugs.proftpd.org/show_bug.cgi?id=3586"
},
{
"name": "http://bugs.proftpd.org/show_bug.cgi?id=3587",
"refsource": "CONFIRM",
"url": "http://bugs.proftpd.org/show_bug.cgi?id=3587"
},
{
"name": "http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.c?r1=1.14.2.2&r2=1.14.2.3",
"refsource": "CONFIRM",
"url": "http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/packet.c?r1=1.14.2.2&r2=1.14.2.3"
},
{
"name": "ADV-2011-0617",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0617"
},
{
"name": "http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/mod_sftp.c?r1=1.29.2.1&r2=1.29.2.2",
"refsource": "CONFIRM",
"url": "http://proftp.cvs.sourceforge.net/viewvc/proftp/proftpd/contrib/mod_sftp/mod_sftp.c?r1=1.29.2.1&r2=1.29.2.2"
},
{
"name": "FEDORA-2011-5040",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058344.html"
},
{
"name": "43234",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43234"
},
{
"name": "FEDORA-2011-5033",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058356.html"
},
{
"name": "43635",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43635"
}
]
}
}

320
2011/1xxx/CVE-2011-1141.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1141",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (memory consumption) via (1) a long LDAP filter string or (2) an LDAP filter string containing many elements."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://anonsvn.wireshark.org/viewvc?view=rev&revision=36101",
"refsource" : "CONFIRM",
"url" : "http://anonsvn.wireshark.org/viewvc?view=rev&revision=36101"
},
{
"name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.2.15.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.2.15.html"
},
{
"name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2011-03.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2011-03.html"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2011-04.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2011-04.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5732",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5732"
},
{
"name" : "DSA-2201",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2201"
},
{
"name" : "FEDORA-2011-2620",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055664.html"
},
{
"name" : "FEDORA-2011-2632",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055650.html"
},
{
"name" : "MDVSA-2011:044",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:044"
},
{
"name" : "RHSA-2011:0370",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0370.html"
},
{
"name" : "RHSA-2011:0369",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0369.html"
},
{
"name" : "VU#215900",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/215900"
},
{
"name" : "oval:org.mitre.oval:def:14974",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14974"
},
{
"name" : "1025148",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025148"
},
{
"name" : "43821",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43821"
},
{
"name" : "43795",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43795"
},
{
"name" : "43759",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43759"
},
{
"name" : "ADV-2011-0719",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0719"
},
{
"name" : "ADV-2011-0622",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0622"
},
{
"name" : "ADV-2011-0747",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0747"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service (memory consumption) via (1) a long LDAP filter string or (2) an LDAP filter string containing many elements."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43759",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43759"
},
{
"name": "FEDORA-2011-2620",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055664.html"
},
{
"name": "http://www.wireshark.org/docs/relnotes/wireshark-1.2.15.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/docs/relnotes/wireshark-1.2.15.html"
},
{
"name": "ADV-2011-0747",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0747"
},
{
"name": "43795",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43795"
},
{
"name": "VU#215900",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/215900"
},
{
"name": "http://anonsvn.wireshark.org/viewvc?view=rev&revision=36101",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc?view=rev&revision=36101"
},
{
"name": "RHSA-2011:0370",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0370.html"
},
{
"name": "ADV-2011-0719",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0719"
},
{
"name": "http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html"
},
{
"name": "FEDORA-2011-2632",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055650.html"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2011-04.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2011-04.html"
},
{
"name": "ADV-2011-0622",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0622"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2011-03.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2011-03.html"
},
{
"name": "RHSA-2011:0369",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0369.html"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5732",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5732"
},
{
"name": "MDVSA-2011:044",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:044"
},
{
"name": "1025148",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025148"
},
{
"name": "DSA-2201",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2201"
},
{
"name": "oval:org.mitre.oval:def:14974",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14974"
},
{
"name": "43821",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43821"
}
]
}
}

140
2011/1xxx/CVE-2011-1436.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1436",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 11.0.696.57 on Linux does not properly interact with the X Window System, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1436",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=72910",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=72910"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html"
},
{
"name" : "oval:org.mitre.oval:def:14749",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14749"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 11.0.696.57 on Linux does not properly interact with the X Window System, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:14749",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14749"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=72910",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=72910"
}
]
}
}

190
2011/1xxx/CVE-2011-1886.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1886",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 does not properly validate the arguments to functions, which allows local users to read arbitrary data from kernel memory via a crafted application that triggers a NULL pointer dereference, aka \"Win32k Incorrect Parameter Validation Allows Information Disclosure Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.avaya.com/css/P8/documents/100144947",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100144947"
},
{
"name" : "MS11-054",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-054"
},
{
"name" : "TA11-193A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-193A.html"
},
{
"name" : "48607",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/48607"
},
{
"name" : "73791",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/73791"
},
{
"name" : "oval:org.mitre.oval:def:12778",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12778"
},
{
"name" : "1025761",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025761"
},
{
"name" : "45186",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45186"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 does not properly validate the arguments to functions, which allows local users to read arbitrary data from kernel memory via a crafted application that triggers a NULL pointer dereference, aka \"Win32k Incorrect Parameter Validation Allows Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS11-054",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-054"
},
{
"name": "48607",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48607"
},
{
"name": "http://support.avaya.com/css/P8/documents/100144947",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100144947"
},
{
"name": "73791",
"refsource": "OSVDB",
"url": "http://osvdb.org/73791"
},
{
"name": "TA11-193A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-193A.html"
},
{
"name": "45186",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45186"
},
{
"name": "oval:org.mitre.oval:def:12778",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12778"
},
{
"name": "1025761",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025761"
}
]
}
}

120
2011/5xxx/CVE-2011-5151.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5151",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in ACDSee Picture Frame Manager 1.0 Build 81 allows local users to gain privileges via a Trojan horse ShellIntMgrPFMU.dll file in the current working directory, as demonstrated by a directory that contains a .jpg file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "43562",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43562"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in ACDSee Picture Frame Manager 1.0 Build 81 allows local users to gain privileges via a Trojan horse ShellIntMgrPFMU.dll file in the current working directory, as demonstrated by a directory that contains a .jpg file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43562",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43562"
}
]
}
}

150
2014/3xxx/CVE-2014-3494.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3494",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=bbae87dc1be3ae063796a582774bd5642cacdd5d&hp=1ccdb43ed3b32a7798eec6d39bb3c83a6e40228f",
"refsource" : "CONFIRM",
"url" : "http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=bbae87dc1be3ae063796a582774bd5642cacdd5d&hp=1ccdb43ed3b32a7798eec6d39bb3c83a6e40228f"
},
{
"name" : "http://www.kde.org/info/security/advisory-20140618-1.txt",
"refsource" : "CONFIRM",
"url" : "http://www.kde.org/info/security/advisory-20140618-1.txt"
},
{
"name" : "openSUSE-SU-2015:0573",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"
},
{
"name" : "68113",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68113"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2015:0573",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"
},
{
"name": "68113",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68113"
},
{
"name": "http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=bbae87dc1be3ae063796a582774bd5642cacdd5d&hp=1ccdb43ed3b32a7798eec6d39bb3c83a6e40228f",
"refsource": "CONFIRM",
"url": "http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=bbae87dc1be3ae063796a582774bd5642cacdd5d&hp=1ccdb43ed3b32a7798eec6d39bb3c83a6e40228f"
},
{
"name": "http://www.kde.org/info/security/advisory-20140618-1.txt",
"refsource": "CONFIRM",
"url": "http://www.kde.org/info/security/advisory-20140618-1.txt"
}
]
}
}

220
2014/3xxx/CVE-2014-3533.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3533",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140702 CVE-2014-3532, -3533: two local DoS vulnerabilities in dbus-daemon",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/07/02/4"
},
{
"name" : "https://bugs.freedesktop.org/show_bug.cgi?id=79694",
"refsource" : "CONFIRM",
"url" : "https://bugs.freedesktop.org/show_bug.cgi?id=79694"
},
{
"name" : "https://bugs.freedesktop.org/show_bug.cgi?id=80469",
"refsource" : "CONFIRM",
"url" : "https://bugs.freedesktop.org/show_bug.cgi?id=80469"
},
{
"name" : "http://advisories.mageia.org/MGASA-2014-0294.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2014-0294.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name" : "DSA-2971",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2971"
},
{
"name" : "MDVSA-2015:176",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
},
{
"name" : "openSUSE-SU-2014:1239",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
},
{
"name" : "59611",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59611"
},
{
"name" : "59798",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59798"
},
{
"name" : "60236",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60236"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "59798",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59798"
},
{
"name": "59611",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59611"
},
{
"name": "openSUSE-SU-2014:1239",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html"
},
{
"name": "60236",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60236"
},
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=80469",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=80469"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0294.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0294.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "DSA-2971",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2971"
},
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=79694",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=79694"
},
{
"name": "[oss-security] 20140702 CVE-2014-3532, -3533: two local DoS vulnerabilities in dbus-daemon",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/07/02/4"
},
{
"name": "MDVSA-2015:176",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176"
}
]
}
}

150
2014/3xxx/CVE-2014-3777.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3777",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Reportico PHP Report Designer before 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the xmlin parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140628 SECV-05-1402 - Reportico php admin credentials leak",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Jun/144"
},
{
"name" : "http://packetstormsecurity.com/files/127280/Reportico-Admin-Credential-Leak.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127280/Reportico-Admin-Credential-Leak.html"
},
{
"name" : "http://www.secveritas.com/secv-05-1402.html",
"refsource" : "MISC",
"url" : "http://www.secveritas.com/secv-05-1402.html"
},
{
"name" : "108612",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/108612"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Reportico PHP Report Designer before 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the xmlin parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "108612",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/108612"
},
{
"name": "20140628 SECV-05-1402 - Reportico php admin credentials leak",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jun/144"
},
{
"name": "http://packetstormsecurity.com/files/127280/Reportico-Admin-Credential-Leak.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127280/Reportico-Admin-Credential-Leak.html"
},
{
"name": "http://www.secveritas.com/secv-05-1402.html",
"refsource": "MISC",
"url": "http://www.secveritas.com/secv-05-1402.html"
}
]
}
}

150
2014/3xxx/CVE-2014-3780.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3780",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.citrix.com/article/CTX140779",
"refsource" : "CONFIRM",
"url" : "http://support.citrix.com/article/CTX140779"
},
{
"name" : "67687",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67687"
},
{
"name" : "1030305",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030305"
},
{
"name" : "58431",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58431"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.citrix.com/article/CTX140779",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX140779"
},
{
"name": "1030305",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030305"
},
{
"name": "67687",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67687"
},
{
"name": "58431",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58431"
}
]
}
}

160
2014/3xxx/CVE-2014-3878.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3878",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly before 12.4.1.15, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in an add new contact action in the Contacts section or unspecified vectors in (2) an Add Group task in the Contacts section, (3) an add new event action in the Calendar section, or (4) the Task section."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "33633",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/33633"
},
{
"name" : "20140604 IPSwitch IMail Server WEB client 12.4 persistent XSS",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Jun/19"
},
{
"name" : "http://packetstormsecurity.com/files/126948/IPSwitch-IMail-12.4-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/126948/IPSwitch-IMail-12.4-Cross-Site-Scripting.html"
},
{
"name" : "67830",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67830"
},
{
"name" : "1030335",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030335"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly before 12.4.1.15, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in an add new contact action in the Contacts section or unspecified vectors in (2) an Add Group task in the Contacts section, (3) an add new event action in the Calendar section, or (4) the Task section."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140604 IPSwitch IMail Server WEB client 12.4 persistent XSS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jun/19"
},
{
"name": "http://packetstormsecurity.com/files/126948/IPSwitch-IMail-12.4-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126948/IPSwitch-IMail-12.4-Cross-Site-Scripting.html"
},
{
"name": "67830",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67830"
},
{
"name": "1030335",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030335"
},
{
"name": "33633",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/33633"
}
]
}
}

140
2014/7xxx/CVE-2014-7043.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7043",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Cadpage (aka net.anei.cadpage) application 1.7.44 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#817281",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/817281"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Cadpage (aka net.anei.cadpage) application 1.7.44 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#817281",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/817281"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7414.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7414",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CLEO Malaysia (aka com.magzter.cleomalaysia) application 3.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#467481",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/467481"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CLEO Malaysia (aka com.magzter.cleomalaysia) application 3.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#467481",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/467481"
}
]
}
}

34
2014/7xxx/CVE-2014-7531.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7531",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-7531",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

34
2014/7xxx/CVE-2014-7541.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7541",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-7541",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

140
2014/7xxx/CVE-2014-7688.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7688",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Home Improvement (aka com.whomeimprovementapp) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#598249",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/598249"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Home Improvement (aka com.whomeimprovementapp) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "VU#598249",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/598249"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

34
2014/7xxx/CVE-2014-7704.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7704",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-7704",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

34
2014/8xxx/CVE-2014-8224.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8224",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-8224",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

120
2014/8xxx/CVE-2014-8458.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8458",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2014-8458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://helpx.adobe.com/security/products/reader/apsb14-28.html",
"refsource" : "CONFIRM",
"url" : "http://helpx.adobe.com/security/products/reader/apsb14-28.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://helpx.adobe.com/security/products/reader/apsb14-28.html",
"refsource": "CONFIRM",
"url": "http://helpx.adobe.com/security/products/reader/apsb14-28.html"
}
]
}
}

120
2014/8xxx/CVE-2014-8534.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8534",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the login form in McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to cause a denial of service via a crafted value in the domain field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10044",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10044"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the login form in McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to cause a denial of service via a crafted value in the domain field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10044",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10044"
}
]
}
}

34
2014/8xxx/CVE-2014-8699.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8699",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8699",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/8xxx/CVE-2014-8883.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8883",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8883",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2014/9xxx/CVE-2014-9193.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9193",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-9193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-02",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-02"
},
{
"name" : "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20141217_001_en.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20141217_001_en.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20141217_001_en.pdf",
"refsource": "CONFIRM",
"url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20141217_001_en.pdf"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-02"
}
]
}
}

150
2014/9xxx/CVE-2014-9264.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9264",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-412/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-412/"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-413/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-413/"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-414/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-414/"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-415/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-415/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-413/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-413/"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-412/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-412/"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-414/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-414/"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-415/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-415/"
}
]
}
}

380
2014/9xxx/CVE-2014-9584.json
View File

@ -1,192 +1,192 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9584",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-9584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150109 Re: CVE request Linux kernel: isofs: unchecked printing of ER records",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/01/09/4"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4e2024624e678f0ebb916e6192bd23c1f9fdf696",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4e2024624e678f0ebb916e6192bd23c1f9fdf696"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1180119",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1180119"
},
{
"name" : "https://github.com/torvalds/linux/commit/4e2024624e678f0ebb916e6192bd23c1f9fdf696",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/4e2024624e678f0ebb916e6192bd23c1f9fdf696"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name" : "DSA-3128",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3128"
},
{
"name" : "MDVSA-2015:058",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:058"
},
{
"name" : "RHSA-2015:0864",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0864.html"
},
{
"name" : "RHSA-2015:1137",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1137.html"
},
{
"name" : "RHSA-2015:1138",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1138.html"
},
{
"name" : "SUSE-SU-2015:0481",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
},
{
"name" : "SUSE-SU-2015:0529",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html"
},
{
"name" : "openSUSE-SU-2015:0566",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
},
{
"name" : "SUSE-SU-2015:0652",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html"
},
{
"name" : "SUSE-SU-2015:0812",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
},
{
"name" : "SUSE-SU-2015:0736",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html"
},
{
"name" : "openSUSE-SU-2015:0714",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html"
},
{
"name" : "USN-2511-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2511-1"
},
{
"name" : "USN-2512-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2512-1"
},
{
"name" : "USN-2515-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2515-1"
},
{
"name" : "USN-2516-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2516-1"
},
{
"name" : "USN-2517-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2517-1"
},
{
"name" : "USN-2518-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2518-1"
},
{
"name" : "USN-2513-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2513-1"
},
{
"name" : "USN-2514-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2514-1"
},
{
"name" : "71883",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71883"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2515-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2515-1"
},
{
"name": "SUSE-SU-2015:0736",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1180119",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1180119"
},
{
"name": "SUSE-SU-2015:0652",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html"
},
{
"name": "USN-2512-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2512-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "[oss-security] 20150109 Re: CVE request Linux kernel: isofs: unchecked printing of ER records",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/09/4"
},
{
"name": "USN-2514-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2514-1"
},
{
"name": "RHSA-2015:1138",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1138.html"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4e2024624e678f0ebb916e6192bd23c1f9fdf696",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4e2024624e678f0ebb916e6192bd23c1f9fdf696"
},
{
"name": "USN-2518-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2518-1"
},
{
"name": "RHSA-2015:0864",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0864.html"
},
{
"name": "SUSE-SU-2015:0481",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
},
{
"name": "MDVSA-2015:058",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:058"
},
{
"name": "https://github.com/torvalds/linux/commit/4e2024624e678f0ebb916e6192bd23c1f9fdf696",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/4e2024624e678f0ebb916e6192bd23c1f9fdf696"
},
{
"name": "openSUSE-SU-2015:0566",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2"
},
{
"name": "71883",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71883"
},
{
"name": "SUSE-SU-2015:0529",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html"
},
{
"name": "USN-2517-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2517-1"
},
{
"name": "openSUSE-SU-2015:0714",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html"
},
{
"name": "DSA-3128",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3128"
},
{
"name": "USN-2516-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2516-1"
},
{
"name": "RHSA-2015:1137",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1137.html"
},
{
"name": "USN-2513-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2513-1"
},
{
"name": "USN-2511-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2511-1"
},
{
"name": "SUSE-SU-2015:0812",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
}
]
}
}

34
2014/9xxx/CVE-2014-9612.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9612",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9612",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2016/2xxx/CVE-2016-2037.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2037",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160119 CVE request: out-of-bounds write with cpio 2.11",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/01/19/4"
},
{
"name" : "[oss-security] 20160122 Re: CVE request: out-of-bounds write with cpio 2.11",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/01/22/4"
},
{
"name" : "DSA-3483",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3483"
},
{
"name" : "USN-2906-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2906-1"
},
{
"name" : "82293",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/82293"
},
{
"name" : "1035067",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035067"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160119 CVE request: out-of-bounds write with cpio 2.11",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/19/4"
},
{
"name": "1035067",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035067"
},
{
"name": "DSA-3483",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3483"
},
{
"name": "[oss-security] 20160122 Re: CVE request: out-of-bounds write with cpio 2.11",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/22/4"
},
{
"name": "USN-2906-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2906-1"
},
{
"name": "82293",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/82293"
}
]
}
}

170
2016/2xxx/CVE-2016-2094.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"ID" : "CVE-2016-2094",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The HTTPS NIO Connector allows remote attackers to cause a denial of service (thread consumption) by opening a socket and not sending an SSL handshake, aka a read-timeout vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1308465",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1308465"
},
{
"name" : "RHSA-2016:0595",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0595.html"
},
{
"name" : "RHSA-2016:0596",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0596.html"
},
{
"name" : "RHSA-2016:0597",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0597.html"
},
{
"name" : "RHSA-2016:0598",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0598.html"
},
{
"name" : "RHSA-2016:0599",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0599.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTPS NIO Connector allows remote attackers to cause a denial of service (thread consumption) by opening a socket and not sending an SSL handshake, aka a read-timeout vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:0599",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0599.html"
},
{
"name": "RHSA-2016:0596",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0596.html"
},
{
"name": "RHSA-2016:0595",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0595.html"
},
{
"name": "RHSA-2016:0598",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0598.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1308465",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1308465"
},
{
"name": "RHSA-2016:0597",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0597.html"
}
]
}
}

120
2016/2xxx/CVE-2016-2354.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2354",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver before 2016-04-07 supports unrestricted pairing without a PIN, which allows remote attackers to send arbitrary CAN commands by leveraging access to a device inside or adjacent to the vehicle, as demonstrated by a CAN command to disrupt braking or steering."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2354",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#615456",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/615456"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver before 2016-04-07 supports unrestricted pairing without a PIN, which allows remote attackers to send arbitrary CAN commands by leveraging access to a device inside or adjacent to the vehicle, as demonstrated by a CAN command to disrupt braking or steering."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#615456",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/615456"
}
]
}
}

120
2016/2xxx/CVE-2016-2881.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2881",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 and QRadar Incident Forensics 7.2 before 7.2.7 allow remote attackers to bypass intended access restrictions via modified request parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21987777",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21987777"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 and QRadar Incident Forensics 7.2 before 7.2.7 allow remote attackers to bypass intended access restrictions via modified request parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21987777",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987777"
}
]
}
}

130
2016/6xxx/CVE-2016-6463.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2016-6463",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco AsyncOS 9.7.1-066 through 10.0.0-082",
"version" : {
"version_data" : [
{
"version_value" : "Cisco AsyncOS 9.7.1-066 through 10.0.0-082"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for both virtual and hardware versions of Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCuz85823. Known Affected Releases: 10.0.0-082 9.7.0-125 9.7.1-066. Known Fixed Releases: 10.0.0-203 9.7.2-131."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unspecified"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-6463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco AsyncOS 9.7.1-066 through 10.0.0-082",
"version": {
"version_data": [
{
"version_value": "Cisco AsyncOS 9.7.1-066 through 10.0.0-082"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-esa2",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-esa2"
},
{
"name" : "94363",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94363"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for both virtual and hardware versions of Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCuz85823. Known Affected Releases: 10.0.0-082 9.7.0-125 9.7.1-066. Known Fixed Releases: 10.0.0-203 9.7.2-131."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-esa2",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-esa2"
},
{
"name": "94363",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94363"
}
]
}
}

130
2016/6xxx/CVE-2016-6684.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6684",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, and Android One devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30148243."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-6684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-10-01.html"
},
{
"name" : "93326",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93326"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, and Android One devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30148243."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-10-01.html"
},
{
"name": "93326",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93326"
}
]
}
}

142
2016/6xxx/CVE-2016-6713.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2016-6713",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android-6.0"
},
{
"version_value" : "Android-6.0.1"
},
{
"version_value" : "Android-7.0"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote denial of service vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-30822755."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of service"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-6713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-6.0"
},
{
"version_value": "Android-6.0.1"
},
{
"version_value": "Android-7.0"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name" : "94137",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94137"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote denial of service vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-30822755."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94137",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94137"
},
{
"name": "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-11-01.html"
}
]
}
}

130
2017/5xxx/CVE-2017-5351.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5351",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0) software allow attackers to crash the system by creating an arbitrarily large number of active VR service threads. The Samsung ID is SVE-2016-7650."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017",
"refsource" : "CONFIRM",
"url" : "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017"
},
{
"name" : "95418",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95418"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0) software allow attackers to crash the system by creating an arbitrarily large number of active VR service threads. The Samsung ID is SVE-2016-7650."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017",
"refsource": "CONFIRM",
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017"
},
{
"name": "95418",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95418"
}
]
}
}

140
2017/5xxx/CVE-2017-5833.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5833",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170202 Re: CVE request: multiples vulnerabilities in Revive Adserver",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/02/02/3"
},
{
"name" : "https://www.revive-adserver.com/security/revive-sa-2017-001/",
"refsource" : "CONFIRM",
"url" : "https://www.revive-adserver.com/security/revive-sa-2017-001/"
},
{
"name" : "95875",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95875"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20170202 Re: CVE request: multiples vulnerabilities in Revive Adserver",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/3"
},
{
"name": "https://www.revive-adserver.com/security/revive-sa-2017-001/",
"refsource": "CONFIRM",
"url": "https://www.revive-adserver.com/security/revive-sa-2017-001/"
},
{
"name": "95875",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95875"
}
]
}
}

200
2017/5xxx/CVE-2017-5972.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5972",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. NOTE: third parties have been unable to discern any relationship between the GitHub Engineering finding and the Trigemini.c attack code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41350",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41350/"
},
{
"name" : "http://seclists.org/oss-sec/2017/q1/573",
"refsource" : "MISC",
"url" : "http://seclists.org/oss-sec/2017/q1/573"
},
{
"name" : "https://cxsecurity.com/issue/WLB-2017020112",
"refsource" : "MISC",
"url" : "https://cxsecurity.com/issue/WLB-2017020112"
},
{
"name" : "https://githubengineering.com/syn-flood-mitigation-with-synsanity/",
"refsource" : "MISC",
"url" : "https://githubengineering.com/syn-flood-mitigation-with-synsanity/"
},
{
"name" : "https://access.redhat.com/security/cve/cve-2017-5972",
"refsource" : "MISC",
"url" : "https://access.redhat.com/security/cve/cve-2017-5972"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1422081",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1422081"
},
{
"name" : "https://packetstormsecurity.com/files/141083/CentOS7-Kernel-Denial-Of-Service.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/141083/CentOS7-Kernel-Denial-Of-Service.html"
},
{
"name" : "https://security-tracker.debian.org/tracker/CVE-2017-5972",
"refsource" : "MISC",
"url" : "https://security-tracker.debian.org/tracker/CVE-2017-5972"
},
{
"name" : "96231",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96231"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. NOTE: third parties have been unable to discern any relationship between the GitHub Engineering finding and the Trigemini.c attack code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/oss-sec/2017/q1/573",
"refsource": "MISC",
"url": "http://seclists.org/oss-sec/2017/q1/573"
},
{
"name": "41350",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41350/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1422081",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1422081"
},
{
"name": "https://cxsecurity.com/issue/WLB-2017020112",
"refsource": "MISC",
"url": "https://cxsecurity.com/issue/WLB-2017020112"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2017-5972",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2017-5972"
},
{
"name": "https://githubengineering.com/syn-flood-mitigation-with-synsanity/",
"refsource": "MISC",
"url": "https://githubengineering.com/syn-flood-mitigation-with-synsanity/"
},
{
"name": "96231",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96231"
},
{
"name": "https://packetstormsecurity.com/files/141083/CentOS7-Kernel-Denial-Of-Service.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/141083/CentOS7-Kernel-Denial-Of-Service.html"
},
{
"name": "https://access.redhat.com/security/cve/cve-2017-5972",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2017-5972"
}
]
}
}