admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:19:42 +00:00
parent e6e834e219
commit 5574fcb5dc
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 4449 additions and 4449 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

158
2006/0xxx/CVE-2006-0069.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0069",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in addentry.php in Chipmunk Guestbook 1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the homepage parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060101 [eVuln] Chipmunk Guestbook XSS Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/420667/100/0/threaded"
},
{
"name" : "http://evuln.com/vulns/4/summary.html",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/4/summary.html"
},
{
"name" : "16112",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16112"
},
{
"name" : "19087",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19087"
},
{
"name" : "18270",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18270"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in addentry.php in Chipmunk Guestbook 1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the homepage parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060101 [eVuln] Chipmunk Guestbook XSS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420667/100/0/threaded"
},
{
"name": "16112",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16112"
},
{
"name": "18270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18270"
},
{
"name": "19087",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19087"
},
{
"name": "http://evuln.com/vulns/4/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/4/summary.html"
}
]
}
}

188
2006/0xxx/CVE-2006-0381.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0381",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A logic error in the IP fragment cache functionality in pf in FreeBSD 5.3, 5.4, and 6.0, and OpenBSD, when a 'scrub fragment crop' or 'scrub fragment drop-ovl' rule is being used, allows remote attackers to cause a denial of service (crash) via crafted packets that cause a packet fragment to be inserted twice."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2006-0381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "FreeBSD-SA-06:07",
"refsource" : "FREEBSD",
"url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:07.pf.asc"
},
{
"name" : "NetBSD-SA2006-004",
"refsource" : "NETBSD",
"url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-004.txt.asc"
},
{
"name" : "http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_norm.c.diff?r1=1.103&r2=1.104",
"refsource" : "CONFIRM",
"url" : "http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_norm.c.diff?r1=1.103&r2=1.104"
},
{
"name" : "16375",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16375"
},
{
"name" : "22732",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22732"
},
{
"name" : "1015542",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015542"
},
{
"name" : "18609",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18609"
},
{
"name" : "bsd-pf-fragment-dos(24337)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24337"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A logic error in the IP fragment cache functionality in pf in FreeBSD 5.3, 5.4, and 6.0, and OpenBSD, when a 'scrub fragment crop' or 'scrub fragment drop-ovl' rule is being used, allows remote attackers to cause a denial of service (crash) via crafted packets that cause a packet fragment to be inserted twice."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16375",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16375"
},
{
"name": "1015542",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015542"
},
{
"name": "18609",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18609"
},
{
"name": "bsd-pf-fragment-dos(24337)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24337"
},
{
"name": "FreeBSD-SA-06:07",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:07.pf.asc"
},
{
"name": "22732",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22732"
},
{
"name": "http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_norm.c.diff?r1=1.103&r2=1.104",
"refsource": "CONFIRM",
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_norm.c.diff?r1=1.103&r2=1.104"
},
{
"name": "NetBSD-SA2006-004",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-004.txt.asc"
}
]
}
}

138
2006/0xxx/CVE-2006-0734.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0734",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.6 and earlier allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) via a backslash character at the end of a connection string to UDP port 27015."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://aluigi.altervista.org/adv/csdos.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/csdos.txt"
},
{
"name" : "16619",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16619"
},
{
"name" : "halflife-svcheckforduplicatenames-dos(33505)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33505"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.6 and earlier allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) via a backslash character at the end of a connection string to UDP port 27015."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16619",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16619"
},
{
"name": "halflife-svcheckforduplicatenames-dos(33505)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33505"
},
{
"name": "http://aluigi.altervista.org/adv/csdos.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/csdos.txt"
}
]
}
}

448
2006/0xxx/CVE-2006-0996.json
View File

@ -1,227 +1,227 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0996",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060408 phpinfo() Cross Site Scripting PHP 5.1.2 and 4.4.2",
"refsource" : "SREASONRES",
"url" : "http://securityreason.com/achievement_securityalert/34"
},
{
"name" : "[php-cvs] 20060330 cvs: php-src /ext/standard info.c",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=php-cvs&m=114374620416389&w=2"
},
{
"name" : "http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c",
"refsource" : "CONFIRM",
"url" : "http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c"
},
{
"name" : "http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c?r1=1.260&r2=1.261",
"refsource" : "CONFIRM",
"url" : "http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c?r1=1.260&r2=1.261"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm"
},
{
"name" : "http://www.php.net/ChangeLog-4.php#4.4.3",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/ChangeLog-4.php#4.4.3"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm"
},
{
"name" : "GLSA-200605-08",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200605-08.xml"
},
{
"name" : "MDKSA-2006:074",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:074"
},
{
"name" : "RHSA-2006:0276",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2006-0276.html"
},
{
"name" : "RHSA-2006:0501",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0501.html"
},
{
"name" : "RHSA-2006:0549",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2006-0549.html"
},
{
"name" : "20060501-01-U",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
},
{
"name" : "SUSE-SA:2006:024",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/05-05-2006.html"
},
{
"name" : "USN-320-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-320-1"
},
{
"name" : "17362",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17362"
},
{
"name" : "oval:org.mitre.oval:def:10997",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10997"
},
{
"name" : "ADV-2006-1290",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1290"
},
{
"name" : "ADV-2006-2685",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2685"
},
{
"name" : "24484",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24484"
},
{
"name" : "1015879",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015879"
},
{
"name" : "19599",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19599"
},
{
"name" : "19832",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19832"
},
{
"name" : "20222",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20222"
},
{
"name" : "20951",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20951"
},
{
"name" : "21252",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21252"
},
{
"name" : "21564",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21564"
},
{
"name" : "19775",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19775"
},
{
"name" : "19979",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19979"
},
{
"name" : "20052",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20052"
},
{
"name" : "20210",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20210"
},
{
"name" : "21125",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21125"
},
{
"name" : "675",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/675"
},
{
"name" : "php-phpinfo-long-array-xss(25702)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25702"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "675",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/675"
},
{
"name": "19775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19775"
},
{
"name": "21252",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21252"
},
{
"name": "24484",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24484"
},
{
"name": "20222",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20222"
},
{
"name": "20210",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20210"
},
{
"name": "http://www.php.net/ChangeLog-4.php#4.4.3",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-4.php#4.4.3"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm"
},
{
"name": "17362",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17362"
},
{
"name": "RHSA-2006:0276",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0276.html"
},
{
"name": "GLSA-200605-08",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200605-08.xml"
},
{
"name": "http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c?r1=1.260&r2=1.261",
"refsource": "CONFIRM",
"url": "http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c?r1=1.260&r2=1.261"
},
{
"name": "ADV-2006-1290",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1290"
},
{
"name": "USN-320-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-320-1"
},
{
"name": "RHSA-2006:0501",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0501.html"
},
{
"name": "1015879",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015879"
},
{
"name": "20060408 phpinfo() Cross Site Scripting PHP 5.1.2 and 4.4.2",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/34"
},
{
"name": "19979",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19979"
},
{
"name": "RHSA-2006:0549",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0549.html"
},
{
"name": "20951",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20951"
},
{
"name": "21125",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21125"
},
{
"name": "oval:org.mitre.oval:def:10997",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10997"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm"
},
{
"name": "19599",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19599"
},
{
"name": "MDKSA-2006:074",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:074"
},
{
"name": "19832",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19832"
},
{
"name": "20060501-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
},
{
"name": "http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c",
"refsource": "CONFIRM",
"url": "http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c"
},
{
"name": "20052",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20052"
},
{
"name": "21564",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21564"
},
{
"name": "php-phpinfo-long-array-xss(25702)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25702"
},
{
"name": "ADV-2006-2685",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2685"
},
{
"name": "SUSE-SA:2006:024",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/05-05-2006.html"
},
{
"name": "[php-cvs] 20060330 cvs: php-src /ext/standard info.c",
"refsource": "MLIST",
"url": "http://marc.info/?l=php-cvs&m=114374620416389&w=2"
}
]
}
}

158
2006/1xxx/CVE-2006-1207.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1207",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP Upload Center stores password hashes under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for the upload/users/[USERNAME] file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060309 PHP Upload Center Download users password hashes And phpshell Upload",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/427215/100/0/threaded"
},
{
"name" : "http://biyosecurity.be/bugs/phpuploadcenter2.txt",
"refsource" : "MISC",
"url" : "http://biyosecurity.be/bugs/phpuploadcenter2.txt"
},
{
"name" : "http://www.blogcu.com/Liz0ziM/317250/",
"refsource" : "MISC",
"url" : "http://www.blogcu.com/Liz0ziM/317250/"
},
{
"name" : "http://www.scripts-by.net/PHP/File-Manipulation/php-upload-center.html",
"refsource" : "MISC",
"url" : "http://www.scripts-by.net/PHP/File-Manipulation/php-upload-center.html"
},
{
"name" : "23627",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23627"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP Upload Center stores password hashes under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for the upload/users/[USERNAME] file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.blogcu.com/Liz0ziM/317250/",
"refsource": "MISC",
"url": "http://www.blogcu.com/Liz0ziM/317250/"
},
{
"name": "20060309 PHP Upload Center Download users password hashes And phpshell Upload",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427215/100/0/threaded"
},
{
"name": "http://biyosecurity.be/bugs/phpuploadcenter2.txt",
"refsource": "MISC",
"url": "http://biyosecurity.be/bugs/phpuploadcenter2.txt"
},
{
"name": "23627",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23627"
},
{
"name": "http://www.scripts-by.net/PHP/File-Manipulation/php-upload-center.html",
"refsource": "MISC",
"url": "http://www.scripts-by.net/PHP/File-Manipulation/php-upload-center.html"
}
]
}
}

198
2006/1xxx/CVE-2006-1371.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1371",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using (1) manager.php, (2) standalonemanager.php, and (3) images.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://xhp.targetit.ro/index.php?page=3&box_id=34&action=show_single_entry&post_id=10",
"refsource" : "CONFIRM",
"url" : "http://xhp.targetit.ro/index.php?page=3&box_id=34&action=show_single_entry&post_id=10"
},
{
"name" : "20060324 XHP vendor ack/fix",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2006-March/000649.html"
},
{
"name" : "1605",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1605"
},
{
"name" : "17209",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17209"
},
{
"name" : "ADV-2006-1052",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1052"
},
{
"name" : "24058",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24058"
},
{
"name" : "24059",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24059"
},
{
"name" : "19353",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19353"
},
{
"name" : "xhpcms-filemanager-file-upload(25399)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25399"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using (1) manager.php, (2) standalonemanager.php, and (3) images.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19353",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19353"
},
{
"name": "24058",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24058"
},
{
"name": "http://xhp.targetit.ro/index.php?page=3&box_id=34&action=show_single_entry&post_id=10",
"refsource": "CONFIRM",
"url": "http://xhp.targetit.ro/index.php?page=3&box_id=34&action=show_single_entry&post_id=10"
},
{
"name": "17209",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17209"
},
{
"name": "ADV-2006-1052",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1052"
},
{
"name": "xhpcms-filemanager-file-upload(25399)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25399"
},
{
"name": "20060324 XHP vendor ack/fix",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-March/000649.html"
},
{
"name": "1605",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1605"
},
{
"name": "24059",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24059"
}
]
}
}

138
2006/1xxx/CVE-2006-1475.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1475",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Windows Firewall in Microsoft Windows XP SP2 does not produce application alerts when an application is executed using the NTFS Alternate Data Streams (ADS) filename:stream syntax, which might allow local users to launch a Trojan horse attack in which the victim does not obtain the alert that Windows Firewall would have produced for a non-ADS file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060324 Microsoft Windows XP SP2 Firewall issue",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/428970/100/0/threaded"
},
{
"name" : "20060327 Re: Microsoft Windows XP SP2 Firewall issue",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/429111/100/0/threaded"
},
{
"name" : "winxp-firewall-ads-bypass(25597)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25597"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Windows Firewall in Microsoft Windows XP SP2 does not produce application alerts when an application is executed using the NTFS Alternate Data Streams (ADS) filename:stream syntax, which might allow local users to launch a Trojan horse attack in which the victim does not obtain the alert that Windows Firewall would have produced for a non-ADS file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060324 Microsoft Windows XP SP2 Firewall issue",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/428970/100/0/threaded"
},
{
"name": "winxp-firewall-ads-bypass(25597)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25597"
},
{
"name": "20060327 Re: Microsoft Windows XP SP2 Firewall issue",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/429111/100/0/threaded"
}
]
}
}

158
2006/4xxx/CVE-2006-4360.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4360",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal before file.module 1.37.2.4 (20060812) allows remote authenticated users with the \"create products\" permission to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/80084",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/80084"
},
{
"name" : "19675",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19675"
},
{
"name" : "ADV-2006-3364",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3364"
},
{
"name" : "21604",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21604"
},
{
"name" : "ecommerce-unspecified-xss(28528)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28528"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal before file.module 1.37.2.4 (20060812) allows remote authenticated users with the \"create products\" permission to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21604",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21604"
},
{
"name": "http://drupal.org/node/80084",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/80084"
},
{
"name": "ADV-2006-3364",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3364"
},
{
"name": "19675",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19675"
},
{
"name": "ecommerce-unspecified-xss(28528)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28528"
}
]
}
}

138
2006/4xxx/CVE-2006-4556.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4556",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** PHP remote file inclusion vulnerability in index.php in the JIM component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has stated that the product distribution does not include an index.php file. Also, this might be related to CVE-2006-4242."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060817 Joomla RFİ ( ERNE )",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/443674/100/100/threaded"
},
{
"name" : "20060823 Re: Joomla RFİ ( ERNE )",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/444216/100/100/threaded"
},
{
"name" : "28097",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28097"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** PHP remote file inclusion vulnerability in index.php in the JIM component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has stated that the product distribution does not include an index.php file. Also, this might be related to CVE-2006-4242."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060823 Re: Joomla RFİ ( ERNE )",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444216/100/100/threaded"
},
{
"name": "20060817 Joomla RFİ ( ERNE )",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443674/100/100/threaded"
},
{
"name": "28097",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28097"
}
]
}
}

168
2006/4xxx/CVE-2006-4845.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4845",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in includes/footer.html.inc.php in TeamCal Pro 2.8.001 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tc_config[app_root] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2368",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2368"
},
{
"name" : "20030",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20030"
},
{
"name" : "20036",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20036"
},
{
"name" : "ADV-2006-3630",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3630"
},
{
"name" : "21933",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21933"
},
{
"name" : "teamcal-pro-footer-file-include(28956)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28956"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in includes/footer.html.inc.php in TeamCal Pro 2.8.001 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tc_config[app_root] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "teamcal-pro-footer-file-include(28956)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28956"
},
{
"name": "ADV-2006-3630",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3630"
},
{
"name": "20036",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20036"
},
{
"name": "2368",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2368"
},
{
"name": "21933",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21933"
},
{
"name": "20030",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20030"
}
]
}
}

32
2006/5xxx/CVE-2006-5470.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5470",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-5740. Reason: This candidate is a duplicate of CVE-2006-5740 due to a typo. Notes: All CVE users should reference CVE-2006-5740 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2006-5470",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-5740. Reason: This candidate is a duplicate of CVE-2006-5740 due to a typo. Notes: All CVE users should reference CVE-2006-5740 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

138
2006/5xxx/CVE-2006-5550.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5550",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause a denial of service via unspecified vectors involving certain ioctl requests to /dev/crypto."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://elegerov.blogspot.com/2006/10/here-is-lame-proof-of-concept-code-for.html",
"refsource" : "MISC",
"url" : "http://elegerov.blogspot.com/2006/10/here-is-lame-proof-of-concept-code-for.html"
},
{
"name" : "20713",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20713"
},
{
"name" : "22543",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22543"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause a denial of service via unspecified vectors involving certain ioctl requests to /dev/crypto."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20713",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20713"
},
{
"name": "http://elegerov.blogspot.com/2006/10/here-is-lame-proof-of-concept-code-for.html",
"refsource": "MISC",
"url": "http://elegerov.blogspot.com/2006/10/here-is-lame-proof-of-concept-code-for.html"
},
{
"name": "22543",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22543"
}
]
}
}

198
2006/5xxx/CVE-2006-5822.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5822",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long CONNECT_OPTIONS request, a different issue than CVE-2006-6222."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5822",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061213 ZDI-06-050: Symantec Veritas NetBackup CONNECT_OPTIONS Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/454314/100/0/threaded"
},
{
"name" : "http://www.symantec.com/avcenter/security/Content/2006.12.13a.html",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/avcenter/security/Content/2006.12.13a.html"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-06-050.html",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-06-050.html"
},
{
"name" : "VU#650432",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/650432"
},
{
"name" : "21565",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21565"
},
{
"name" : "ADV-2006-4999",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4999"
},
{
"name" : "1017379",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017379"
},
{
"name" : "23368",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23368"
},
{
"name" : "netbackup-connect-options-bo(30883)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30883"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long CONNECT_OPTIONS request, a different issue than CVE-2006-6222."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-06-050.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-050.html"
},
{
"name": "20061213 ZDI-06-050: Symantec Veritas NetBackup CONNECT_OPTIONS Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454314/100/0/threaded"
},
{
"name": "23368",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23368"
},
{
"name": "netbackup-connect-options-bo(30883)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30883"
},
{
"name": "1017379",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017379"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2006.12.13a.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2006.12.13a.html"
},
{
"name": "21565",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21565"
},
{
"name": "VU#650432",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/650432"
},
{
"name": "ADV-2006-4999",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4999"
}
]
}
}

188
2006/5xxx/CVE-2006-5883.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5883",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user and (3) dir parameters in (b) newuser.html."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5883",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061112 CPanel Multiple Cross Site Scription",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/451374/100/0/threaded"
},
{
"name" : "http://aria-security.net/advisory/cpanel.txt",
"refsource" : "MISC",
"url" : "http://aria-security.net/advisory/cpanel.txt"
},
{
"name" : "21027",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21027"
},
{
"name" : "ADV-2006-4500",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4500"
},
{
"name" : "30386",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/30386"
},
{
"name" : "30387",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/30387"
},
{
"name" : "22825",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22825"
},
{
"name" : "1847",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1847"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user and (3) dir parameters in (b) newuser.html."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061112 CPanel Multiple Cross Site Scription",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451374/100/0/threaded"
},
{
"name": "30387",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30387"
},
{
"name": "ADV-2006-4500",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4500"
},
{
"name": "http://aria-security.net/advisory/cpanel.txt",
"refsource": "MISC",
"url": "http://aria-security.net/advisory/cpanel.txt"
},
{
"name": "30386",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30386"
},
{
"name": "22825",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22825"
},
{
"name": "21027",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21027"
},
{
"name": "1847",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1847"
}
]
}
}

158
2010/0xxx/CVE-2010-0237.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0237",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka \"Windows Kernel Symbolic Link Creation Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-0237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS10-021",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-021"
},
{
"name" : "TA10-103A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-103A.html"
},
{
"name" : "oval:org.mitre.oval:def:7130",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7130"
},
{
"name" : "1023850",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023850"
},
{
"name" : "39373",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39373"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka \"Windows Kernel Symbolic Link Creation Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:7130",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7130"
},
{
"name": "MS10-021",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-021"
},
{
"name": "TA10-103A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-103A.html"
},
{
"name": "39373",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39373"
},
{
"name": "1023850",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023850"
}
]
}
}

148
2010/0xxx/CVE-2010-0715.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0715",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the query string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100225 Hacktics Advisory Feb10: XSS in IBM WebSphere Portal & Lotus WCM",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/509744/100/0/threaded"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21421469",
"refsource" : "MISC",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21421469"
},
{
"name" : "http://www.hacktics.com/content/advisories/AdvIBM20100224.html",
"refsource" : "MISC",
"url" : "http://www.hacktics.com/content/advisories/AdvIBM20100224.html"
},
{
"name" : "ibm-login-phishing(56602)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56602"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the query string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.hacktics.com/content/advisories/AdvIBM20100224.html",
"refsource": "MISC",
"url": "http://www.hacktics.com/content/advisories/AdvIBM20100224.html"
},
{
"name": "ibm-login-phishing(56602)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56602"
},
{
"name": "20100225 Hacktics Advisory Feb10: XSS in IBM WebSphere Portal & Lotus WCM",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509744/100/0/threaded"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21421469",
"refsource": "MISC",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421469"
}
]
}
}

218
2010/2xxx/CVE-2010-2239.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2239",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://libvirt.org/news.html",
"refsource" : "MISC",
"url" : "http://libvirt.org/news.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=607812",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=607812"
},
{
"name" : "FEDORA-2010-10960",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html"
},
{
"name" : "FEDORA-2010-11021",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html"
},
{
"name" : "RHSA-2010:0615",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0615.html"
},
{
"name" : "SUSE-SR:2010:017",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name" : "USN-1008-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-1008-1"
},
{
"name" : "USN-1008-2",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-1008-2"
},
{
"name" : "USN-1008-3",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-1008-3"
},
{
"name" : "ADV-2010-2062",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2062"
},
{
"name" : "ADV-2010-2763",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2763"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-2062",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2062"
},
{
"name": "FEDORA-2010-10960",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044520.html"
},
{
"name": "USN-1008-2",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1008-2"
},
{
"name": "FEDORA-2010-11021",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044579.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=607812",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=607812"
},
{
"name": "RHSA-2010:0615",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0615.html"
},
{
"name": "http://libvirt.org/news.html",
"refsource": "MISC",
"url": "http://libvirt.org/news.html"
},
{
"name": "USN-1008-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1008-1"
},
{
"name": "SUSE-SR:2010:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "USN-1008-3",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1008-3"
},
{
"name": "ADV-2010-2763",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2763"
}
]
}
}

128
2010/2xxx/CVE-2010-2270.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2270",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Accoria Web Server (aka Rock Web Server) 1.4.7 uses a predictable httpmod-sessionid cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf",
"refsource" : "MISC",
"url" : "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
},
{
"name" : "VU#245081",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/245081"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Accoria Web Server (aka Rock Web Server) 1.4.7 uses a predictable httpmod-sessionid cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf",
"refsource": "MISC",
"url": "http://www.ioactive.com/pdfs/AccoriaWebServer.pdf"
},
{
"name": "VU#245081",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/245081"
}
]
}
}

138
2010/2xxx/CVE-2010-2566.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2566",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka \"SChannel Malformed Certificate Request Remote Code Execution Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-2566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS10-049",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049"
},
{
"name" : "TA10-222A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"name" : "oval:org.mitre.oval:def:11787",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11787"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka \"SChannel Malformed Certificate Request Remote Code Execution Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA10-222A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
},
{
"name": "oval:org.mitre.oval:def:11787",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11787"
},
{
"name": "MS10-049",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049"
}
]
}
}

198
2010/3xxx/CVE-2010-3040.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3040",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent Contact Manager (ICM) before 7.0 allow remote attackers to execute arbitrary code via a long parameter in a (1) HandleUpgradeAll, (2) AgentUpgrade, (3) HandleQueryNodeInfoReq, or (4) HandleUpgradeTrace TCP packet, aka Bug IDs CSCti45698, CSCti45715, CSCti45726, and CSCti46164."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-3040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-232/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-232/"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-233/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-233/"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-234/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-234/"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-235/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-235/"
},
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=21726",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=21726"
},
{
"name" : "44699",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44699"
},
{
"name" : "1024693",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024693"
},
{
"name" : "42146",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42146"
},
{
"name" : "ADV-2010-2914",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2914"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent Contact Manager (ICM) before 7.0 allow remote attackers to execute arbitrary code via a long parameter in a (1) HandleUpgradeAll, (2) AgentUpgrade, (3) HandleQueryNodeInfoReq, or (4) HandleUpgradeTrace TCP packet, aka Bug IDs CSCti45698, CSCti45715, CSCti45726, and CSCti46164."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-233/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-233/"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-234/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-234/"
},
{
"name": "1024693",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024693"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=21726",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=21726"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-232/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-232/"
},
{
"name": "ADV-2010-2914",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2914"
},
{
"name": "42146",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42146"
},
{
"name": "44699",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44699"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-235/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-235/"
}
]
}
}

158
2010/3xxx/CVE-2010-3127.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3127",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or Wintab32.dll that is located in the same folder as a PSD or other file that is processed by PhotoShop. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14741",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14741"
},
{
"name" : "http://blog.zoller.lu/2010/08/cve-2010-xn-loadlibrarygetprocaddress.html",
"refsource" : "MISC",
"url" : "http://blog.zoller.lu/2010/08/cve-2010-xn-loadlibrarygetprocaddress.html"
},
{
"name" : "oval:org.mitre.oval:def:6778",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6778"
},
{
"name" : "41060",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41060"
},
{
"name" : "ADV-2010-2170",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2170"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or Wintab32.dll that is located in the same folder as a PSD or other file that is processed by PhotoShop. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14741",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14741"
},
{
"name": "41060",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41060"
},
{
"name": "http://blog.zoller.lu/2010/08/cve-2010-xn-loadlibrarygetprocaddress.html",
"refsource": "MISC",
"url": "http://blog.zoller.lu/2010/08/cve-2010-xn-loadlibrarygetprocaddress.html"
},
{
"name": "ADV-2010-2170",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2170"
},
{
"name": "oval:org.mitre.oval:def:6778",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6778"
}
]
}
}

168
2010/3xxx/CVE-2010-3357.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3357",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "gnome-subtitles 1.0 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598289",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598289"
},
{
"name" : "http://git.gnome.org/browse/gnome-subtitles/commit/?id=44370dc2a87f7fa0d6c9730979514bd407a37c65",
"refsource" : "CONFIRM",
"url" : "http://git.gnome.org/browse/gnome-subtitles/commit/?id=44370dc2a87f7fa0d6c9730979514bd407a37c65"
},
{
"name" : "FEDORA-2010-15628",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049184.html"
},
{
"name" : "FEDORA-2010-15711",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049288.html"
},
{
"name" : "FEDORA-2010-15717",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049275.html"
},
{
"name" : "41807",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41807"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gnome-subtitles 1.0 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2010-15628",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049184.html"
},
{
"name": "http://git.gnome.org/browse/gnome-subtitles/commit/?id=44370dc2a87f7fa0d6c9730979514bd407a37c65",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/gnome-subtitles/commit/?id=44370dc2a87f7fa0d6c9730979514bd407a37c65"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598289",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598289"
},
{
"name": "FEDORA-2010-15717",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049275.html"
},
{
"name": "41807",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41807"
},
{
"name": "FEDORA-2010-15711",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049288.html"
}
]
}
}

118
2010/3xxx/CVE-2010-3385.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3385",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TuxGuitar 1.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598307",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598307"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TuxGuitar 1.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598307",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598307"
}
]
}
}

198
2010/3xxx/CVE-2010-3712.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3712",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.21 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving \"multiple encoded entities,\" as demonstrated by the query string to index.php in the com_weblinks or com_content component."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20101011 CVE request: joomla before 1.5.21 XSS",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/10/08/4"
},
{
"name" : "[oss-security] 20101011 Re: CVE request: joomla before 1.5.21 XSS",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/10/11/4"
},
{
"name" : "[oss-security] 20110314 CVE Request: Joomla! 1.6.0 | Cross Site Scripting (XSS) Vulnerability",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/03/13/8"
},
{
"name" : "[oss-security] 20110314 Re: CVE Request: Joomla! 1.6.0 | Cross Site Scripting (XSS) Vulnerability",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/03/14/22"
},
{
"name" : "[oss-security] 20110318 CVE Request: Joomla! 1.5.20 <= Cross Site Scripting (XSS) Vulnerability",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/03/18/5"
},
{
"name" : "[oss-security] 20110318 Re: CVE Request: Joomla! 1.6.0 | Cross Site Scripting (XSS) Vulnerability",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/03/18/3"
},
{
"name" : "http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.5.20%5D_cross_site_scripting(XSS)",
"refsource" : "MISC",
"url" : "http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.5.20%5D_cross_site_scripting(XSS)"
},
{
"name" : "http://developer.joomla.org/security/news/9-security/10-core-security/322-20101001-core-xss-vulnerabilities",
"refsource" : "CONFIRM",
"url" : "http://developer.joomla.org/security/news/9-security/10-core-security/322-20101001-core-xss-vulnerabilities"
},
{
"name" : "http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_id=32&tracker_item_id=22767",
"refsource" : "CONFIRM",
"url" : "http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_id=32&tracker_item_id=22767"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.21 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving \"multiple encoded entities,\" as demonstrated by the query string to index.php in the com_weblinks or com_content component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_id=32&tracker_item_id=22767",
"refsource": "CONFIRM",
"url": "http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_id=32&tracker_item_id=22767"
},
{
"name": "[oss-security] 20110318 CVE Request: Joomla! 1.5.20 <= Cross Site Scripting (XSS) Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/18/5"
},
{
"name": "[oss-security] 20101011 CVE request: joomla before 1.5.21 XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/10/08/4"
},
{
"name": "http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.5.20%5D_cross_site_scripting(XSS)",
"refsource": "MISC",
"url": "http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.5.20%5D_cross_site_scripting(XSS)"
},
{
"name": "[oss-security] 20110318 Re: CVE Request: Joomla! 1.6.0 | Cross Site Scripting (XSS) Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/18/3"
},
{
"name": "http://developer.joomla.org/security/news/9-security/10-core-security/322-20101001-core-xss-vulnerabilities",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/9-security/10-core-security/322-20101001-core-xss-vulnerabilities"
},
{
"name": "[oss-security] 20110314 CVE Request: Joomla! 1.6.0 | Cross Site Scripting (XSS) Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/13/8"
},
{
"name": "[oss-security] 20110314 Re: CVE Request: Joomla! 1.6.0 | Cross Site Scripting (XSS) Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/14/22"
},
{
"name": "[oss-security] 20101011 Re: CVE request: joomla before 1.5.21 XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/10/11/4"
}
]
}
}

448
2010/3xxx/CVE-2010-3870.json
View File

@ -1,227 +1,227 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3870",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20101102 Re: utf-8 security issue in php",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/11/02/2"
},
{
"name" : "[oss-security] 20101102 Re: utf-8 security issue in php",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/11/02/4"
},
{
"name" : "[oss-security] 20101102 Re: utf-8 security issue in php",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/11/02/6"
},
{
"name" : "[oss-security] 20101102 Re: utf-8 security issue in php",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/11/02/8"
},
{
"name" : "[oss-security] 20101102 Re: utf-8 security issue in php",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/11/02/11"
},
{
"name" : "[oss-security] 20101102 utf-8 security issue in php",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/11/02/1"
},
{
"name" : "[oss-security] 20101103 Re: utf-8 security issue in php",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/11/03/1"
},
{
"name" : "http://bugs.php.net/bug.php?id=48230",
"refsource" : "MISC",
"url" : "http://bugs.php.net/bug.php?id=48230"
},
{
"name" : "http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.html",
"refsource" : "MISC",
"url" : "http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.html"
},
{
"name" : "http://us2.php.net/manual/en/function.utf8-decode.php#83935",
"refsource" : "MISC",
"url" : "http://us2.php.net/manual/en/function.utf8-decode.php#83935"
},
{
"name" : "http://www.acunetix.com/blog/web-security-articles/security-risks-associated-with-utf8_decode/",
"refsource" : "MISC",
"url" : "http://www.acunetix.com/blog/web-security-articles/security-risks-associated-with-utf8_decode/"
},
{
"name" : "http://www.blackhat.com/presentations/bh-usa-09/VELANAVA/BHUSA09-VelaNava-FavoriteXSS-SLIDES.pdf",
"refsource" : "MISC",
"url" : "http://www.blackhat.com/presentations/bh-usa-09/VELANAVA/BHUSA09-VelaNava-FavoriteXSS-SLIDES.pdf"
},
{
"name" : "http://bugs.php.net/bug.php?id=49687",
"refsource" : "CONFIRM",
"url" : "http://bugs.php.net/bug.php?id=49687"
},
{
"name" : "http://svn.php.net/viewvc?view=revision&revision=304959",
"refsource" : "CONFIRM",
"url" : "http://svn.php.net/viewvc?view=revision&revision=304959"
},
{
"name" : "http://www.php.net/ChangeLog-5.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/ChangeLog-5.php"
},
{
"name" : "http://support.apple.com/kb/HT4581",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4581"
},
{
"name" : "APPLE-SA-2011-03-21-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name" : "FEDORA-2010-18976",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html"
},
{
"name" : "FEDORA-2010-19011",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html"
},
{
"name" : "HPSBOV02763",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133469208622507&w=2"
},
{
"name" : "SSRT100826",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133469208622507&w=2"
},
{
"name" : "MDVSA-2010:224",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/en/security/advisories?name=MDVSA-2010:224"
},
{
"name" : "RHSA-2010:0919",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0919.html"
},
{
"name" : "RHSA-2011:0195",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0195.html"
},
{
"name" : "SUSE-SR:2010:023",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
},
{
"name" : "USN-1042-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1042-1"
},
{
"name" : "44605",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44605"
},
{
"name" : "1024797",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024797"
},
{
"name" : "42410",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42410"
},
{
"name" : "42812",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42812"
},
{
"name" : "ADV-2010-3081",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3081"
},
{
"name" : "ADV-2011-0020",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0020"
},
{
"name" : "ADV-2011-0021",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0021"
},
{
"name" : "ADV-2011-0077",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0077"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20101102 Re: utf-8 security issue in php",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/11/02/11"
},
{
"name": "ADV-2011-0077",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0077"
},
{
"name": "FEDORA-2010-19011",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html"
},
{
"name": "42812",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42812"
},
{
"name": "HPSBOV02763",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2"
},
{
"name": "[oss-security] 20101102 Re: utf-8 security issue in php",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/11/02/2"
},
{
"name": "RHSA-2011:0195",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0195.html"
},
{
"name": "[oss-security] 20101102 Re: utf-8 security issue in php",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/11/02/4"
},
{
"name": "1024797",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024797"
},
{
"name": "SUSE-SR:2010:023",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
},
{
"name": "http://bugs.php.net/bug.php?id=49687",
"refsource": "CONFIRM",
"url": "http://bugs.php.net/bug.php?id=49687"
},
{
"name": "http://www.blackhat.com/presentations/bh-usa-09/VELANAVA/BHUSA09-VelaNava-FavoriteXSS-SLIDES.pdf",
"refsource": "MISC",
"url": "http://www.blackhat.com/presentations/bh-usa-09/VELANAVA/BHUSA09-VelaNava-FavoriteXSS-SLIDES.pdf"
},
{
"name": "APPLE-SA-2011-03-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name": "USN-1042-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1042-1"
},
{
"name": "[oss-security] 20101102 Re: utf-8 security issue in php",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/11/02/6"
},
{
"name": "RHSA-2010:0919",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0919.html"
},
{
"name": "http://bugs.php.net/bug.php?id=48230",
"refsource": "MISC",
"url": "http://bugs.php.net/bug.php?id=48230"
},
{
"name": "ADV-2011-0021",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0021"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.html",
"refsource": "MISC",
"url": "http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.html"
},
{
"name": "SSRT100826",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2"
},
{
"name": "[oss-security] 20101102 utf-8 security issue in php",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/11/02/1"
},
{
"name": "42410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42410"
},
{
"name": "MDVSA-2010:224",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2010:224"
},
{
"name": "FEDORA-2010-18976",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html"
},
{
"name": "[oss-security] 20101103 Re: utf-8 security issue in php",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/11/03/1"
},
{
"name": "http://svn.php.net/viewvc?view=revision&revision=304959",
"refsource": "CONFIRM",
"url": "http://svn.php.net/viewvc?view=revision&revision=304959"
},
{
"name": "ADV-2011-0020",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0020"
},
{
"name": "[oss-security] 20101102 Re: utf-8 security issue in php",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/11/02/8"
},
{
"name": "44605",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44605"
},
{
"name": "http://us2.php.net/manual/en/function.utf8-decode.php#83935",
"refsource": "MISC",
"url": "http://us2.php.net/manual/en/function.utf8-decode.php#83935"
},
{
"name": "http://www.acunetix.com/blog/web-security-articles/security-risks-associated-with-utf8_decode/",
"refsource": "MISC",
"url": "http://www.acunetix.com/blog/web-security-articles/security-risks-associated-with-utf8_decode/"
},
{
"name": "ADV-2010-3081",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3081"
},
{
"name": "http://support.apple.com/kb/HT4581",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4581"
}
]
}
}

32
2010/4xxx/CVE-2010-4131.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4131",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2010-4131",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}

138
2010/4xxx/CVE-2010-4305.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4305",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit (MCU) improperly use cookies for web-interface credentials, which allows remote attackers to obtain sensitive information by reading a (1) cleartext or (2) base64-encoded cleartext cookie, aka Bug ID CSCti54052."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101117 Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2010/Nov/167"
},
{
"name" : "http://www.trustmatta.com/advisories/MATTA-2010-001.txt",
"refsource" : "MISC",
"url" : "http://www.trustmatta.com/advisories/MATTA-2010-001.txt"
},
{
"name" : "20101117 Multiple Vulnerabilities in Cisco Unified Videoconferencing Products",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_response09186a0080b56d0d.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit (MCU) improperly use cookies for web-interface credentials, which allows remote attackers to obtain sensitive information by reading a (1) cleartext or (2) base64-encoded cleartext cookie, aka Bug ID CSCti54052."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.trustmatta.com/advisories/MATTA-2010-001.txt",
"refsource": "MISC",
"url": "http://www.trustmatta.com/advisories/MATTA-2010-001.txt"
},
{
"name": "20101117 Multiple Vulnerabilities in Cisco Unified Videoconferencing Products",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080b56d0d.html"
},
{
"name": "20101117 Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2010/Nov/167"
}
]
}
}

188
2010/4xxx/CVE-2010-4656.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4656",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Linux kernel before 2.6.37 does not properly allocate memory, which might allow local users to trigger a heap-based buffer overflow, and consequently cause a denial of service or gain privileges, via a long report."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110124 CVE request: linux kernel heap issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/01/24/9"
},
{
"name" : "[oss-security] 20110124 Re: CVE request: linux kernel heap issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/01/25/3"
},
{
"name" : "[oss-security] 20110125 Re: CVE request: linux kernel heap issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/01/25/4"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3ed780117dbe5acb64280d218f0347f238dafed0",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3ed780117dbe5acb64280d218f0347f238dafed0"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=672420",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=672420"
},
{
"name" : "USN-1146-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1146-1"
},
{
"name" : "46069",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46069"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Linux kernel before 2.6.37 does not properly allocate memory, which might allow local users to trigger a heap-based buffer overflow, and consequently cause a denial of service or gain privileges, via a long report."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1146-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1146-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=672420",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=672420"
},
{
"name": "[oss-security] 20110124 CVE request: linux kernel heap issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/01/24/9"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3ed780117dbe5acb64280d218f0347f238dafed0",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3ed780117dbe5acb64280d218f0347f238dafed0"
},
{
"name": "[oss-security] 20110125 Re: CVE request: linux kernel heap issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/01/25/4"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.37"
},
{
"name": "[oss-security] 20110124 Re: CVE request: linux kernel heap issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/01/25/3"
},
{
"name": "46069",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46069"
}
]
}
}

118
2010/4xxx/CVE-2010-4879.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4879",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in dompdf.php in dompdf 0.6.0 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the input_file parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4879",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14851",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14851"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in dompdf.php in dompdf 0.6.0 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the input_file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14851",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14851"
}
]
}
}

138
2010/4xxx/CVE-2010-4975.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4975",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Techjoomla SocialAds For JomSocial (com_socialads) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the ads description field in a showad action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4975",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14196",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14196"
},
{
"name" : "41354",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41354"
},
{
"name" : "socialadsforjomsocial-index-xss(60067)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60067"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Techjoomla SocialAds For JomSocial (com_socialads) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the ads description field in a showad action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14196",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14196"
},
{
"name": "socialadsforjomsocial-index-xss(60067)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60067"
},
{
"name": "41354",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41354"
}
]
}
}

208
2011/5xxx/CVE-2011-5165.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5165",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wav file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "11975",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/11975"
},
{
"name" : "11976",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/11976"
},
{
"name" : "17727",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/17727"
},
{
"name" : "18142",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18142"
},
{
"name" : "36826",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/36826/"
},
{
"name" : "36465",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/36465/"
},
{
"name" : "36827",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/36827/"
},
{
"name" : "39672",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39672"
},
{
"name" : "63349",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/63349"
},
{
"name" : "39193",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39193"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wav file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36465",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/36465/"
},
{
"name": "39193",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39193"
},
{
"name": "17727",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17727"
},
{
"name": "39672",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39672"
},
{
"name": "63349",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/63349"
},
{
"name": "18142",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18142"
},
{
"name": "11976",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11976"
},
{
"name": "11975",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11975"
},
{
"name": "36826",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/36826/"
},
{
"name": "36827",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/36827/"
}
]
}
}

168
2014/3xxx/CVE-2014-3372.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3372",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36292",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36292"
},
{
"name" : "20141030 Cisco Unified Communications Manager Reports Interface Reflected Cross-Site Scripting Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3372"
},
{
"name" : "70846",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70846"
},
{
"name" : "1031159",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031159"
},
{
"name" : "61003",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61003"
},
{
"name" : "cisco-ucm-cve20143372-xss(98404)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98404"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141030 Cisco Unified Communications Manager Reports Interface Reflected Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3372"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36292",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36292"
},
{
"name": "1031159",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031159"
},
{
"name": "61003",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61003"
},
{
"name": "cisco-ucm-cve20143372-xss(98404)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98404"
},
{
"name": "70846",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70846"
}
]
}
}

118
2014/4xxx/CVE-2014-4565.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4565",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in vcc.js.php in the Verification Code for Comments plugin 2.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) vp, (2) vs, (3) l, (4) vu, or (5) vm parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://codevigilant.com/disclosure/wp-plugin-verification-code-for-comments-a3-cross-site-scripting-xss",
"refsource" : "MISC",
"url" : "http://codevigilant.com/disclosure/wp-plugin-verification-code-for-comments-a3-cross-site-scripting-xss"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in vcc.js.php in the Verification Code for Comments plugin 2.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) vp, (2) vs, (3) l, (4) vu, or (5) vm parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://codevigilant.com/disclosure/wp-plugin-verification-code-for-comments-a3-cross-site-scripting-xss",
"refsource": "MISC",
"url": "http://codevigilant.com/disclosure/wp-plugin-verification-code-for-comments-a3-cross-site-scripting-xss"
}
]
}
}

32
2014/8xxx/CVE-2014-8717.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8717",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8717",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2014/8xxx/CVE-2014-8843.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8843",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-8843",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

32
2014/8xxx/CVE-2014-8932.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8932",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-8932",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

32
2014/8xxx/CVE-2014-8937.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8937",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8937",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

128
2014/9xxx/CVE-2014-9358.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9358",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) \"docker load\" operation or (2) \"registry communications.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141212 Docker 1.3.3 - Security Advisory [11 Dec 2014]",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534215/100/0/threaded"
},
{
"name" : "https://groups.google.com/forum/#!msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ",
"refsource" : "CONFIRM",
"url" : "https://groups.google.com/forum/#!msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) \"docker load\" operation or (2) \"registry communications.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/forum/#!msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ"
},
{
"name": "20141212 Docker 1.3.3 - Security Advisory [11 Dec 2014]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534215/100/0/threaded"
}
]
}
}

158
2014/9xxx/CVE-2014-9649.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9649",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2014-9649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150121 CVE Request: XSS and response-splitting bugs in rabbitmq management plugin",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/01/21/13"
},
{
"name" : "http://www.rabbitmq.com/release-notes/README-3.4.1.txt",
"refsource" : "CONFIRM",
"url" : "http://www.rabbitmq.com/release-notes/README-3.4.1.txt"
},
{
"name" : "https://groups.google.com/forum/#!topic/rabbitmq-users/-3Z2FyGtXhs",
"refsource" : "CONFIRM",
"url" : "https://groups.google.com/forum/#!topic/rabbitmq-users/-3Z2FyGtXhs"
},
{
"name" : "RHSA-2016:0308",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0308.html"
},
{
"name" : "76084",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76084"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:0308",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0308.html"
},
{
"name": "76084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76084"
},
{
"name": "https://groups.google.com/forum/#!topic/rabbitmq-users/-3Z2FyGtXhs",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/rabbitmq-users/-3Z2FyGtXhs"
},
{
"name": "http://www.rabbitmq.com/release-notes/README-3.4.1.txt",
"refsource": "CONFIRM",
"url": "http://www.rabbitmq.com/release-notes/README-3.4.1.txt"
},
{
"name": "[oss-security] 20150121 CVE Request: XSS and response-splitting bugs in rabbitmq management plugin",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/21/13"
}
]
}
}

248
2014/9xxx/CVE-2014-9670.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9670",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/google-security-research/issues/detail?id=158",
"refsource" : "MISC",
"url" : "http://code.google.com/p/google-security-research/issues/detail?id=158"
},
{
"name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=ef1eba75187adfac750f326b563fe543dd5ff4e6",
"refsource" : "CONFIRM",
"url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=ef1eba75187adfac750f326b563fe543dd5ff4e6"
},
{
"name" : "http://advisories.mageia.org/MGASA-2015-0083.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2015-0083.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name" : "DSA-3188",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3188"
},
{
"name" : "FEDORA-2015-2216",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html"
},
{
"name" : "FEDORA-2015-2237",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html"
},
{
"name" : "GLSA-201503-05",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201503-05"
},
{
"name" : "MDVSA-2015:055",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:055"
},
{
"name" : "RHSA-2015:0696",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0696.html"
},
{
"name" : "openSUSE-SU-2015:0627",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html"
},
{
"name" : "USN-2510-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2510-1"
},
{
"name" : "USN-2739-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2739-1"
},
{
"name" : "72986",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72986"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/google-security-research/issues/detail?id=158",
"refsource": "MISC",
"url": "http://code.google.com/p/google-security-research/issues/detail?id=158"
},
{
"name": "DSA-3188",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3188"
},
{
"name": "GLSA-201503-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-05"
},
{
"name": "72986",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72986"
},
{
"name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=ef1eba75187adfac750f326b563fe543dd5ff4e6",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=ef1eba75187adfac750f326b563fe543dd5ff4e6"
},
{
"name": "USN-2739-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2739-1"
},
{
"name": "openSUSE-SU-2015:0627",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0083.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0083.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "RHSA-2015:0696",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0696.html"
},
{
"name": "FEDORA-2015-2216",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html"
},
{
"name": "MDVSA-2015:055",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:055"
},
{
"name": "USN-2510-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2510-1"
},
{
"name": "FEDORA-2015-2237",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html"
}
]
}
}

148
2014/9xxx/CVE-2014-9783.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9783",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate certain values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28441831 and Qualcomm internal bug CR511382."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2014-9783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=a7502f4f801bb95bff73617309835bb7a016cde5",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=a7502f4f801bb95bff73617309835bb7a016cde5"
},
{
"name" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=2b1050b49a9a5f7bb57006648d145e001a3eaa8b",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=2b1050b49a9a5f7bb57006648d145e001a3eaa8b"
},
{
"name" : "91628",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91628"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate certain values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28441831 and Qualcomm internal bug CR511382."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=2b1050b49a9a5f7bb57006648d145e001a3eaa8b",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=2b1050b49a9a5f7bb57006648d145e001a3eaa8b"
},
{
"name": "91628",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91628"
},
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=a7502f4f801bb95bff73617309835bb7a016cde5",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=a7502f4f801bb95bff73617309835bb7a016cde5"
},
{
"name": "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
}
]
}
}

138
2014/9xxx/CVE-2014-9784.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9784",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in drivers/char/diag/diag_debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28442449 and Qualcomm internal bug CR585147."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2014-9784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-07-01.html"
},
{
"name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=36503d639cedcc73880974ed92132247576e72ba",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=36503d639cedcc73880974ed92132247576e72ba"
},
{
"name" : "91628",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91628"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in drivers/char/diag/diag_debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28442449 and Qualcomm internal bug CR585147."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=36503d639cedcc73880974ed92132247576e72ba",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=36503d639cedcc73880974ed92132247576e72ba"
},
{
"name": "91628",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91628"
},
{
"name": "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
}
]
}
}

148
2014/9xxx/CVE-2014-9882.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9882",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28769546 and Qualcomm internal bug CR552329."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2014-9882",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=0f6afe815b1b3f920f3502be654c848bdfe5ef38",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=0f6afe815b1b3f920f3502be654c848bdfe5ef38"
},
{
"name" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=3a4ebaac557a9e3fbcbab4561650abac8298a4d9",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=3a4ebaac557a9e3fbcbab4561650abac8298a4d9"
},
{
"name" : "92219",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92219"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28769546 and Qualcomm internal bug CR552329."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=0f6afe815b1b3f920f3502be654c848bdfe5ef38",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=0f6afe815b1b3f920f3502be654c848bdfe5ef38"
},
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=3a4ebaac557a9e3fbcbab4561650abac8298a4d9",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=3a4ebaac557a9e3fbcbab4561650abac8298a4d9"
},
{
"name": "92219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92219"
}
]
}
}

32
2016/2xxx/CVE-2016-2131.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2131",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2131",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

128
2016/2xxx/CVE-2016-2499.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2499",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AudioSource.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not initialize certain data, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 27855172."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-2499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-06-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-06-01.html"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/av/+/dd3546765710ce8dd49eb23901d90345dec8282f",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/av/+/dd3546765710ce8dd49eb23901d90345dec8282f"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AudioSource.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not initialize certain data, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 27855172."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/dd3546765710ce8dd49eb23901d90345dec8282f",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/dd3546765710ce8dd49eb23901d90345dec8282f"
},
{
"name": "http://source.android.com/security/bulletin/2016-06-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-06-01.html"
}
]
}
}

32
2016/2xxx/CVE-2016-2919.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2919",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2919",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

164
2016/2xxx/CVE-2016-2967.json
View File

@ -1,85 +1,85 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-08-25T00:00:00",
"ID" : "CVE-2016-2967",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Sametime",
"version" : {
"version_data" : [
{
"version_value" : "8.5.2"
},
{
"version_value" : "8.5.2.1"
},
{
"version_value" : "9.0"
},
{
"version_value" : "9.0.0.1"
},
{
"version_value" : "9.0.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Sametime away message altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113848."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-25T00:00:00",
"ID": "CVE-2016-2967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sametime",
"version": {
"version_data": [
{
"version_value": "8.5.2"
},
{
"version_value": "8.5.2.1"
},
{
"version_value": "9.0"
},
{
"version_value": "9.0.0.1"
},
{
"version_value": "9.0.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113848",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113848"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22006441",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22006441"
},
{
"name" : "100572",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100572"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Sametime away message altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113848."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006441",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006441"
},
{
"name": "100572",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100572"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113848",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113848"
}
]
}
}

174
2016/2xxx/CVE-2016-2969.json
View File

@ -1,90 +1,90 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-08-23T00:00:00",
"ID" : "CVE-2016-2969",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Sametime",
"version" : {
"version_data" : [
{
"version_value" : "8.5.2"
},
{
"version_value" : "8.5.2.1"
},
{
"version_value" : "9.0"
},
{
"version_value" : "9.0.0.1"
},
{
"version_value" : "9.0.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sametime Meeting Server 8.5.2 and 9.0 may send replies that contain emails of people that should not be in these messages. IBM X-Force ID: 113850."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-23T00:00:00",
"ID": "CVE-2016-2969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sametime",
"version": {
"version_data": [
{
"version_value": "8.5.2"
},
{
"version_value": "8.5.2.1"
},
{
"version_value": "9.0"
},
{
"version_value": "9.0.0.1"
},
{
"version_value": "9.0.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113850",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113850"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22006439",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22006439"
},
{
"name" : "100599",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100599"
},
{
"name" : "1039231",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039231"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sametime Meeting Server 8.5.2 and 9.0 may send replies that contain emails of people that should not be in these messages. IBM X-Force ID: 113850."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100599",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100599"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113850",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113850"
},
{
"name": "1039231",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039231"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006439",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006439"
}
]
}
}

32
2016/6xxx/CVE-2016-6194.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6194",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6194",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

178
2016/6xxx/CVE-2016-6224.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6224",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to obtain sensitive information via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8946."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6224",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160713 CVE Requests: Information exposure caused by ecryptfs-setup-swap failures",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/07/13/2"
},
{
"name" : "[oss-security] 20160714 Re: CVE Requests: Information exposure caused by ecryptfs-setup-swap failures",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/07/14/3"
},
{
"name" : "https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/882",
"refsource" : "CONFIRM",
"url" : "https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/882"
},
{
"name" : "https://bugs.launchpad.net/ecryptfs/+bug/1597154",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/ecryptfs/+bug/1597154"
},
{
"name" : "https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1447282",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1447282"
},
{
"name" : "FEDORA-2016-41301e2187",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K5WWCVHDLRLZTYMXEIONYFHLYAXXLJW3/"
},
{
"name" : "USN-3032-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3032-1"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to obtain sensitive information via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8946."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160714 Re: CVE Requests: Information exposure caused by ecryptfs-setup-swap failures",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/14/3"
},
{
"name": "[oss-security] 20160713 CVE Requests: Information exposure caused by ecryptfs-setup-swap failures",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/13/2"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1447282",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1447282"
},
{
"name": "USN-3032-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3032-1"
},
{
"name": "https://bugs.launchpad.net/ecryptfs/+bug/1597154",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ecryptfs/+bug/1597154"
},
{
"name": "FEDORA-2016-41301e2187",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K5WWCVHDLRLZTYMXEIONYFHLYAXXLJW3/"
},
{
"name": "https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/882",
"refsource": "CONFIRM",
"url": "https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/882"
}
]
}
}

188
2016/6xxx/CVE-2016-6491.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6491",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160728 CVE-Request Buffer overflow ImageMagick",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/07/28/13"
},
{
"name" : "[oss-security] 20160728 Re: CVE-Request Buffer overflow ImageMagick",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/07/28/15"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name" : "https://github.com/ImageMagick/ImageMagick/blob/6.9.5-4/ChangeLog",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/blob/6.9.5-4/ChangeLog"
},
{
"name" : "https://github.com/ImageMagick/ImageMagick/commit/dd84447b63a71fa8c3f47071b09454efc667767b",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/commit/dd84447b63a71fa8c3f47071b09454efc667767b"
},
{
"name" : "GLSA-201611-21",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201611-21"
},
{
"name" : "92186",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92186"
},
{
"name" : "1036501",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036501"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160728 CVE-Request Buffer overflow ImageMagick",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/28/13"
},
{
"name": "[oss-security] 20160728 Re: CVE-Request Buffer overflow ImageMagick",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/28/15"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/commit/dd84447b63a71fa8c3f47071b09454efc667767b",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/commit/dd84447b63a71fa8c3f47071b09454efc667767b"
},
{
"name": "1036501",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036501"
},
{
"name": "92186",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92186"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/blob/6.9.5-4/ChangeLog",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/blob/6.9.5-4/ChangeLog"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "GLSA-201611-21",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-21"
}
]
}
}

158
2016/6xxx/CVE-2016-6523.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6523",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the media manager in Dotclear before 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) q or (2) link_type parameter to admin/media.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160802 CVE request: XSS vulns in Dotclear v2.9.1",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/08/02/3"
},
{
"name" : "[oss-security] 20160802 Re: CVE request: XSS vulns in Dotclear v2.9.1",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/08/02/13"
},
{
"name" : "https://hg.dotclear.org/dotclear/file/18dc878c1178/CHANGELOG",
"refsource" : "CONFIRM",
"url" : "https://hg.dotclear.org/dotclear/file/18dc878c1178/CHANGELOG"
},
{
"name" : "https://hg.dotclear.org/dotclear/rev/40d0207e520d",
"refsource" : "CONFIRM",
"url" : "https://hg.dotclear.org/dotclear/rev/40d0207e520d"
},
{
"name" : "92272",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92272"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the media manager in Dotclear before 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) q or (2) link_type parameter to admin/media.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160802 Re: CVE request: XSS vulns in Dotclear v2.9.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/08/02/13"
},
{
"name": "[oss-security] 20160802 CVE request: XSS vulns in Dotclear v2.9.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/08/02/3"
},
{
"name": "https://hg.dotclear.org/dotclear/file/18dc878c1178/CHANGELOG",
"refsource": "CONFIRM",
"url": "https://hg.dotclear.org/dotclear/file/18dc878c1178/CHANGELOG"
},
{
"name": "https://hg.dotclear.org/dotclear/rev/40d0207e520d",
"refsource": "CONFIRM",
"url": "https://hg.dotclear.org/dotclear/rev/40d0207e520d"
},
{
"name": "92272",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92272"
}
]
}
}

118
2016/6xxx/CVE-2016-6908.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6908",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Characters from languages are such as Arabic, Hebrew are displayed from RTL (Right To Left) order in Opera 37.0.2192.105088 for Android, due to mishandling of several unicode characters such as U+FE70, U+0622, U+0623 etc and how they are rendered combined with (first strong character) such as an IP address or alphabet could lead to a spoofed URL. It was noticed that by placing neutral characters such as \"/\", \"?\" in filepath causes the URL to be flipped and displayed from Right To Left. However, in order for the URL to be spoofed the URL must begin with an IP address followed by neutral characters as omnibox considers IP address to be combination of punctuation and numbers and since LTR (Left To Right) direction is not properly enforced, this causes the entire URL to be treated and rendered from RTL (Right To Left). However, it doesn't have be an IP address, what matters is that first strong character (generally, alphabetic character) in the URL must be an RTL character."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "92701",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92701"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Characters from languages are such as Arabic, Hebrew are displayed from RTL (Right To Left) order in Opera 37.0.2192.105088 for Android, due to mishandling of several unicode characters such as U+FE70, U+0622, U+0623 etc and how they are rendered combined with (first strong character) such as an IP address or alphabet could lead to a spoofed URL. It was noticed that by placing neutral characters such as \"/\", \"?\" in filepath causes the URL to be flipped and displayed from Right To Left. However, in order for the URL to be spoofed the URL must begin with an IP address followed by neutral characters as omnibox considers IP address to be combination of punctuation and numbers and since LTR (Left To Right) direction is not properly enforced, this causes the entire URL to be treated and rendered from RTL (Right To Left). However, it doesn't have be an IP address, what matters is that first strong character (generally, alphabetic character) in the URL must be an RTL character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92701",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92701"
}
]
}
}

208
2016/7xxx/CVE-2016-7103.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7103",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/127",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/127"
},
{
"name" : "https://github.com/jquery/api.jqueryui.com/issues/281",
"refsource" : "CONFIRM",
"url" : "https://github.com/jquery/api.jqueryui.com/issues/281"
},
{
"name" : "https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6",
"refsource" : "CONFIRM",
"url" : "https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6"
},
{
"name" : "https://jqueryui.com/changelog/1.12.0/",
"refsource" : "CONFIRM",
"url" : "https://jqueryui.com/changelog/1.12.0/"
},
{
"name" : "https://www.tenable.com/security/tns-2016-19",
"refsource" : "CONFIRM",
"url" : "https://www.tenable.com/security/tns-2016-19"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "RHSA-2017:0161",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0161.html"
},
{
"name" : "RHSA-2016:2932",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2932.html"
},
{
"name" : "RHSA-2016:2933",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2933.html"
},
{
"name" : "104823",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104823"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:0161",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0161.html"
},
{
"name": "https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6",
"refsource": "CONFIRM",
"url": "https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "RHSA-2016:2933",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2933.html"
},
{
"name": "https://github.com/jquery/api.jqueryui.com/issues/281",
"refsource": "CONFIRM",
"url": "https://github.com/jquery/api.jqueryui.com/issues/281"
},
{
"name": "RHSA-2016:2932",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2932.html"
},
{
"name": "https://nodesecurity.io/advisories/127",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/127"
},
{
"name": "https://www.tenable.com/security/tns-2016-19",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-19"
},
{
"name": "104823",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104823"
},
{
"name": "https://jqueryui.com/changelog/1.12.0/",
"refsource": "CONFIRM",
"url": "https://jqueryui.com/changelog/1.12.0/"
}
]
}
}

148
2016/7xxx/CVE-2016-7150.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7150",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the site name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160912 CVE Request: XSS vulns in b2evolution v6.7.5",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/09/12/1"
},
{
"name" : "[oss-security] 20160915 Re: CVE Request: XSS vulns in b2evolution v6.7.5",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/09/15/4"
},
{
"name" : "https://github.com/b2evolution/b2evolution/commit/dd975fff7fce81bf12f9c59edb1a99475747c83c",
"refsource" : "CONFIRM",
"url" : "https://github.com/b2evolution/b2evolution/commit/dd975fff7fce81bf12f9c59edb1a99475747c83c"
},
{
"name" : "92967",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92967"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the site name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160915 Re: CVE Request: XSS vulns in b2evolution v6.7.5",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/4"
},
{
"name": "92967",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92967"
},
{
"name": "https://github.com/b2evolution/b2evolution/commit/dd975fff7fce81bf12f9c59edb1a99475747c83c",
"refsource": "CONFIRM",
"url": "https://github.com/b2evolution/b2evolution/commit/dd975fff7fce81bf12f9c59edb1a99475747c83c"
},
{
"name": "[oss-security] 20160912 CVE Request: XSS vulns in b2evolution v6.7.5",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/12/1"
}
]
}
}

138
2016/7xxx/CVE-2016-7262.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2016-7262",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka \"Microsoft Office Security Feature Bypass Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-148",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name" : "94660",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94660"
},
{
"name" : "1037441",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037441"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka \"Microsoft Office Security Feature Bypass Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-148",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "94660",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94660"
},
{
"name": "1037441",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037441"
}
]
}
}

158
2016/7xxx/CVE-2016-7535.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7535",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PSD file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-7535",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/09/22/2"
},
{
"name" : "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545180",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545180"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1378768",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1378768"
},
{
"name" : "https://github.com/ImageMagick/ImageMagick/issues/128",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/issues/128"
},
{
"name" : "93131",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93131"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PSD file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/22/2"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/128",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/128"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1378768",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378768"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545180",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545180"
},
{
"name": "93131",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93131"
}
]
}
}

198
2016/7xxx/CVE-2016-7910.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7910",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-7910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77da160530dd1dc94f6ae15a981f24e5f0021e84",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77da160530dd1dc94f6ae15a981f24e5f0021e84"
},
{
"name" : "http://source.android.com/security/bulletin/2016-11-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.1",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.1"
},
{
"name" : "https://github.com/torvalds/linux/commit/77da160530dd1dc94f6ae15a981f24e5f0021e84",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/77da160530dd1dc94f6ae15a981f24e5f0021e84"
},
{
"name" : "RHSA-2017:0892",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:0892"
},
{
"name" : "RHSA-2017:1297",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1297"
},
{
"name" : "RHSA-2017:1298",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1298"
},
{
"name" : "RHSA-2017:1308",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1308"
},
{
"name" : "94135",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94135"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/77da160530dd1dc94f6ae15a981f24e5f0021e84",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/77da160530dd1dc94f6ae15a981f24e5f0021e84"
},
{
"name": "RHSA-2017:1308",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1308"
},
{
"name": "http://source.android.com/security/bulletin/2016-11-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name": "RHSA-2017:0892",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0892"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.1",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.1"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77da160530dd1dc94f6ae15a981f24e5f0021e84",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77da160530dd1dc94f6ae15a981f24e5f0021e84"
},
{
"name": "RHSA-2017:1298",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1298"
},
{
"name": "94135",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94135"
},
{
"name": "RHSA-2017:1297",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1297"
}
]
}
}