admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 21:47:06 +00:00
parent 1b013f7824
commit 578944a78a
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
50 changed files with 3549 additions and 3549 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2006/0xxx/CVE-2006-0739.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0739",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "eStara SIP softphone allows remote attackers to cause a denial of service (crash) via an INVITE request with a Content-Length field that has more than 9 digits."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0739",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060214 eStara SIP softphone several message-processing vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/424943/100/0/threaded"
},
{
"name" : "16629",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16629"
},
{
"name" : "ADV-2006-0607",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0607"
},
{
"name" : "18872",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18872"
},
{
"name" : "estara-content-length-dos(24679)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24679"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eStara SIP softphone allows remote attackers to cause a denial of service (crash) via an INVITE request with a Content-Length field that has more than 9 digits."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18872",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18872"
},
{
"name": "ADV-2006-0607",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0607"
},
{
"name": "16629",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16629"
},
{
"name": "estara-content-length-dos(24679)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24679"
},
{
"name": "20060214 eStara SIP softphone several message-processing vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424943/100/0/threaded"
}
]
}
}

140
2006/0xxx/CVE-2006-0753.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0753",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060214 memory leak in IE?",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/424959/100/0/threaded"
},
{
"name" : "23307",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23307"
},
{
"name" : "ie-windowstatus-dos(24846)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24846"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ie-windowstatus-dos(24846)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24846"
},
{
"name": "20060214 memory leak in IE?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424959/100/0/threaded"
},
{
"name": "23307",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23307"
}
]
}
}

160
2006/0xxx/CVE-2006-0842.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0842",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3 allows remote attackers to inject arbitrary web script or HTML via a modified javascript: string in the SRC attribute of an IMG element in an e-mail message, as demonstrated by \"java	script:.\" NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "16683",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16683"
},
{
"name" : "ADV-2006-0617",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0617"
},
{
"name" : "23236",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23236"
},
{
"name" : "18874",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18874"
},
{
"name" : "@mail-html-image-xss(24742)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24742"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3 allows remote attackers to inject arbitrary web script or HTML via a modified javascript: string in the SRC attribute of an IMG element in an e-mail message, as demonstrated by \"java	script:.\" NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "@mail-html-image-xss(24742)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24742"
},
{
"name": "16683",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16683"
},
{
"name": "18874",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18874"
},
{
"name": "23236",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23236"
},
{
"name": "ADV-2006-0617",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0617"
}
]
}
}

220
2006/1xxx/CVE-2006-1101.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1101",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) sgetstr and (2) getint functions in Sauerbraten 2006_02_28, as derived from the Cube engine, allow remote attackers to cause a denial of service (segmentation fault) via long streams of input data that trigger an out-of-bounds read, as demonstrated using SV_EXT tag data in the Cube engine, which is not properly handled by getint."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060306 Multiple vulnerabilities in Sauerbraten engine 2006_02_28",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/426865/100/0/threaded"
},
{
"name" : "20060306 Multiple vulnerabilities in Cube engine 2005_08_29",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/426867/100/0/threaded"
},
{
"name" : "http://aluigi.altervista.org/adv/evilcube-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/evilcube-adv.txt"
},
{
"name" : "GLSA-200603-10",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200603-10.xml"
},
{
"name" : "16986",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16986"
},
{
"name" : "ADV-2006-0848",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0848"
},
{
"name" : "ADV-2006-0847",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0847"
},
{
"name" : "19110",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19110"
},
{
"name" : "19111",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19111"
},
{
"name" : "19199",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19199"
},
{
"name" : "sauerbraten-multiple-dos(25085)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25085"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) sgetstr and (2) getint functions in Sauerbraten 2006_02_28, as derived from the Cube engine, allow remote attackers to cause a denial of service (segmentation fault) via long streams of input data that trigger an out-of-bounds read, as demonstrated using SV_EXT tag data in the Cube engine, which is not properly handled by getint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060306 Multiple vulnerabilities in Cube engine 2005_08_29",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426867/100/0/threaded"
},
{
"name": "19199",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19199"
},
{
"name": "16986",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16986"
},
{
"name": "20060306 Multiple vulnerabilities in Sauerbraten engine 2006_02_28",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426865/100/0/threaded"
},
{
"name": "19110",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19110"
},
{
"name": "ADV-2006-0847",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0847"
},
{
"name": "http://aluigi.altervista.org/adv/evilcube-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/evilcube-adv.txt"
},
{
"name": "sauerbraten-multiple-dos(25085)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25085"
},
{
"name": "19111",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19111"
},
{
"name": "GLSA-200603-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-10.xml"
},
{
"name": "ADV-2006-0848",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0848"
}
]
}
}

180
2006/1xxx/CVE-2006-1824.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1824",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in PhpGuestbook.php in PhpGuestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Comment parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060415 PhpGuestbook <= 1.0 XSS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/431070/100/0/threaded"
},
{
"name" : "http://pridels0.blogspot.com/2006/04/phpguestbook-v10-script-insertion.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/04/phpguestbook-v10-script-insertion.html"
},
{
"name" : "17594",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17594"
},
{
"name" : "17537",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17537"
},
{
"name" : "ADV-2006-1422",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1422"
},
{
"name" : "19669",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19669"
},
{
"name" : "phpguestbook-script-xss(25850)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25850"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PhpGuestbook.php in PhpGuestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Comment parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpguestbook-script-xss(25850)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25850"
},
{
"name": "17594",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17594"
},
{
"name": "20060415 PhpGuestbook <= 1.0 XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431070/100/0/threaded"
},
{
"name": "19669",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19669"
},
{
"name": "17537",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17537"
},
{
"name": "ADV-2006-1422",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1422"
},
{
"name": "http://pridels0.blogspot.com/2006/04/phpguestbook-v10-script-insertion.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/04/phpguestbook-v10-script-insertion.html"
}
]
}
}

180
2006/3xxx/CVE-2006-3197.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3197",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a POST that contains hexadecimal-encoded HTML."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://forums.invisionpower.com/index.php?showtopic=219126",
"refsource" : "CONFIRM",
"url" : "http://forums.invisionpower.com/index.php?showtopic=219126"
},
{
"name" : "18571",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18571"
},
{
"name" : "ADV-2006-2481",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2481"
},
{
"name" : "26747",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26747"
},
{
"name" : "20772",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20772"
},
{
"name" : "596",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/596"
},
{
"name" : "ipb-hexadecimal-xss(27701)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27701"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a POST that contains hexadecimal-encoded HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forums.invisionpower.com/index.php?showtopic=219126",
"refsource": "CONFIRM",
"url": "http://forums.invisionpower.com/index.php?showtopic=219126"
},
{
"name": "ADV-2006-2481",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2481"
},
{
"name": "596",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/596"
},
{
"name": "18571",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18571"
},
{
"name": "20772",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20772"
},
{
"name": "26747",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26747"
},
{
"name": "ipb-hexadecimal-xss(27701)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27701"
}
]
}
}

160
2006/3xxx/CVE-2006-3471.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3471",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frameset as a child, which triggers a null dereference, as demonstrated using the appendChild method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://browserfun.blogspot.com/2006/07/mobb-7-tableframeset.html",
"refsource" : "MISC",
"url" : "http://browserfun.blogspot.com/2006/07/mobb-7-tableframeset.html"
},
{
"name" : "18873",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18873"
},
{
"name" : "ADV-2006-2701",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2701"
},
{
"name" : "26837",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26837"
},
{
"name" : "ie-tableframeset-appendchild-dos(27592)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27592"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frameset as a child, which triggers a null dereference, as demonstrated using the appendChild method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26837",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26837"
},
{
"name": "http://browserfun.blogspot.com/2006/07/mobb-7-tableframeset.html",
"refsource": "MISC",
"url": "http://browserfun.blogspot.com/2006/07/mobb-7-tableframeset.html"
},
{
"name": "ie-tableframeset-appendchild-dos(27592)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27592"
},
{
"name": "18873",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18873"
},
{
"name": "ADV-2006-2701",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2701"
}
]
}
}

260
2006/3xxx/CVE-2006-3548.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3548",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/439255/100/0/threaded"
},
{
"name" : "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047687.html"
},
{
"name" : "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt",
"refsource" : "MISC",
"url" : "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt"
},
{
"name" : "http://lists.horde.org/archives/announce/2006/000287.html",
"refsource" : "CONFIRM",
"url" : "http://lists.horde.org/archives/announce/2006/000287.html"
},
{
"name" : "http://lists.horde.org/archives/announce/2006/000288.html",
"refsource" : "CONFIRM",
"url" : "http://lists.horde.org/archives/announce/2006/000288.html"
},
{
"name" : "DSA-1406",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2007/dsa-1406"
},
{
"name" : "SUSE-SR:2006:019",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
},
{
"name" : "18845",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18845"
},
{
"name" : "ADV-2006-2694",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2694"
},
{
"name" : "1016442",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016442"
},
{
"name" : "20954",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20954"
},
{
"name" : "21459",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21459"
},
{
"name" : "27565",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27565"
},
{
"name" : "1229",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1229"
},
{
"name" : "horde-multiple-functions-xss(27589)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27589"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047687.html"
},
{
"name": "horde-multiple-functions-xss(27589)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27589"
},
{
"name": "http://lists.horde.org/archives/announce/2006/000287.html",
"refsource": "CONFIRM",
"url": "http://lists.horde.org/archives/announce/2006/000287.html"
},
{
"name": "18845",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18845"
},
{
"name": "ADV-2006-2694",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2694"
},
{
"name": "21459",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21459"
},
{
"name": "SUSE-SR:2006:019",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
},
{
"name": "27565",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27565"
},
{
"name": "1016442",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016442"
},
{
"name": "http://lists.horde.org/archives/announce/2006/000288.html",
"refsource": "CONFIRM",
"url": "http://lists.horde.org/archives/announce/2006/000288.html"
},
{
"name": "1229",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1229"
},
{
"name": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt",
"refsource": "MISC",
"url": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt"
},
{
"name": "DSA-1406",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1406"
},
{
"name": "20954",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20954"
},
{
"name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439255/100/0/threaded"
}
]
}
}

34
2006/3xxx/CVE-2006-3642.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3642",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2006-3642",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
}
]
}
}

170
2006/4xxx/CVE-2006-4206.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4206",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in calendar.asp in ASPPlayground.NET Forum Advanced Edition 2.4.5 Unicode, and possibly other versions before October 15, 2006, allows remote attackers to inject arbitrary web script or HTML via the calendarID parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060811 Forum Software (c) ASPPlayground.NET Advanced Edition 2.4.5 Unicode Xss",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/443035/100/0/threaded"
},
{
"name" : "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4206",
"refsource" : "CONFIRM",
"url" : "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4206"
},
{
"name" : "20335",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20335"
},
{
"name" : "29232",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/29232"
},
{
"name" : "1405",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1405"
},
{
"name" : "aspplaygroundnet-calendar-xss(28352)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28352"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in calendar.asp in ASPPlayground.NET Forum Advanced Edition 2.4.5 Unicode, and possibly other versions before October 15, 2006, allows remote attackers to inject arbitrary web script or HTML via the calendarID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060811 Forum Software (c) ASPPlayground.NET Advanced Edition 2.4.5 Unicode Xss",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443035/100/0/threaded"
},
{
"name": "20335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20335"
},
{
"name": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4206",
"refsource": "CONFIRM",
"url": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4206"
},
{
"name": "1405",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1405"
},
{
"name": "29232",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29232"
},
{
"name": "aspplaygroundnet-calendar-xss(28352)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28352"
}
]
}
}

170
2006/4xxx/CVE-2006-4887.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4887",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060918 Apple Remote Desktop root vulneravility",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446371/100/0/threaded"
},
{
"name" : "20060920 Re: Apple Remote Desktop root vulneravility",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446751/100/0/threaded"
},
{
"name" : "20060926 Re: Re: Apple Remote Desktop root vulneravility",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/447043/100/0/threaded"
},
{
"name" : "20092",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20092"
},
{
"name" : "32260",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/32260"
},
{
"name" : "apple-remote-desktop-gain-privileges(29060)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29060"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20092",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20092"
},
{
"name": "20060918 Apple Remote Desktop root vulneravility",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446371/100/0/threaded"
},
{
"name": "20060920 Re: Apple Remote Desktop root vulneravility",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446751/100/0/threaded"
},
{
"name": "20060926 Re: Re: Apple Remote Desktop root vulneravility",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447043/100/0/threaded"
},
{
"name": "apple-remote-desktop-gain-privileges(29060)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29060"
},
{
"name": "32260",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/32260"
}
]
}
}

420
2010/2xxx/CVE-2010-2162.json
View File

@ -1,212 +1,212 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2162",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors related to improper length calculation and the (1) STSC, (2) STSZ, and (3) STCO atoms."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100616 ZDI-10-109: Adobe Flash Player Multiple Atom MP4 Parsing Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/511862/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-109",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-109"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-14.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
},
{
"name" : "http://support.apple.com/kb/HT4435",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4435"
},
{
"name" : "APPLE-SA-2010-11-10-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name" : "GLSA-201101-09",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201101-09.xml"
},
{
"name" : "HPSBMA02547",
"refsource" : "HP",
"url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name" : "SSRT100179",
"refsource" : "HP",
"url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name" : "RHSA-2010:0464",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0464.html"
},
{
"name" : "RHSA-2010:0470",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0470.html"
},
{
"name" : "SUSE-SA:2010:024",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html"
},
{
"name" : "SUSE-SR:2010:013",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name" : "TLSA-2010-19",
"refsource" : "TURBO",
"url" : "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt"
},
{
"name" : "TA10-162A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-162A.html"
},
{
"name" : "40759",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40759"
},
{
"name" : "40801",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40801"
},
{
"name" : "oval:org.mitre.oval:def:7166",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7166"
},
{
"name" : "oval:org.mitre.oval:def:16345",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16345"
},
{
"name" : "1024085",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024085"
},
{
"name" : "1024086",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024086"
},
{
"name" : "40144",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40144"
},
{
"name" : "40545",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40545"
},
{
"name" : "43026",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43026"
},
{
"name" : "ADV-2010-1453",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1453"
},
{
"name" : "ADV-2010-1421",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1421"
},
{
"name" : "ADV-2010-1432",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1432"
},
{
"name" : "ADV-2010-1434",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1434"
},
{
"name" : "ADV-2010-1482",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1482"
},
{
"name" : "ADV-2010-1522",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1522"
},
{
"name" : "ADV-2010-1793",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1793"
},
{
"name" : "ADV-2011-0192",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0192"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors related to improper length calculation and the (1) STSC, (2) STSZ, and (3) STCO atoms."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0192",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0192"
},
{
"name": "ADV-2010-1421",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1421"
},
{
"name": "http://support.apple.com/kb/HT4435",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "40545",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40545"
},
{
"name": "oval:org.mitre.oval:def:16345",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16345"
},
{
"name": "oval:org.mitre.oval:def:7166",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7166"
},
{
"name": "RHSA-2010:0464",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0464.html"
},
{
"name": "ADV-2010-1793",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1793"
},
{
"name": "43026",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43026"
},
{
"name": "ADV-2010-1432",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1432"
},
{
"name": "GLSA-201101-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
},
{
"name": "TA10-162A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-162A.html"
},
{
"name": "APPLE-SA-2010-11-10-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "40759",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40759"
},
{
"name": "1024085",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024085"
},
{
"name": "SUSE-SR:2010:013",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "1024086",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024086"
},
{
"name": "ADV-2010-1434",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1434"
},
{
"name": "TLSA-2010-19",
"refsource": "TURBO",
"url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt"
},
{
"name": "SSRT100179",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name": "SUSE-SA:2010:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html"
},
{
"name": "40801",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40801"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-14.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-109",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-109"
},
{
"name": "40144",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40144"
},
{
"name": "RHSA-2010:0470",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0470.html"
},
{
"name": "ADV-2010-1482",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1482"
},
{
"name": "20100616 ZDI-10-109: Adobe Flash Player Multiple Atom MP4 Parsing Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511862/100/0/threaded"
},
{
"name": "HPSBMA02547",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name": "ADV-2010-1522",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1522"
},
{
"name": "ADV-2010-1453",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1453"
}
]
}
}

160
2010/2xxx/CVE-2010-2241.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2241",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) setup-ds.pl and (2) setup-ds-admin.pl setup scripts for Red Hat Directory Server 8 before 8.2 use world-readable permissions when creating cache files, which allows local users to obtain sensitive information including passwords for Directory and Administration Server administrative accounts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=608032",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=608032"
},
{
"name" : "RHSA-2010:0590",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2010-0590.html"
},
{
"name" : "66962",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/66962"
},
{
"name" : "1024281",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024281"
},
{
"name" : "40811",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40811"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) setup-ds.pl and (2) setup-ds-admin.pl setup scripts for Red Hat Directory Server 8 before 8.2 use world-readable permissions when creating cache files, which allows local users to obtain sensitive information including passwords for Directory and Administration Server administrative accounts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024281",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024281"
},
{
"name": "66962",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/66962"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=608032",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=608032"
},
{
"name": "RHSA-2010:0590",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2010-0590.html"
},
{
"name": "40811",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40811"
}
]
}
}

140
2010/2xxx/CVE-2010-2679.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2679",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100329 Joomla Component com_weblinks Sql Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/510364/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.org/1003-exploits/joomlaweblinks-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1003-exploits/joomlaweblinks-sql.txt"
},
{
"name" : "39032",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39032"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/1003-exploits/joomlaweblinks-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1003-exploits/joomlaweblinks-sql.txt"
},
{
"name": "20100329 Joomla Component com_weblinks Sql Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510364/100/0/threaded"
},
{
"name": "39032",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39032"
}
]
}
}

150
2010/2xxx/CVE-2010-2967.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2967",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html",
"refsource" : "MISC",
"url" : "http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html"
},
{
"name" : "http://www.kb.cert.org/vuls/id/MAPG-863QH9",
"refsource" : "CONFIRM",
"url" : "http://www.kb.cert.org/vuls/id/MAPG-863QH9"
},
{
"name" : "https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033709",
"refsource" : "CONFIRM",
"url" : "https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033709"
},
{
"name" : "VU#840249",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/840249"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033709",
"refsource": "CONFIRM",
"url": "https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033709"
},
{
"name": "VU#840249",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/840249"
},
{
"name": "http://www.kb.cert.org/vuls/id/MAPG-863QH9",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MAPG-863QH9"
},
{
"name": "http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html",
"refsource": "MISC",
"url": "http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html"
}
]
}
}

140
2010/3xxx/CVE-2010-3221.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3221",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka \"Word Parsing Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-3221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS10-079",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079"
},
{
"name" : "TA10-285A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
},
{
"name" : "oval:org.mitre.oval:def:7032",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7032"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka \"Word Parsing Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS10-079",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079"
},
{
"name": "oval:org.mitre.oval:def:7032",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7032"
},
{
"name": "TA10-285A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
}
]
}
}

170
2010/3xxx/CVE-2010-3456.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3456",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in download.php in EnergyScripts (ES) Simple Download 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14960",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14960"
},
{
"name" : "http://packetstormsecurity.org/1009-exploits/essimpledownload-lfi.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1009-exploits/essimpledownload-lfi.txt"
},
{
"name" : "43124",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43124"
},
{
"name" : "67944",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/67944"
},
{
"name" : "41359",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41359"
},
{
"name" : "essimpledownload-download-dir-traversal(61718)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61718"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in download.php in EnergyScripts (ES) Simple Download 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43124",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43124"
},
{
"name": "67944",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/67944"
},
{
"name": "essimpledownload-download-dir-traversal(61718)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61718"
},
{
"name": "14960",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14960"
},
{
"name": "41359",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41359"
},
{
"name": "http://packetstormsecurity.org/1009-exploits/essimpledownload-lfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1009-exploits/essimpledownload-lfi.txt"
}
]
}
}

34
2010/3xxx/CVE-2010-3660.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3660",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3660",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

250
2010/3xxx/CVE-2010-3679.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3679",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100928 Re: CVE Request -- MySQL v5.1.49 -- multiple DoS flaws",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/09/28/10"
},
{
"name" : "http://bugs.mysql.com/bug.php?id=54393",
"refsource" : "CONFIRM",
"url" : "http://bugs.mysql.com/bug.php?id=54393"
},
{
"name" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html",
"refsource" : "CONFIRM",
"url" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=628062",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=628062"
},
{
"name" : "MDVSA-2010:155",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:155"
},
{
"name" : "MDVSA-2011:012",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:012"
},
{
"name" : "RHSA-2011:0164",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0164.html"
},
{
"name" : "USN-1017-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1017-1"
},
{
"name" : "USN-1397-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1397-1"
},
{
"name" : "42638",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/42638"
},
{
"name" : "42936",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42936"
},
{
"name" : "ADV-2011-0133",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0133"
},
{
"name" : "ADV-2011-0170",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0170"
},
{
"name" : "mysql-binlog-command-dos(64687)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64687"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1397-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1397-1"
},
{
"name": "mysql-binlog-command-dos(64687)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64687"
},
{
"name": "USN-1017-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1017-1"
},
{
"name": "MDVSA-2011:012",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:012"
},
{
"name": "RHSA-2011:0164",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0164.html"
},
{
"name": "ADV-2011-0170",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0170"
},
{
"name": "42638",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42638"
},
{
"name": "ADV-2011-0133",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0133"
},
{
"name": "http://bugs.mysql.com/bug.php?id=54393",
"refsource": "CONFIRM",
"url": "http://bugs.mysql.com/bug.php?id=54393"
},
{
"name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html",
"refsource": "CONFIRM",
"url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html"
},
{
"name": "MDVSA-2010:155",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:155"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=628062",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=628062"
},
{
"name": "42936",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42936"
},
{
"name": "[oss-security] 20100928 Re: CVE Request -- MySQL v5.1.49 -- multiple DoS flaws",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/28/10"
}
]
}
}

410
2010/3xxx/CVE-2010-3855.json
View File

@ -1,207 +1,207 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3855",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602221",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602221"
},
{
"name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=59eb9f8cfe7d1df379a2318316d1f04f80fba54a",
"refsource" : "CONFIRM",
"url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=59eb9f8cfe7d1df379a2318316d1f04f80fba54a"
},
{
"name" : "https://savannah.nongnu.org/bugs/?31310",
"refsource" : "CONFIRM",
"url" : "https://savannah.nongnu.org/bugs/?31310"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100122733",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100122733"
},
{
"name" : "http://support.apple.com/kb/HT4564",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4564"
},
{
"name" : "http://support.apple.com/kb/HT4565",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4565"
},
{
"name" : "http://support.apple.com/kb/HT4581",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4581"
},
{
"name" : "http://support.apple.com/kb/HT4802",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4802"
},
{
"name" : "http://support.apple.com/kb/HT4803",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4803"
},
{
"name" : "APPLE-SA-2011-03-09-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html"
},
{
"name" : "APPLE-SA-2011-03-09-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html"
},
{
"name" : "APPLE-SA-2011-03-21-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name" : "APPLE-SA-2011-07-15-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00000.html"
},
{
"name" : "APPLE-SA-2011-07-15-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.html"
},
{
"name" : "DSA-2155",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2155"
},
{
"name" : "FEDORA-2010-17728",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051231.html"
},
{
"name" : "FEDORA-2010-17742",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050965.html"
},
{
"name" : "FEDORA-2010-17755",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051251.html"
},
{
"name" : "MDVSA-2010:235",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:235"
},
{
"name" : "MDVSA-2010:236",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:236"
},
{
"name" : "RHSA-2010:0889",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0889.html"
},
{
"name" : "USN-1013-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1013-1"
},
{
"name" : "44214",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44214"
},
{
"name" : "1024745",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024745"
},
{
"name" : "42289",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42289"
},
{
"name" : "42295",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42295"
},
{
"name" : "43138",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43138"
},
{
"name" : "48951",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48951"
},
{
"name" : "ADV-2010-3037",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3037"
},
{
"name" : "ADV-2011-0246",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0246"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43138",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43138"
},
{
"name": "42295",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42295"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602221",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602221"
},
{
"name": "http://support.avaya.com/css/P8/documents/100122733",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100122733"
},
{
"name": "http://support.apple.com/kb/HT4564",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4564"
},
{
"name": "http://support.apple.com/kb/HT4565",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4565"
},
{
"name": "MDVSA-2010:235",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:235"
},
{
"name": "http://support.apple.com/kb/HT4803",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4803"
},
{
"name": "ADV-2011-0246",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0246"
},
{
"name": "FEDORA-2010-17755",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051251.html"
},
{
"name": "APPLE-SA-2011-07-15-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00000.html"
},
{
"name": "44214",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44214"
},
{
"name": "FEDORA-2010-17742",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050965.html"
},
{
"name": "RHSA-2010:0889",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0889.html"
},
{
"name": "APPLE-SA-2011-03-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name": "FEDORA-2010-17728",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051231.html"
},
{
"name": "USN-1013-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1013-1"
},
{
"name": "42289",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42289"
},
{
"name": "APPLE-SA-2011-07-15-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.html"
},
{
"name": "https://savannah.nongnu.org/bugs/?31310",
"refsource": "CONFIRM",
"url": "https://savannah.nongnu.org/bugs/?31310"
},
{
"name": "http://support.apple.com/kb/HT4802",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4802"
},
{
"name": "MDVSA-2010:236",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:236"
},
{
"name": "APPLE-SA-2011-03-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html"
},
{
"name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=59eb9f8cfe7d1df379a2318316d1f04f80fba54a",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=59eb9f8cfe7d1df379a2318316d1f04f80fba54a"
},
{
"name": "1024745",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024745"
},
{
"name": "APPLE-SA-2011-03-09-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00005.html"
},
{
"name": "48951",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48951"
},
{
"name": "DSA-2155",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2155"
},
{
"name": "ADV-2010-3037",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3037"
},
{
"name": "http://support.apple.com/kb/HT4581",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4581"
}
]
}
}

34
2010/4xxx/CVE-2010-4244.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4244",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-4234. Reason: This candidate is a duplicate of CVE-2010-4234. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2010-4234 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2010-4244",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-4234. Reason: This candidate is a duplicate of CVE-2010-4234. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2010-4234 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

120
2010/4xxx/CVE-2010-4727.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4727",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Smarty before 3.0.0 beta 7 does not properly handle the <?php and ?> tags, which has unspecified impact and remote attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4727",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt",
"refsource" : "CONFIRM",
"url" : "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Smarty before 3.0.0 beta 7 does not properly handle the <?php and ?> tags, which has unspecified impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt",
"refsource": "CONFIRM",
"url": "http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt"
}
]
}
}

170
2011/0xxx/CVE-2011-0234.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0234",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4808",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4808"
},
{
"name" : "http://support.apple.com/kb/HT4981",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4981"
},
{
"name" : "http://support.apple.com/kb/HT4999",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4999"
},
{
"name" : "APPLE-SA-2011-07-20-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
},
{
"name" : "APPLE-SA-2011-10-11-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
},
{
"name" : "APPLE-SA-2011-10-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT4981",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4981"
},
{
"name": "APPLE-SA-2011-10-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "APPLE-SA-2011-10-11-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "http://support.apple.com/kb/HT4808",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4808"
},
{
"name": "APPLE-SA-2011-07-20-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
}
]
}
}

160
2011/1xxx/CVE-2011-1023.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1023",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Reliable Datagram Sockets (RDS) subsystem in the Linux kernel before 2.6.38 does not properly handle congestion map updates, which allows local users to cause a denial of service (BUG_ON and system crash) via vectors involving (1) a loopback (aka loop) transmit operation or (2) an InfiniBand (aka ib) transmit operation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110303 CVE-2011-1023 kernel: rds: prevent BUG_ON triggering on congestion map updates",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/03/03/2"
},
{
"name" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38",
"refsource" : "CONFIRM",
"url" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6094628bfd94323fc1cea05ec2c6affd98c18f7f",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6094628bfd94323fc1cea05ec2c6affd98c18f7f"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=680345",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=680345"
},
{
"name" : "https://github.com/torvalds/linux/commit/6094628bfd94323fc1cea05ec2c6affd98c18f7f",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/6094628bfd94323fc1cea05ec2c6affd98c18f7f"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Reliable Datagram Sockets (RDS) subsystem in the Linux kernel before 2.6.38 does not properly handle congestion map updates, which allows local users to cause a denial of service (BUG_ON and system crash) via vectors involving (1) a loopback (aka loop) transmit operation or (2) an InfiniBand (aka ib) transmit operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/6094628bfd94323fc1cea05ec2c6affd98c18f7f",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/6094628bfd94323fc1cea05ec2c6affd98c18f7f"
},
{
"name": "[oss-security] 20110303 CVE-2011-1023 kernel: rds: prevent BUG_ON triggering on congestion map updates",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/03/2"
},
{
"name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38",
"refsource": "CONFIRM",
"url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6094628bfd94323fc1cea05ec2c6affd98c18f7f",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6094628bfd94323fc1cea05ec2c6affd98c18f7f"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=680345",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=680345"
}
]
}
}

34
2011/1xxx/CVE-2011-1085.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1085",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1085",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2011/1xxx/CVE-2011-1566.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1566",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to execute arbitrary programs via ..\\ (dot dot backslash) sequences in opcodes (1) 0xa and (2) 0x17 to TCP port 12397."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "17024",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/17024"
},
{
"name" : "http://aluigi.org/adv/igss_8-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.org/adv/igss_8-adv.txt"
},
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf"
},
{
"name" : "46936",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46936"
},
{
"name" : "43849",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43849"
},
{
"name" : "ADV-2011-0741",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0741"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to execute arbitrary programs via ..\\ (dot dot backslash) sequences in opcodes (1) 0xa and (2) 0x17 to TCP port 12397."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46936",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46936"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-03.pdf"
},
{
"name": "http://aluigi.org/adv/igss_8-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.org/adv/igss_8-adv.txt"
},
{
"name": "43849",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43849"
},
{
"name": "ADV-2011-0741",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0741"
},
{
"name": "17024",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17024"
}
]
}
}

140
2011/1xxx/CVE-2011-1793.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1793",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "rendering/svg/RenderSVGResourceFilter.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted SVG document that leads to a \"stale pointer.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-1793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://crbug.com/67923",
"refsource" : "CONFIRM",
"url" : "http://crbug.com/67923"
},
{
"name" : "http://launchpad.net/bugs/778822",
"refsource" : "CONFIRM",
"url" : "http://launchpad.net/bugs/778822"
},
{
"name" : "http://trac.webkit.org/changeset/85406",
"refsource" : "CONFIRM",
"url" : "http://trac.webkit.org/changeset/85406"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rendering/svg/RenderSVGResourceFilter.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted SVG document that leads to a \"stale pointer.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://trac.webkit.org/changeset/85406",
"refsource": "CONFIRM",
"url": "http://trac.webkit.org/changeset/85406"
},
{
"name": "http://crbug.com/67923",
"refsource": "CONFIRM",
"url": "http://crbug.com/67923"
},
{
"name": "http://launchpad.net/bugs/778822",
"refsource": "CONFIRM",
"url": "http://launchpad.net/bugs/778822"
}
]
}
}

34
2011/5xxx/CVE-2011-5017.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5017",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5017",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2014/3xxx/CVE-2014-3550.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3550",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in admin/tool/task/scheduledtasks.php in Moodle 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted (1) error or (2) success message for a scheduled task."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140721 Moodle security notifications public",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/07/21/1"
},
{
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46227",
"refsource" : "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46227"
},
{
"name" : "https://moodle.org/mod/forum/discuss.php?d=264272",
"refsource" : "CONFIRM",
"url" : "https://moodle.org/mod/forum/discuss.php?d=264272"
},
{
"name" : "68762",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68762"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in admin/tool/task/scheduledtasks.php in Moodle 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted (1) error or (2) success message for a scheduled task."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46227",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46227"
},
{
"name": "[oss-security] 20140721 Moodle security notifications public",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/07/21/1"
},
{
"name": "68762",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68762"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=264272",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=264272"
}
]
}
}

150
2014/3xxx/CVE-2014-3625.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3625",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.pivotal.io/security/cve-2014-3625",
"refsource" : "CONFIRM",
"url" : "http://www.pivotal.io/security/cve-2014-3625"
},
{
"name" : "https://jira.spring.io/browse/SPR-12354",
"refsource" : "CONFIRM",
"url" : "https://jira.spring.io/browse/SPR-12354"
},
{
"name" : "RHSA-2015:0236",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0236.html"
},
{
"name" : "RHSA-2015:0720",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:0720",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
},
{
"name": "http://www.pivotal.io/security/cve-2014-3625",
"refsource": "CONFIRM",
"url": "http://www.pivotal.io/security/cve-2014-3625"
},
{
"name": "https://jira.spring.io/browse/SPR-12354",
"refsource": "CONFIRM",
"url": "https://jira.spring.io/browse/SPR-12354"
},
{
"name": "RHSA-2015:0236",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0236.html"
}
]
}
}

140
2014/7xxx/CVE-2014-7058.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7058",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Efendimizin Sunnetleri (aka com.wEfendimizinSunnetleri) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7058",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#687305",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/687305"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Efendimizin Sunnetleri (aka com.wEfendimizinSunnetleri) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#687305",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/687305"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

180
2014/7xxx/CVE-2014-7285.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7285",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2014-7285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "36263",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/36263"
},
{
"name" : "http://karmainsecurity.com/KIS-2014-19",
"refsource" : "MISC",
"url" : "http://karmainsecurity.com/KIS-2014-19"
},
{
"name" : "http://packetstormsecurity.com/files/130612/Symantec-Web-Gateway-5-restore.php-Command-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/130612/Symantec-Web-Gateway-5-restore.php-Command-Injection.html"
},
{
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141216_00",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141216_00"
},
{
"name" : "71620",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71620"
},
{
"name" : "116009",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/show/osvdb/116009"
},
{
"name" : "1031386",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031386"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36263",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/36263"
},
{
"name": "71620",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71620"
},
{
"name": "1031386",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031386"
},
{
"name": "http://packetstormsecurity.com/files/130612/Symantec-Web-Gateway-5-restore.php-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130612/Symantec-Web-Gateway-5-restore.php-Command-Injection.html"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141216_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141216_00"
},
{
"name": "116009",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/116009"
},
{
"name": "http://karmainsecurity.com/KIS-2014-19",
"refsource": "MISC",
"url": "http://karmainsecurity.com/KIS-2014-19"
}
]
}
}

300
2014/7xxx/CVE-2014-7926.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7926",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a zero-length quantifier."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-7926",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.icu-project.org/trac/ticket/11369",
"refsource" : "CONFIRM",
"url" : "http://bugs.icu-project.org/trac/ticket/11369"
},
{
"name" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html"
},
{
"name" : "https://chromium.googlesource.com/chromium/deps/icu52/+/3af4ce5982311035e5f36803d547c0befa576c8c",
"refsource" : "CONFIRM",
"url" : "https://chromium.googlesource.com/chromium/deps/icu52/+/3af4ce5982311035e5f36803d547c0befa576c8c"
},
{
"name" : "https://chromium.googlesource.com/chromium/deps/icu52/+/6242e2fbb36f486f2c0addd1c3cef67fc4ed33fb",
"refsource" : "CONFIRM",
"url" : "https://chromium.googlesource.com/chromium/deps/icu52/+/6242e2fbb36f486f2c0addd1c3cef67fc4ed33fb"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=422824",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=422824"
},
{
"name" : "https://codereview.chromium.org/726973003",
"refsource" : "CONFIRM",
"url" : "https://codereview.chromium.org/726973003"
},
{
"name" : "http://advisories.mageia.org/MGASA-2015-0047.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2015-0047.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name" : "GLSA-201502-13",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201502-13.xml"
},
{
"name" : "GLSA-201503-06",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201503-06"
},
{
"name" : "RHSA-2015:0093",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0093.html"
},
{
"name" : "openSUSE-SU-2015:0441",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html"
},
{
"name" : "USN-2476-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2476-1"
},
{
"name" : "72288",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72288"
},
{
"name" : "1031623",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031623"
},
{
"name" : "62575",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62575"
},
{
"name" : "62383",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62383"
},
{
"name" : "62665",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62665"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a zero-length quantifier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62665",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62665"
},
{
"name": "https://chromium.googlesource.com/chromium/deps/icu52/+/6242e2fbb36f486f2c0addd1c3cef67fc4ed33fb",
"refsource": "CONFIRM",
"url": "https://chromium.googlesource.com/chromium/deps/icu52/+/6242e2fbb36f486f2c0addd1c3cef67fc4ed33fb"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=422824",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=422824"
},
{
"name": "http://bugs.icu-project.org/trac/ticket/11369",
"refsource": "CONFIRM",
"url": "http://bugs.icu-project.org/trac/ticket/11369"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html"
},
{
"name": "62575",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62575"
},
{
"name": "https://codereview.chromium.org/726973003",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/726973003"
},
{
"name": "USN-2476-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2476-1"
},
{
"name": "72288",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72288"
},
{
"name": "GLSA-201502-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201502-13.xml"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "GLSA-201503-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-06"
},
{
"name": "1031623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031623"
},
{
"name": "openSUSE-SU-2015:0441",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0047.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0047.html"
},
{
"name": "RHSA-2015:0093",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0093.html"
},
{
"name": "62383",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62383"
},
{
"name": "https://chromium.googlesource.com/chromium/deps/icu52/+/3af4ce5982311035e5f36803d547c0befa576c8c",
"refsource": "CONFIRM",
"url": "https://chromium.googlesource.com/chromium/deps/icu52/+/3af4ce5982311035e5f36803d547c0befa576c8c"
}
]
}
}

34
2014/7xxx/CVE-2014-7973.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7973",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7973",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/8xxx/CVE-2014-8181.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8181",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8181",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/8xxx/CVE-2014-8190.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8190",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-8190",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

130
2014/8xxx/CVE-2014-8491.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8491",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Grand Flagallery plugin before 4.25 for WordPress allows remote attackers to obtain the installation path via a request to (1) flagallery-skins/banner_widget_default/gallery.php or (2) flash-album-gallery/skins/banner_widget_default/gallery.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://g0blin.co.uk/cve-2014-8491/",
"refsource" : "MISC",
"url" : "https://g0blin.co.uk/cve-2014-8491/"
},
{
"name" : "https://wpvulndb.com/vulnerabilities/8238",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/8238"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Grand Flagallery plugin before 4.25 for WordPress allows remote attackers to obtain the installation path via a request to (1) flagallery-skins/banner_widget_default/gallery.php or (2) flash-album-gallery/skins/banner_widget_default/gallery.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8238",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8238"
},
{
"name": "https://g0blin.co.uk/cve-2014-8491/",
"refsource": "MISC",
"url": "https://g0blin.co.uk/cve-2014-8491/"
}
]
}
}

34
2014/8xxx/CVE-2014-8620.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8620",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8620",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/8xxx/CVE-2014-8783.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8783",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8783",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/8xxx/CVE-2014-8792.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8792",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8792",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

310
2016/2xxx/CVE-2016-2117.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"ID" : "CVE-2016-2117",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2117",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160316 CVE-2016-2117 memory disclosure to ethernet due to unchecked scatter/gather IO",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/03/16/7"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f43bfaeddc79effbf3d0fcb53ca477cca66f3db8",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f43bfaeddc79effbf3d0fcb53ca477cca66f3db8"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1312298",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1312298"
},
{
"name" : "https://github.com/torvalds/linux/commit/f43bfaeddc79effbf3d0fcb53ca477cca66f3db8",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/f43bfaeddc79effbf3d0fcb53ca477cca66f3db8"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name" : "DSA-3607",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3607"
},
{
"name" : "RHSA-2016:2574",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
},
{
"name" : "RHSA-2016:2584",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
},
{
"name" : "USN-2989-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2989-1"
},
{
"name" : "USN-2998-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2998-1"
},
{
"name" : "USN-3000-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"name" : "USN-3001-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3001-1"
},
{
"name" : "USN-3002-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3002-1"
},
{
"name" : "USN-3003-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3003-1"
},
{
"name" : "USN-3004-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3004-1"
},
{
"name" : "USN-3005-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3005-1"
},
{
"name" : "USN-3006-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3006-1"
},
{
"name" : "USN-3007-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3007-1"
},
{
"name" : "84500",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/84500"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3006-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3006-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "USN-3004-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3004-1"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f43bfaeddc79effbf3d0fcb53ca477cca66f3db8",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f43bfaeddc79effbf3d0fcb53ca477cca66f3db8"
},
{
"name": "USN-3001-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3001-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "USN-3005-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3005-1"
},
{
"name": "RHSA-2016:2584",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
},
{
"name": "RHSA-2016:2574",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
},
{
"name": "USN-3000-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3000-1"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3002-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3002-1"
},
{
"name": "84500",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84500"
},
{
"name": "USN-2989-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2989-1"
},
{
"name": "USN-3007-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3007-1"
},
{
"name": "[oss-security] 20160316 CVE-2016-2117 memory disclosure to ethernet due to unchecked scatter/gather IO",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/03/16/7"
},
{
"name": "USN-3003-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3003-1"
},
{
"name": "USN-2998-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2998-1"
},
{
"name": "https://github.com/torvalds/linux/commit/f43bfaeddc79effbf3d0fcb53ca477cca66f3db8",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/f43bfaeddc79effbf3d0fcb53ca477cca66f3db8"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1312298",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1312298"
}
]
}
}

34
2016/2xxx/CVE-2016-2650.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2650",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2650",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/2xxx/CVE-2016-2736.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2736",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2736",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

150
2016/6xxx/CVE-2016-6615.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6615",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature (a specially-crafted database name can be used to trigger an XSS attack); the \"Tracking\" feature (a specially-crafted query can be used to trigger an XSS attack); and GIS visualization feature. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180706 [SECURITY] [DLA 1415-1] phpmyadmin security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html"
},
{
"name" : "https://www.phpmyadmin.net/security/PMASA-2016-38",
"refsource" : "CONFIRM",
"url" : "https://www.phpmyadmin.net/security/PMASA-2016-38"
},
{
"name" : "GLSA-201701-32",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-32"
},
{
"name" : "95041",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95041"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature (a specially-crafted database name can be used to trigger an XSS attack); the \"Tracking\" feature (a specially-crafted query can be used to trigger an XSS attack); and GIS visualization feature. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95041",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95041"
},
{
"name": "[debian-lts-announce] 20180706 [SECURITY] [DLA 1415-1] phpmyadmin security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html"
},
{
"name": "https://www.phpmyadmin.net/security/PMASA-2016-38",
"refsource": "CONFIRM",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-38"
},
{
"name": "GLSA-201701-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-32"
}
]
}
}

140
2016/6xxx/CVE-2016-6630.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6630",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service (DoS) attack by entering a very long password at the change password dialog. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.phpmyadmin.net/security/PMASA-2016-53",
"refsource" : "CONFIRM",
"url" : "https://www.phpmyadmin.net/security/PMASA-2016-53"
},
{
"name" : "GLSA-201701-32",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-32"
},
{
"name" : "92501",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92501"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service (DoS) attack by entering a very long password at the change password dialog. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92501",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92501"
},
{
"name": "https://www.phpmyadmin.net/security/PMASA-2016-53",
"refsource": "CONFIRM",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-53"
},
{
"name": "GLSA-201701-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-32"
}
]
}
}

130
2016/6xxx/CVE-2016-6685.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6685",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel in Android before 2016-10-05 on Nexus 6P devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30402628."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-6685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-10-01.html"
},
{
"name" : "93326",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93326"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel in Android before 2016-10-05 on Nexus 6P devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30402628."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-10-01.html"
},
{
"name": "93326",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93326"
}
]
}
}

160
2017/5xxx/CVE-2017-5096.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-5096",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Google Chrome prior to 60.0.3112.78 for Android",
"version" : {
"version_data" : [
{
"version_value" : "Google Chrome prior to 60.0.3112.78 for Android"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Insufficient policy enforcement during navigation between different schemes in Google Chrome prior to 60.0.3112.78 for Android allowed a remote attacker to perform cross origin content download via a crafted HTML page, related to intents."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insufficient Policy Enforcement"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 60.0.3112.78 for Android",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 60.0.3112.78 for Android"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html",
"refsource" : "MISC",
"url" : "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html"
},
{
"name" : "https://crbug.com/714442",
"refsource" : "MISC",
"url" : "https://crbug.com/714442"
},
{
"name" : "GLSA-201709-15",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201709-15"
},
{
"name" : "RHSA-2017:1833",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1833"
},
{
"name" : "99950",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99950"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient policy enforcement during navigation between different schemes in Google Chrome prior to 60.0.3112.78 for Android allowed a remote attacker to perform cross origin content download via a crafted HTML page, related to intents."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient Policy Enforcement"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/714442",
"refsource": "MISC",
"url": "https://crbug.com/714442"
},
{
"name": "GLSA-201709-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-15"
},
{
"name": "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html"
},
{
"name": "99950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99950"
},
{
"name": "RHSA-2017:1833",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1833"
}
]
}
}

34
2017/5xxx/CVE-2017-5424.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5424",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5424",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2017/5xxx/CVE-2017-5503.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5503",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via a crafted image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170116 jasper: invalid memory write in dec_clnpass (jpc_t1dec.c)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/16/3"
},
{
"name" : "[oss-security] 20170117 Re: Re: jasper: invalid memory write in dec_clnpass (jpc_t1dec.c)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/17/10"
},
{
"name" : "https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-write-in-dec_clnpass-jpc_t1dec-c/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-write-in-dec_clnpass-jpc_t1dec-c/"
},
{
"name" : "95683",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95683"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via a crafted image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-write-in-dec_clnpass-jpc_t1dec-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-write-in-dec_clnpass-jpc_t1dec-c/"
},
{
"name": "95683",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95683"
},
{
"name": "[oss-security] 20170117 Re: Re: jasper: invalid memory write in dec_clnpass (jpc_t1dec.c)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/17/10"
},
{
"name": "[oss-security] 20170116 jasper: invalid memory write in dec_clnpass (jpc_t1dec.c)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/16/3"
}
]
}
}

132
2017/5xxx/CVE-2017-5786.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"DATE_PUBLIC" : "2017-02-10T00:00:00",
"ID" : "CVE-2017-5786",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "OfficeConnect Network Switches",
"version" : {
"version_data" : [
{
"version_value" : "PT.02.01 including: PT.01.03 through PT.01.14"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A local Unauthorized Data Modification vulnerability in HPE OfficeConnect Network Switches version PT.02.01 including PT.01.03 through PT.01.14"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Local Unauthorized Data Modification"
}
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2017-02-10T00:00:00",
"ID": "CVE-2017-5786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OfficeConnect Network Switches",
"version": {
"version_data": [
{
"version_value": "PT.02.01 including: PT.01.03 through PT.01.14"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05388948",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05388948"
},
{
"name" : "96149",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96149"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local Unauthorized Data Modification vulnerability in HPE OfficeConnect Network Switches version PT.02.01 including PT.01.03 through PT.01.14"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Unauthorized Data Modification"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05388948",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05388948"
},
{
"name": "96149",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96149"
}
]
}
}