admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 07:16:20 +00:00
parent 59378bae3e
commit 60ca9a3ec8
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
47 changed files with 3543 additions and 3543 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

310
2006/0xxx/CVE-2006-0555.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0555",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Linux Kernel before 2.6.15.5 allows local users to cause a denial of service (NFS client panic) via unknown attack vectors related to the use of O_DIRECT (direct I/O)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security-info@sgi.com",
"ID": "CVE-2006-0555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.5",
"refsource" : "CONFIRM",
"url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.5"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm"
},
{
"name" : "DSA-1103",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1103"
},
{
"name" : "FEDORA-2006-131",
"refsource" : "FEDORA",
"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00003.html"
},
{
"name" : "MDKSA-2006:059",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:059"
},
{
"name" : "RHSA-2006:0493",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0493.html"
},
{
"name" : "SUSE-SA:2006:028",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006-05-31.html"
},
{
"name" : "USN-263-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/263-1/"
},
{
"name" : "16922",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16922"
},
{
"name" : "oval:org.mitre.oval:def:9932",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9932"
},
{
"name" : "ADV-2006-0804",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0804"
},
{
"name" : "ADV-2006-2554",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2554"
},
{
"name" : "19083",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19083"
},
{
"name" : "19108",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19108"
},
{
"name" : "19220",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19220"
},
{
"name" : "20237",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20237"
},
{
"name" : "20914",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20914"
},
{
"name" : "21745",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21745"
},
{
"name" : "20398",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20398"
},
{
"name" : "kernel-odirect-dos(25000)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25000"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Linux Kernel before 2.6.15.5 allows local users to cause a denial of service (NFS client panic) via unknown attack vectors related to the use of O_DIRECT (direct I/O)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2006-131",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00003.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm"
},
{
"name": "RHSA-2006:0493",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0493.html"
},
{
"name": "ADV-2006-2554",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2554"
},
{
"name": "19220",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19220"
},
{
"name": "21745",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21745"
},
{
"name": "kernel-odirect-dos(25000)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25000"
},
{
"name": "ADV-2006-0804",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0804"
},
{
"name": "SUSE-SA:2006:028",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006-05-31.html"
},
{
"name": "DSA-1103",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1103"
},
{
"name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.5",
"refsource": "CONFIRM",
"url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.5"
},
{
"name": "20237",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20237"
},
{
"name": "20398",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20398"
},
{
"name": "oval:org.mitre.oval:def:9932",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9932"
},
{
"name": "MDKSA-2006:059",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:059"
},
{
"name": "19083",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19083"
},
{
"name": "16922",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16922"
},
{
"name": "19108",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19108"
},
{
"name": "USN-263-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/263-1/"
},
{
"name": "20914",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20914"
}
]
}
}

150
2006/0xxx/CVE-2006-0970.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0970",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in index.php in one or more ActiveCampaign products, possibly SupportTrio, allows remote attackers to include and execute arbitrary files via the page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060227 Knowledgebases Remote Command Exucetion",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/426214/100/0/threaded"
},
{
"name" : "3228",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/3228"
},
{
"name" : "505",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/505"
},
{
"name" : "activecampaign-index-command-execution(24989)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24989"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in index.php in one or more ActiveCampaign products, possibly SupportTrio, allows remote attackers to include and execute arbitrary files via the page parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "505",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/505"
},
{
"name": "activecampaign-index-command-execution(24989)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24989"
},
{
"name": "20060227 Knowledgebases Remote Command Exucetion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426214/100/0/threaded"
},
{
"name": "3228",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3228"
}
]
}
}

170
2006/1xxx/CVE-2006-1074.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1074",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Jason Boettcher Liero Xtreme 0.62b and earlier allow remote attackers to cause a denial of service (application crash or hang) via a long argument to the connect command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060306 Multiple vulnerabilities in Liero Xtreme 0.62b",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/426864/100/0/threaded"
},
{
"name" : "http://aluigi.altervista.org/adv/lieroxxx-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/lieroxxx-adv.txt"
},
{
"name" : "16992",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16992"
},
{
"name" : "ADV-2006-0849",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0849"
},
{
"name" : "19079",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19079"
},
{
"name" : "liero-connect-dos(25185)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25185"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jason Boettcher Liero Xtreme 0.62b and earlier allow remote attackers to cause a denial of service (application crash or hang) via a long argument to the connect command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0849",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0849"
},
{
"name": "20060306 Multiple vulnerabilities in Liero Xtreme 0.62b",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426864/100/0/threaded"
},
{
"name": "19079",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19079"
},
{
"name": "16992",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16992"
},
{
"name": "liero-connect-dos(25185)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25185"
},
{
"name": "http://aluigi.altervista.org/adv/lieroxxx-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/lieroxxx-adv.txt"
}
]
}
}

200
2006/1xxx/CVE-2006-1228.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1228",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to gain privileges by tricking a user to click on a URL that fixes the session identifier."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060314 [DRUPAL-SA-2006-003] Drupal 4.6.6 / 4.5.8 fixes session fixation issue",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/427589/100/0/threaded"
},
{
"name" : "http://drupal.org/node/53805",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/53805"
},
{
"name" : "DSA-1007",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1007"
},
{
"name" : "17104",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17104"
},
{
"name" : "23911",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23911"
},
{
"name" : "19245",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19245"
},
{
"name" : "19257",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19257"
},
{
"name" : "580",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/580"
},
{
"name" : "drupal-login-session-hijacking(25205)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25205"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to gain privileges by tricking a user to click on a URL that fixes the session identifier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/53805",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/53805"
},
{
"name": "580",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/580"
},
{
"name": "23911",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23911"
},
{
"name": "DSA-1007",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1007"
},
{
"name": "17104",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17104"
},
{
"name": "drupal-login-session-hijacking(25205)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25205"
},
{
"name": "19245",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19245"
},
{
"name": "19257",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19257"
},
{
"name": "20060314 [DRUPAL-SA-2006-003] Drupal 4.6.6 / 4.5.8 fixes session fixation issue",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427589/100/0/threaded"
}
]
}
}

180
2006/1xxx/CVE-2006-1590.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1590",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the PrintFreshPage function in (1) Basic Analysis and Security Engine (BASE) 1.2.4 and (2) Analysis Console for Intrusion Databases (ACID) 0.9.6b23 allows remote attackers to inject arbitrary web script or HTML via the (a) back parameter to base_graph_main.php, (b) netmask parameter to base_stat_ipaddr.php, or (c) submit parameter to base_qry_alert.php within BASE, or (d) query string to acid_main.php in ACID, which causes the request URI ($_SERVER['REQUEST_URI']) to be inserted into a refresh operation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[secureideas-base-devel] 20060328 3 XSS in BASE 1.2.4",
"refsource" : "MLIST",
"url" : "http://sourceforge.net/mailarchive/forum.php?thread_id=10064470&forum_id=42223"
},
{
"name" : "17391",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17391"
},
{
"name" : "ADV-2006-1264",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1264"
},
{
"name" : "24307",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24307"
},
{
"name" : "20835",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20835"
},
{
"name" : "19544",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19544"
},
{
"name" : "base-multiple-scripts-xss(25671)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25671"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the PrintFreshPage function in (1) Basic Analysis and Security Engine (BASE) 1.2.4 and (2) Analysis Console for Intrusion Databases (ACID) 0.9.6b23 allows remote attackers to inject arbitrary web script or HTML via the (a) back parameter to base_graph_main.php, (b) netmask parameter to base_stat_ipaddr.php, or (c) submit parameter to base_qry_alert.php within BASE, or (d) query string to acid_main.php in ACID, which causes the request URI ($_SERVER['REQUEST_URI']) to be inserted into a refresh operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17391",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17391"
},
{
"name": "ADV-2006-1264",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1264"
},
{
"name": "20835",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20835"
},
{
"name": "base-multiple-scripts-xss(25671)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25671"
},
{
"name": "[secureideas-base-devel] 20060328 3 XSS in BASE 1.2.4",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_id=10064470&forum_id=42223"
},
{
"name": "24307",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24307"
},
{
"name": "19544",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19544"
}
]
}
}

160
2006/3xxx/CVE-2006-3314.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3314",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote attackers to execute arbitrary PHP code via a URL in the pageid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060617 RahnemaCo \"page.php\" Remote File Inclusion[2]",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/437836/100/0/threaded"
},
{
"name" : "18490",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18490"
},
{
"name" : "1016346",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016346"
},
{
"name" : "1167",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1167"
},
{
"name" : "rahnemaco-page-file-include(27365)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27365"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote attackers to execute arbitrary PHP code via a URL in the pageid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1167",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1167"
},
{
"name": "20060617 RahnemaCo \"page.php\" Remote File Inclusion[2]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437836/100/0/threaded"
},
{
"name": "18490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18490"
},
{
"name": "rahnemaco-page-file-include(27365)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27365"
},
{
"name": "1016346",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016346"
}
]
}
}

180
2006/3xxx/CVE-2006-3909.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3909",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in calendar.php in WWWthreads allows remote attackers to inject arbitrary web script or HTML via the week parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060725 wwwThreads XSS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441191/100/0/threaded"
},
{
"name" : "http://www.aria-security.net/advisory/wwwthreads.txt",
"refsource" : "MISC",
"url" : "http://www.aria-security.net/advisory/wwwthreads.txt"
},
{
"name" : "19177",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19177"
},
{
"name" : "ADV-2006-3005",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3005"
},
{
"name" : "27542",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27542"
},
{
"name" : "21221",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21221"
},
{
"name" : "wwwthreads-calendar-xss(27997)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27997"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in calendar.php in WWWthreads allows remote attackers to inject arbitrary web script or HTML via the week parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21221"
},
{
"name": "20060725 wwwThreads XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441191/100/0/threaded"
},
{
"name": "27542",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27542"
},
{
"name": "wwwthreads-calendar-xss(27997)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27997"
},
{
"name": "http://www.aria-security.net/advisory/wwwthreads.txt",
"refsource": "MISC",
"url": "http://www.aria-security.net/advisory/wwwthreads.txt"
},
{
"name": "ADV-2006-3005",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3005"
},
{
"name": "19177",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19177"
}
]
}
}

190
2006/4xxx/CVE-2006-4307.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4307",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the format command in Sun Solaris 8 and 9 before 20060821 allows local users to modify arbitrary files via unspecified vectors involving profiles that permit running format with elevated privileges, a different issue than CVE-2006-4306 and CVE-2006-4319."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm"
},
{
"name" : "102514",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102514-1"
},
{
"name" : "19647",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19647"
},
{
"name" : "ADV-2006-3355",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3355"
},
{
"name" : "oval:org.mitre.oval:def:1573",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1573"
},
{
"name" : "1016726",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016726"
},
{
"name" : "21581",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21581"
},
{
"name" : "22295",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22295"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the format command in Sun Solaris 8 and 9 before 20060821 allows local users to modify arbitrary files via unspecified vectors involving profiles that permit running format with elevated privileges, a different issue than CVE-2006-4306 and CVE-2006-4319."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016726",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016726"
},
{
"name": "21581",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21581"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm"
},
{
"name": "ADV-2006-3355",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3355"
},
{
"name": "22295",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22295"
},
{
"name": "19647",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19647"
},
{
"name": "102514",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102514-1"
},
{
"name": "oval:org.mitre.oval:def:1573",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1573"
}
]
}
}

190
2006/4xxx/CVE-2006-4314.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4314",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The manager server in Symantec Enterprise Security Manager (ESM) 6 and 6.5.x allows remote attackers to cause a denial of service (hang) via a malformed ESM agent request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060822 Symantec Enterprise Security Manager Denial-of-Service Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/444068/100/0/threaded"
},
{
"name" : "http://www.symantec.com/avcenter/security/Content/2006.08.21a.html",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/avcenter/security/Content/2006.08.21a.html"
},
{
"name" : "19580",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19580"
},
{
"name" : "ADV-2006-3353",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3353"
},
{
"name" : "28108",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28108"
},
{
"name" : "1016728",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016728"
},
{
"name" : "21548",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21548"
},
{
"name" : "1437",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1437"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The manager server in Symantec Enterprise Security Manager (ESM) 6 and 6.5.x allows remote attackers to cause a denial of service (hang) via a malformed ESM agent request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016728",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016728"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2006.08.21a.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2006.08.21a.html"
},
{
"name": "21548",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21548"
},
{
"name": "19580",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19580"
},
{
"name": "ADV-2006-3353",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3353"
},
{
"name": "28108",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28108"
},
{
"name": "1437",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1437"
},
{
"name": "20060822 Symantec Enterprise Security Manager Denial-of-Service Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444068/100/0/threaded"
}
]
}
}

150
2006/4xxx/CVE-2006-4561.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4561",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060814 (somewhat) breaking the same-origin policy by undermining dns-pinning",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/443209/100/200/threaded"
},
{
"name" : "http://polyboy.net/xss/dnsslurp.html",
"refsource" : "MISC",
"url" : "http://polyboy.net/xss/dnsslurp.html"
},
{
"name" : "http://shampoo.antville.org/stories/1451301/",
"refsource" : "MISC",
"url" : "http://shampoo.antville.org/stories/1451301/"
},
{
"name" : "31834",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/31834"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060814 (somewhat) breaking the same-origin policy by undermining dns-pinning",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443209/100/200/threaded"
},
{
"name": "http://shampoo.antville.org/stories/1451301/",
"refsource": "MISC",
"url": "http://shampoo.antville.org/stories/1451301/"
},
{
"name": "http://polyboy.net/xss/dnsslurp.html",
"refsource": "MISC",
"url": "http://polyboy.net/xss/dnsslurp.html"
},
{
"name": "31834",
"refsource": "OSVDB",
"url": "http://osvdb.org/31834"
}
]
}
}

310
2006/4xxx/CVE-2006-4806.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4806",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in imlib2 allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) ARGB (loader_argb.c), (2) PNG (loader_png.c), (3) LBM (loader_lbm.c), (4) JPEG (loader_jpeg.c), or (5) TIFF (loader_tiff.c) images."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-4806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz",
"refsource" : "MISC",
"url" : "http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz"
},
{
"name" : "GLSA-200612-20",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200612-20.xml"
},
{
"name" : "MDKSA-2006:198",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:198"
},
{
"name" : "MDKSA-2007:156",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:156"
},
{
"name" : "SUSE-SR:2006:026",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
},
{
"name" : "USN-376-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-376-1"
},
{
"name" : "USN-376-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-376-2"
},
{
"name" : "20903",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20903"
},
{
"name" : "ADV-2006-4349",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4349"
},
{
"name" : "30105",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/30105"
},
{
"name" : "30106",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/30106"
},
{
"name" : "30107",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/30107"
},
{
"name" : "30108",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/30108"
},
{
"name" : "30109",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/30109"
},
{
"name" : "22732",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22732"
},
{
"name" : "22744",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22744"
},
{
"name" : "22752",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22752"
},
{
"name" : "23441",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23441"
},
{
"name" : "22932",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22932"
},
{
"name" : "imlib2-load-overflow(30064)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30064"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in imlib2 allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) ARGB (loader_argb.c), (2) PNG (loader_png.c), (3) LBM (loader_lbm.c), (4) JPEG (loader_jpeg.c), or (5) TIFF (loader_tiff.c) images."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22932",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22932"
},
{
"name": "MDKSA-2007:156",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:156"
},
{
"name": "22752",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22752"
},
{
"name": "MDKSA-2006:198",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:198"
},
{
"name": "30106",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30106"
},
{
"name": "30109",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30109"
},
{
"name": "SUSE-SR:2006:026",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
},
{
"name": "20903",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20903"
},
{
"name": "30108",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30108"
},
{
"name": "http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz",
"refsource": "MISC",
"url": "http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz"
},
{
"name": "30105",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30105"
},
{
"name": "USN-376-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-376-2"
},
{
"name": "30107",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30107"
},
{
"name": "GLSA-200612-20",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200612-20.xml"
},
{
"name": "ADV-2006-4349",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4349"
},
{
"name": "23441",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23441"
},
{
"name": "22732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22732"
},
{
"name": "22744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22744"
},
{
"name": "USN-376-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-376-1"
},
{
"name": "imlib2-load-overflow(30064)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30064"
}
]
}
}

210
2010/2xxx/CVE-2010-2070.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2070",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "arch/ia64/xen/faults.c in Xen 3.4 and 4.0 in Linux kernel 2.6.18, and possibly other kernel versions, when running on IA-64 architectures, allows local users to cause a denial of service and \"turn on BE by modifying the user mask of the PSR,\" as demonstrated via exploitation of CVE-2006-0742."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2070",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name" : "[oss-security] 20100611 CVE-2010-2070 kernel-xen: ia64-xen: unset be from the task psr",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/06/10/2"
},
{
"name" : "http://xenbits.xensource.com/xen-4.0-testing.hg?rev/42caadb14edb",
"refsource" : "MISC",
"url" : "http://xenbits.xensource.com/xen-4.0-testing.hg?rev/42caadb14edb"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=586415",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=586415"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name" : "RHSA-2010:0610",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0610.html"
},
{
"name" : "40776",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40776"
},
{
"name" : "65541",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/65541"
},
{
"name" : "43315",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43315"
},
{
"name" : "xen-faults-dos(59373)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59373"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "arch/ia64/xen/faults.c in Xen 3.4 and 4.0 in Linux kernel 2.6.18, and possibly other kernel versions, when running on IA-64 architectures, allows local users to cause a denial of service and \"turn on BE by modifying the user mask of the PSR,\" as demonstrated via exploitation of CVE-2006-0742."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2010:0610",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0610.html"
},
{
"name": "http://xenbits.xensource.com/xen-4.0-testing.hg?rev/42caadb14edb",
"refsource": "MISC",
"url": "http://xenbits.xensource.com/xen-4.0-testing.hg?rev/42caadb14edb"
},
{
"name": "[oss-security] 20100611 CVE-2010-2070 kernel-xen: ia64-xen: unset be from the task psr",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/06/10/2"
},
{
"name": "65541",
"refsource": "OSVDB",
"url": "http://osvdb.org/65541"
},
{
"name": "40776",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40776"
},
{
"name": "43315",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43315"
},
{
"name": "xen-faults-dos(59373)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59373"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=586415",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=586415"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
}
]
}
}

170
2010/2xxx/CVE-2010-2507.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2507",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "13981",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/13981"
},
{
"name" : "http://packetstormsecurity.org/1006-exploits/joomlapicasa2gallery-lfi.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1006-exploits/joomlapicasa2gallery-lfi.txt"
},
{
"name" : "41031",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41031"
},
{
"name" : "65674",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/65674"
},
{
"name" : "40297",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40297"
},
{
"name" : "picasa2gallerycom-index-file-include(59669)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59669"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13981",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/13981"
},
{
"name": "picasa2gallerycom-index-file-include(59669)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59669"
},
{
"name": "40297",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40297"
},
{
"name": "65674",
"refsource": "OSVDB",
"url": "http://osvdb.org/65674"
},
{
"name": "41031",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41031"
},
{
"name": "http://packetstormsecurity.org/1006-exploits/joomlapicasa2gallery-lfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1006-exploits/joomlapicasa2gallery-lfi.txt"
}
]
}
}

34
2010/2xxx/CVE-2010-2775.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2775",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2775",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2010/2xxx/CVE-2010-2971.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2971",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546. NOTE: this issue exists because of an incomplete fix for CVE-2009-3995."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/tracker/?func=detail&aid=3033086&group_id=40531&atid=428227",
"refsource" : "MISC",
"url" : "http://sourceforge.net/tracker/?func=detail&aid=3033086&group_id=40531&atid=428227"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=614643",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=614643"
},
{
"name" : "DSA-2081",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2081"
},
{
"name" : "GLSA-201203-10",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201203-10.xml"
},
{
"name" : "MDVSA-2010:151",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
},
{
"name" : "48244",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48244"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546. NOTE: this issue exists because of an incomplete fix for CVE-2009-3995."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2010:151",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
},
{
"name": "48244",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48244"
},
{
"name": "http://sourceforge.net/tracker/?func=detail&aid=3033086&group_id=40531&atid=428227",
"refsource": "MISC",
"url": "http://sourceforge.net/tracker/?func=detail&aid=3033086&group_id=40531&atid=428227"
},
{
"name": "GLSA-201203-10",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201203-10.xml"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=614643",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=614643"
},
{
"name": "DSA-2081",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2081"
}
]
}
}

140
2010/3xxx/CVE-2010-3288.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3288",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in HP Systems Insight Manager (SIM) before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2010-3288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMA02591",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=128768031706686&w=2"
},
{
"name" : "SSRT100299",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=128768031706686&w=2"
},
{
"name" : "1024622",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024622"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in HP Systems Insight Manager (SIM) before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBMA02591",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=128768031706686&w=2"
},
{
"name": "SSRT100299",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=128768031706686&w=2"
},
{
"name": "1024622",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024622"
}
]
}
}

150
2010/3xxx/CVE-2010-3330.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3330",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka \"Cross-Domain Information Disclosure Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-3330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.avaya.com/css/P8/documents/100113324",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100113324"
},
{
"name" : "MS10-071",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071"
},
{
"name" : "TA10-285A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
},
{
"name" : "oval:org.mitre.oval:def:6928",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6928"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka \"Cross-Domain Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:6928",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6928"
},
{
"name": "MS10-071",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071"
},
{
"name": "TA10-285A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-285A.html"
},
{
"name": "http://support.avaya.com/css/P8/documents/100113324",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100113324"
}
]
}
}

210
2010/3xxx/CVE-2010-3333.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3333",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka \"RTF Stack Buffer Overflow Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-3333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101109 Microsoft Word RTF File Parsing Stack Buffer Overflow Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=880"
},
{
"name" : "MS10-087",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087"
},
{
"name" : "TA10-313A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-313A.html"
},
{
"name" : "44652",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44652"
},
{
"name" : "oval:org.mitre.oval:def:11931",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11931"
},
{
"name" : "1024705",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024705"
},
{
"name" : "38521",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38521"
},
{
"name" : "42144",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42144"
},
{
"name" : "8293",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8293"
},
{
"name" : "ADV-2010-2923",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2923"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka \"RTF Stack Buffer Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024705",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024705"
},
{
"name": "8293",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8293"
},
{
"name": "42144",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42144"
},
{
"name": "38521",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38521"
},
{
"name": "ADV-2010-2923",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2923"
},
{
"name": "20101109 Microsoft Word RTF File Parsing Stack Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=880"
},
{
"name": "oval:org.mitre.oval:def:11931",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11931"
},
{
"name": "MS10-087",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-087"
},
{
"name": "TA10-313A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-313A.html"
},
{
"name": "44652",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44652"
}
]
}
}

140
2010/3xxx/CVE-2010-3397.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3397",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in PGP Desktop 9.9.0 Build 397, 9.10.x, 10.0.0 Build 2732, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tsp.dll or tvttsp.dll that is located in the same folder as a .p12, .pem, .pgp, .prk, .prvkr, .pubkr, .rnd, or .skr file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100909 PGP Desktop version 9.10.x-10.0.0 Insecure DLL Hijacking Vulnerability (tsp.dll, tvttsp.dll)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/513596/100/0/threaded"
},
{
"name" : "42856",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/42856"
},
{
"name" : "41135",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41135"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in PGP Desktop 9.9.0 Build 397, 9.10.x, 10.0.0 Build 2732, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tsp.dll or tvttsp.dll that is located in the same folder as a .p12, .pem, .pgp, .prk, .prvkr, .pubkr, .rnd, or .skr file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100909 PGP Desktop version 9.10.x-10.0.0 Insecure DLL Hijacking Vulnerability (tsp.dll, tvttsp.dll)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513596/100/0/threaded"
},
{
"name": "42856",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42856"
},
{
"name": "41135",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41135"
}
]
}
}

170
2010/3xxx/CVE-2010-3967.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3967",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka \"Insecure Library Loading Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-3967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS10-093",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-093"
},
{
"name" : "TA10-348A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
},
{
"name" : "oval:org.mitre.oval:def:12250",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12250"
},
{
"name" : "1024875",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024875"
},
{
"name" : "42607",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42607"
},
{
"name" : "ADV-2010-3216",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3216"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka \"Insecure Library Loading Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA10-348A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
},
{
"name": "oval:org.mitre.oval:def:12250",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12250"
},
{
"name": "42607",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42607"
},
{
"name": "1024875",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024875"
},
{
"name": "ADV-2010-3216",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3216"
},
{
"name": "MS10-093",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-093"
}
]
}
}

150
2010/4xxx/CVE-2010-4025.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4025",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Doc Viewer in HP Palm webOS 1.4.1 allows remote attackers to execute arbitrary code via a crafted document, as demonstrated by a Word document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2010-4025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMI02573",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=128821239031677&w=2"
},
{
"name" : "SSRT100227",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=128821239031677&w=2"
},
{
"name" : "1024656",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024656"
},
{
"name" : "42023",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42023"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Doc Viewer in HP Palm webOS 1.4.1 allows remote attackers to execute arbitrary code via a crafted document, as demonstrated by a Word document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBMI02573",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=128821239031677&w=2"
},
{
"name": "SSRT100227",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=128821239031677&w=2"
},
{
"name": "1024656",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024656"
},
{
"name": "42023",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42023"
}
]
}
}

180
2010/4xxx/CVE-2010-4671.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4671",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti33534."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://events.ccc.de/congress/2010/Fahrplan/events/3957.en.html",
"refsource" : "MISC",
"url" : "http://events.ccc.de/congress/2010/Fahrplan/events/3957.en.html"
},
{
"name" : "http://mirror.fem-net.de/CCC/27C3/mp3-audio-only/27c3-3957-en-ipv6_insecurities.mp3",
"refsource" : "MISC",
"url" : "http://mirror.fem-net.de/CCC/27C3/mp3-audio-only/27c3-3957-en-ipv6_insecurities.mp3"
},
{
"name" : "http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-3957-en-ipv6_insecurities.mp4",
"refsource" : "MISC",
"url" : "http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-3957-en-ipv6_insecurities.mp4"
},
{
"name" : "http://www.youtube.com/watch?v=00yjWB6gGy8",
"refsource" : "MISC",
"url" : "http://www.youtube.com/watch?v=00yjWB6gGy8"
},
{
"name" : "http://www.ciscosystems.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.ciscosystems.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf"
},
{
"name" : "45760",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45760"
},
{
"name" : "ciscoios-neighbor-discovery-dos(64589)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64589"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti33534."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45760",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45760"
},
{
"name": "ciscoios-neighbor-discovery-dos(64589)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64589"
},
{
"name": "http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-3957-en-ipv6_insecurities.mp4",
"refsource": "MISC",
"url": "http://mirror.fem-net.de/CCC/27C3/mp4-h264-HQ/27c3-3957-en-ipv6_insecurities.mp4"
},
{
"name": "http://www.ciscosystems.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf",
"refsource": "CONFIRM",
"url": "http://www.ciscosystems.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf"
},
{
"name": "http://mirror.fem-net.de/CCC/27C3/mp3-audio-only/27c3-3957-en-ipv6_insecurities.mp3",
"refsource": "MISC",
"url": "http://mirror.fem-net.de/CCC/27C3/mp3-audio-only/27c3-3957-en-ipv6_insecurities.mp3"
},
{
"name": "http://events.ccc.de/congress/2010/Fahrplan/events/3957.en.html",
"refsource": "MISC",
"url": "http://events.ccc.de/congress/2010/Fahrplan/events/3957.en.html"
},
{
"name": "http://www.youtube.com/watch?v=00yjWB6gGy8",
"refsource": "MISC",
"url": "http://www.youtube.com/watch?v=00yjWB6gGy8"
}
]
}
}

150
2010/4xxx/CVE-2010-4912.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4912",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in shop.php in UCenter Home 2.0 allows remote attackers to execute arbitrary SQL commands via the shopid parameter in a view action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14997",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14997"
},
{
"name" : "http://packetstormsecurity.org/1009-exploits/ucenter-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1009-exploits/ucenter-sql.txt"
},
{
"name" : "8446",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8446"
},
{
"name" : "ucenter-shop-sql-injection(61783)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61783"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in shop.php in UCenter Home 2.0 allows remote attackers to execute arbitrary SQL commands via the shopid parameter in a view action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ucenter-shop-sql-injection(61783)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61783"
},
{
"name": "14997",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14997"
},
{
"name": "http://packetstormsecurity.org/1009-exploits/ucenter-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1009-exploits/ucenter-sql.txt"
},
{
"name": "8446",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8446"
}
]
}
}

34
2011/1xxx/CVE-2011-1161.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1161",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-1160, CVE-2011-1162. Reason: This candidate was withdrawn by its CNA. Further investigation showed that only two candidates, CVE-2011-1160 and CVE-2011-1162, were needed for the set of security issues in question. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-1161",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-1160, CVE-2011-1162. Reason: This candidate was withdrawn by its CNA. Further investigation showed that only two candidates, CVE-2011-1160 and CVE-2011-1162, were needed for the set of security issues in question. Notes: none."
}
]
}
}

150
2011/5xxx/CVE-2011-5228.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5228",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Search module (quickstart/search) in appRain CMF 0.1.5 allows remote attackers to inject arbitrary web script or HTML via the ss parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18249",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18249"
},
{
"name" : "http://www.vulnerability-lab.com/get_content.php?id=362",
"refsource" : "MISC",
"url" : "http://www.vulnerability-lab.com/get_content.php?id=362"
},
{
"name" : "51105",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51105"
},
{
"name" : "appraincmf-search-xss(71881)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71881"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Search module (quickstart/search) in appRain CMF 0.1.5 allows remote attackers to inject arbitrary web script or HTML via the ss parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51105",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51105"
},
{
"name": "http://www.vulnerability-lab.com/get_content.php?id=362",
"refsource": "MISC",
"url": "http://www.vulnerability-lab.com/get_content.php?id=362"
},
{
"name": "18249",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18249"
},
{
"name": "appraincmf-search-xss(71881)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71881"
}
]
}
}

140
2014/3xxx/CVE-2014-3552.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3552",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin interaction."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140721 Moodle security notifications public",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/07/21/1"
},
{
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_25_STABLE&st=commit&s=MDL-45485",
"refsource" : "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_25_STABLE&st=commit&s=MDL-45485"
},
{
"name" : "https://moodle.org/mod/forum/discuss.php?d=264261",
"refsource" : "CONFIRM",
"url" : "https://moodle.org/mod/forum/discuss.php?d=264261"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin interaction."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140721 Moodle security notifications public",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/07/21/1"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=264261",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=264261"
},
{
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_25_STABLE&st=commit&s=MDL-45485",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_25_STABLE&st=commit&s=MDL-45485"
}
]
}
}

130
2014/3xxx/CVE-2014-3813.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3813",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Juniper Networks NetScreen Firewall products with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via vectors related to a DNS lookup."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10631",
"refsource" : "CONFIRM",
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10631"
},
{
"name" : "59026",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59026"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Juniper Networks NetScreen Firewall products with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via vectors related to a DNS lookup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10631",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10631"
},
{
"name": "59026",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59026"
}
]
}
}

240
2014/3xxx/CVE-2014-3981.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3981",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140604 More /tmp fun (PHP, Lynis)",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Jun/21"
},
{
"name" : "[oss-security] 20140606 Re: CVE request: PHP configure script and Lynis tool /tmp/ issues reported on full disclosure",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/06/06/12"
},
{
"name" : "http://git.php.net/?p=php-src.git;a=commit;h=91bcadd85e20e50d3f8c2e9721327681640e6f16",
"refsource" : "CONFIRM",
"url" : "http://git.php.net/?p=php-src.git;a=commit;h=91bcadd85e20e50d3f8c2e9721327681640e6f16"
},
{
"name" : "https://bugs.php.net/bug.php?id=67390",
"refsource" : "CONFIRM",
"url" : "https://bugs.php.net/bug.php?id=67390"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1104978",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1104978"
},
{
"name" : "http://support.apple.com/kb/HT6443",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT6443"
},
{
"name" : "https://support.apple.com/HT204659",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT204659"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683486",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683486"
},
{
"name" : "APPLE-SA-2015-04-08-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name" : "HPSBUX03150",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=141390017113542&w=2"
},
{
"name" : "HPSBUX03102",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=141017844705317&w=2"
},
{
"name" : "SSRT101681",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=141017844705317&w=2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT204659",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204659"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683486",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683486"
},
{
"name": "HPSBUX03102",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=141017844705317&w=2"
},
{
"name": "HPSBUX03150",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=141390017113542&w=2"
},
{
"name": "https://bugs.php.net/bug.php?id=67390",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=67390"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1104978",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1104978"
},
{
"name": "APPLE-SA-2015-04-08-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT6443",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6443"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "SSRT101681",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=141017844705317&w=2"
},
{
"name": "20140604 More /tmp fun (PHP, Lynis)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jun/21"
},
{
"name": "[oss-security] 20140606 Re: CVE request: PHP configure script and Lynis tool /tmp/ issues reported on full disclosure",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/06/06/12"
},
{
"name": "http://git.php.net/?p=php-src.git;a=commit;h=91bcadd85e20e50d3f8c2e9721327681640e6f16",
"refsource": "CONFIRM",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=91bcadd85e20e50d3f8c2e9721327681640e6f16"
}
]
}
}

220
2014/8xxx/CVE-2014-8093.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8093",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) __glXDisp_ReadPixels, (2) __glXDispSwap_ReadPixels, (3) __glXDisp_GetTexImage, (4) __glXDispSwap_GetTexImage, (5) GetSeparableFilter, (6) GetConvolutionFilter, (7) GetHistogram, (8) GetMinmax, (9) GetColorTable, (10) __glXGetAnswerBuffer, (11) __GLX_GET_ANSWER_BUFFER, (12) __glXMap1dReqSize, (13) __glXMap1fReqSize, (14) Map2Size, (15) __glXMap2dReqSize, (16) __glXMap2fReqSize, (17) __glXImageSize, or (18) __glXSeparableFilter2DReqSize function, which triggers an out-of-bounds read or write."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8093",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/3610",
"refsource" : "CONFIRM",
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/3610"
},
{
"name" : "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/",
"refsource" : "CONFIRM",
"url" : "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/"
},
{
"name" : "http://advisories.mageia.org/MGASA-2014-0532.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2014-0532.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name" : "DSA-3095",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3095"
},
{
"name" : "GLSA-201504-06",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201504-06"
},
{
"name" : "MDVSA-2015:119",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119"
},
{
"name" : "71596",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71596"
},
{
"name" : "62292",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62292"
},
{
"name" : "61947",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61947"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) __glXDisp_ReadPixels, (2) __glXDispSwap_ReadPixels, (3) __glXDisp_GetTexImage, (4) __glXDispSwap_GetTexImage, (5) GetSeparableFilter, (6) GetConvolutionFilter, (7) GetHistogram, (8) GetMinmax, (9) GetColorTable, (10) __glXGetAnswerBuffer, (11) __GLX_GET_ANSWER_BUFFER, (12) __glXMap1dReqSize, (13) __glXMap1fReqSize, (14) Map2Size, (15) __glXMap2dReqSize, (16) __glXMap2fReqSize, (17) __glXImageSize, or (18) __glXSeparableFilter2DReqSize function, which triggers an out-of-bounds read or write."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3095",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3095"
},
{
"name": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/",
"refsource": "CONFIRM",
"url": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/3610",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/3610"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0532.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0532.html"
},
{
"name": "GLSA-201504-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-06"
},
{
"name": "62292",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62292"
},
{
"name": "71596",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71596"
},
{
"name": "MDVSA-2015:119",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "61947",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61947"
}
]
}
}

130
2014/8xxx/CVE-2014-8429.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8429",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats xEpan CMS 1.0.4.1, 1.0.4, 1.0.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts via a crafted request to the owner/users page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141126 Cross-Site Request Forgery (CSRF) in xEpan",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534096/100/0/threaded"
},
{
"name" : "https://www.htbridge.com/advisory/HTB23240",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23240"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats xEpan CMS 1.0.4.1, 1.0.4, 1.0.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts via a crafted request to the owner/users page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.com/advisory/HTB23240",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23240"
},
{
"name": "20141126 Cross-Site Request Forgery (CSRF) in xEpan",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534096/100/0/threaded"
}
]
}
}

120
2014/8xxx/CVE-2014-8445.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8445",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2014-8445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://helpx.adobe.com/security/products/reader/apsb14-28.html",
"refsource" : "CONFIRM",
"url" : "http://helpx.adobe.com/security/products/reader/apsb14-28.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://helpx.adobe.com/security/products/reader/apsb14-28.html",
"refsource": "CONFIRM",
"url": "http://helpx.adobe.com/security/products/reader/apsb14-28.html"
}
]
}
}

140
2014/8xxx/CVE-2014-8578.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8578",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140708 [OSSA 2014-023] Multiple XSS vulnerabilities in Horizon (CVE-2014-3473, CVE-2014-3474, and CVE-2014-3475)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/07/08/6"
},
{
"name" : "https://bugs.launchpad.net/horizon/+bug/1320235",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/horizon/+bug/1320235"
},
{
"name" : "68456",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68456"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68456",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68456"
},
{
"name": "https://bugs.launchpad.net/horizon/+bug/1320235",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/horizon/+bug/1320235"
},
{
"name": "[oss-security] 20140708 [OSSA 2014-023] Multiple XSS vulnerabilities in Horizon (CVE-2014-3473, CVE-2014-3474, and CVE-2014-3475)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/08/6"
}
]
}
}

34
2014/8xxx/CVE-2014-8698.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8698",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8698",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2014/9xxx/CVE-2014-9267.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9267",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the PTC IsoView ActiveX control allows remote attackers to execute arbitrary code via a crafted ViewPort property value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-398/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-398/"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-399/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-399/"
},
{
"name" : "https://support.ptc.com/appserver/cs/view/solution.jsp?n=CS181001",
"refsource" : "MISC",
"url" : "https://support.ptc.com/appserver/cs/view/solution.jsp?n=CS181001"
},
{
"name" : "71491",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71491"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the PTC IsoView ActiveX control allows remote attackers to execute arbitrary code via a crafted ViewPort property value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-398/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-398/"
},
{
"name": "71491",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71491"
},
{
"name": "https://support.ptc.com/appserver/cs/view/solution.jsp?n=CS181001",
"refsource": "MISC",
"url": "https://support.ptc.com/appserver/cs/view/solution.jsp?n=CS181001"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-399/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-399/"
}
]
}
}

34
2014/9xxx/CVE-2014-9329.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9329",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9329",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/9xxx/CVE-2014-9753.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9753",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9753",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

210
2014/9xxx/CVE-2014-9766.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9766",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via large height and stride values."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9766",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[Pixman] 20140409 [PATCH] create_bits(): Cast the result of height * stride to size_t",
"refsource" : "MLIST",
"url" : "https://lists.freedesktop.org/archives/pixman/2014-April/003244.html"
},
{
"name" : "[oss-security] 20160224 Re: [Pixman] create_bits(): Cast the result of height * stride to size_t",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/02/24/15"
},
{
"name" : "[oss-security] 20160224 [Pixman] create_bits(): Cast the result of height * stride to size_t",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/02/24/13"
},
{
"name" : "[xorg-announce] 20140705 [ANNOUNCE] pixman release 0.32.6 now available",
"refsource" : "MLIST",
"url" : "https://lists.x.org/archives/xorg-announce/2014-July/002452.html"
},
{
"name" : "https://bugs.freedesktop.org/show_bug.cgi?id=69014",
"refsource" : "CONFIRM",
"url" : "https://bugs.freedesktop.org/show_bug.cgi?id=69014"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=972647",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=972647"
},
{
"name" : "https://cgit.freedesktop.org/pixman/commit/?id=857e40f3d2bc2cfb714913e0cd7e6184cf69aca3",
"refsource" : "CONFIRM",
"url" : "https://cgit.freedesktop.org/pixman/commit/?id=857e40f3d2bc2cfb714913e0cd7e6184cf69aca3"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "DSA-3525",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3525"
},
{
"name" : "USN-2918-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2918-1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via large height and stride values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.freedesktop.org/show_bug.cgi?id=69014",
"refsource": "CONFIRM",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=69014"
},
{
"name": "[Pixman] 20140409 [PATCH] create_bits(): Cast the result of height * stride to size_t",
"refsource": "MLIST",
"url": "https://lists.freedesktop.org/archives/pixman/2014-April/003244.html"
},
{
"name": "[oss-security] 20160224 [Pixman] create_bits(): Cast the result of height * stride to size_t",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/02/24/13"
},
{
"name": "https://cgit.freedesktop.org/pixman/commit/?id=857e40f3d2bc2cfb714913e0cd7e6184cf69aca3",
"refsource": "CONFIRM",
"url": "https://cgit.freedesktop.org/pixman/commit/?id=857e40f3d2bc2cfb714913e0cd7e6184cf69aca3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=972647",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=972647"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "[oss-security] 20160224 Re: [Pixman] create_bits(): Cast the result of height * stride to size_t",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/02/24/15"
},
{
"name": "[xorg-announce] 20140705 [ANNOUNCE] pixman release 0.32.6 now available",
"refsource": "MLIST",
"url": "https://lists.x.org/archives/xorg-announce/2014-July/002452.html"
},
{
"name": "USN-2918-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2918-1"
},
{
"name": "DSA-3525",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3525"
}
]
}
}

120
2014/9xxx/CVE-2014-9920.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"ID" : "CVE-2014-9920",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "McAfee Application Control (MAC)",
"version" : {
"version_data" : [
{
"version_value" : "6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier"
}
]
}
}
]
},
"vendor_name" : "Intel"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier allows attackers to create a malformed Windows binary that is considered non-executable and is not protected through the whitelisting protection feature via a specific set of circumstances."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Unauthorized execution of binary vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2014-9920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee Application Control (MAC)",
"version": {
"version_data": [
{
"version_value": "6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier"
}
]
}
}
]
},
"vendor_name": "Intel"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10077",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10077"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier allows attackers to create a malformed Windows binary that is considered non-executable and is not protected through the whitelisting protection feature via a specific set of circumstances."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthorized execution of binary vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10077",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10077"
}
]
}
}

240
2016/2xxx/CVE-2016-2143.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"ID" : "CVE-2016-2143",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3446c13b268af86391d06611327006b059b8bab1",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3446c13b268af86391d06611327006b059b8bab1"
},
{
"name" : "https://github.com/torvalds/linux/commit/3446c13b268af86391d06611327006b059b8bab1",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/3446c13b268af86391d06611327006b059b8bab1"
},
{
"name" : "https://security-tracker.debian.org/tracker/CVE-2016-2143",
"refsource" : "CONFIRM",
"url" : "https://security-tracker.debian.org/tracker/CVE-2016-2143"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name" : "DSA-3607",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3607"
},
{
"name" : "RHSA-2016:1539",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1539.html"
},
{
"name" : "RHSA-2016:2766",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2766.html"
},
{
"name" : "SUSE-SU-2016:1672",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name" : "SUSE-SU-2016:1690",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name" : "SUSE-SU-2016:1707",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name" : "SUSE-SU-2016:1764",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name" : "SUSE-SU-2016:2074",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name" : "SUSE-SU-2016:1019",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2016:1690",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3446c13b268af86391d06611327006b059b8bab1",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3446c13b268af86391d06611327006b059b8bab1"
},
{
"name": "RHSA-2016:2766",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2766.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "https://github.com/torvalds/linux/commit/3446c13b268af86391d06611327006b059b8bab1",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/3446c13b268af86391d06611327006b059b8bab1"
},
{
"name": "SUSE-SU-2016:1764",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2016-2143",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2016-2143"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "RHSA-2016:1539",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1539.html"
},
{
"name": "SUSE-SU-2016:1707",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "SUSE-SU-2016:1019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
},
{
"name": "SUSE-SU-2016:2074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
}
]
}
}

34
2016/2xxx/CVE-2016-2235.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2235",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2235",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

184
2016/2xxx/CVE-2016-2337.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-2337",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ruby",
"version": {
"version_data": [
{
"version_value": "2.3.0 dev"
},
{
"version_value": "2.2.2"
}
]
}
}
]
},
"vendor_name": "Ruby"
},
{
"product": {
"product_data": [
{
"product_name": "Tcl/Tk",
"version": {
"version_data": [
{
"version_value": "8.6 or later"
}
]
}
}
]
},
"vendor_name": "Tcl"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Ruby",
"version" : {
"version_data" : [
{
"version_value" : "2.3.0 dev"
},
{
"version_value" : "2.2.2"
}
]
}
}
]
},
"vendor_name" : "Ruby"
"lang": "eng",
"value": "Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as \"retval\" argument can cause arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "type confusion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0031/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0031/"
},
{
"product" : {
"product_data" : [
{
"product_name" : "Tcl/Tk",
"version" : {
"version_data" : [
{
"version_value" : "8.6 or later"
}
]
}
}
]
},
"vendor_name" : "Tcl"
"name": "91233",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91233"
},
{
"name": "[debian-lts-announce] 20180827 [SECURITY] [DLA 1480-1] ruby2.1 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html"
},
{
"name": "GLSA-201710-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-18"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as \"retval\" argument can cause arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "type confusion"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180827 [SECURITY] [DLA 1480-1] ruby2.1 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html"
},
{
"name" : "http://www.talosintelligence.com/reports/TALOS-2016-0031/",
"refsource" : "MISC",
"url" : "http://www.talosintelligence.com/reports/TALOS-2016-0031/"
},
{
"name" : "GLSA-201710-18",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201710-18"
},
{
"name" : "91233",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91233"
}
]
}
}
]
}
}

180
2016/2xxx/CVE-2016-2391.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2391",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160216 CVE request Qemu: usb: multiple eof_timers in ohci leads to null pointer dereference",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/02/16/2"
},
{
"name" : "[qemu-devel] 20160216 [Qemu-devel] [PATCH] usb: ohci avoid multiple eof timers",
"refsource" : "MLIST",
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg03374.html"
},
{
"name" : "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=fa1298c2d623522eda7b4f1f721fcb935abb7360",
"refsource" : "CONFIRM",
"url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=fa1298c2d623522eda7b4f1f721fcb935abb7360"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1304794",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1304794"
},
{
"name" : "USN-2974-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"name" : "83263",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/83263"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "83263",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83263"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=fa1298c2d623522eda7b4f1f721fcb935abb7360",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=fa1298c2d623522eda7b4f1f721fcb935abb7360"
},
{
"name": "[oss-security] 20160216 CVE request Qemu: usb: multiple eof_timers in ohci leads to null pointer dereference",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/02/16/2"
},
{
"name": "USN-2974-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2974-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1304794",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1304794"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name": "[qemu-devel] 20160216 [Qemu-devel] [PATCH] usb: ohci avoid multiple eof timers",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg03374.html"
}
]
}
}

120
2016/2xxx/CVE-2016-2404.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2016-2404",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "S5700, S6700, S7700, S9700,S12700,ACU2,, S5700, S6700, S7700, S9700 V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00,,S12700 V200R005C00SPC500, V200R006C00,,ACU2 V200R005C00SPC500, V200R006C00,",
"version" : {
"version_data" : [
{
"version_value" : "S5700, S6700, S7700, S9700,S12700,ACU2,, S5700, S6700, S7700, S9700 V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00,,S12700 V200R005C00SPC500, V200R006C00,,ACU2 V200R005C00SPC500, V200R006C00,"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei switches S5700, S6700, S7700, S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00; S12700 with software V200R005C00SPC500, V200R006C00; ACU2 with software V200R005C00SPC500, V200R006C00 have a permission control vulnerability. If a switch enables Authentication, Authorization, and Accounting (AAA) for permission control and user permissions are not appropriate, AAA users may obtain the virtual type terminal (VTY) access permission, resulting in privilege escalation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Permission Control"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2016-2404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "S5700, S6700, S7700, S9700,S12700,ACU2,, S5700, S6700, S7700, S9700 V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00,,S12700 V200R005C00SPC500, V200R006C00,,ACU2 V200R005C00SPC500, V200R006C00,",
"version": {
"version_data": [
{
"version_value": "S5700, S6700, S7700, S9700,S12700,ACU2,, S5700, S6700, S7700, S9700 V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00,,S12700 V200R005C00SPC500, V200R006C00,,ACU2 V200R005C00SPC500, V200R006C00,"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160217-01-switch-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160217-01-switch-en"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei switches S5700, S6700, S7700, S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00; S12700 with software V200R005C00SPC500, V200R006C00; ACU2 with software V200R005C00SPC500, V200R006C00 have a permission control vulnerability. If a switch enables Authentication, Authorization, and Accounting (AAA) for permission control and user permissions are not appropriate, AAA users may obtain the virtual type terminal (VTY) access permission, resulting in privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Permission Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160217-01-switch-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160217-01-switch-en"
}
]
}
}

34
2016/6xxx/CVE-2016-6389.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6389",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-6389",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

140
2016/6xxx/CVE-2016-6626.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6626",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.phpmyadmin.net/security/PMASA-2016-49",
"refsource" : "CONFIRM",
"url" : "https://www.phpmyadmin.net/security/PMASA-2016-49"
},
{
"name" : "GLSA-201701-32",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-32"
},
{
"name" : "92490",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92490"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.phpmyadmin.net/security/PMASA-2016-49",
"refsource": "CONFIRM",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-49"
},
{
"name": "92490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92490"
},
{
"name": "GLSA-201701-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-32"
}
]
}
}

170
2016/7xxx/CVE-2016-7661.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2016-7661",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the \"Power Management\" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-7661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "40931",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40931/"
},
{
"name" : "40958",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40958/"
},
{
"name" : "https://support.apple.com/HT207422",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207422"
},
{
"name" : "https://support.apple.com/HT207423",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207423"
},
{
"name" : "94906",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94906"
},
{
"name" : "1037469",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037469"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the \"Power Management\" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94906",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94906"
},
{
"name": "40931",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40931/"
},
{
"name": "https://support.apple.com/HT207422",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207422"
},
{
"name": "1037469",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037469"
},
{
"name": "40958",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40958/"
},
{
"name": "https://support.apple.com/HT207423",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207423"
}
]
}
}

34
2016/7xxx/CVE-2016-7731.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7731",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7731",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}