admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:30:23 +00:00
parent 6cf9a05cce
commit 62856060a1
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 4466 additions and 4466 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
2006/0xxx/CVE-2006-0281.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0281",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle JD Edwards HTML Server 8.95.F1 SP23_L1 has unspecified impact and attack vectors, as identified by Oracle Vuln# JDE01."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0281",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name" : "VU#545804",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/545804"
},
{
"name" : "16287",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16287"
},
{
"name" : "ADV-2006-0243",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0243"
},
{
"name" : "ADV-2006-0323",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name" : "1015499",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015499"
},
{
"name" : "18493",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18493"
},
{
"name" : "18608",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18608"
},
{
"name" : "oracle-january2006-update(24321)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle JD Edwards HTML Server 8.95.F1 SP23_L1 has unspecified impact and attack vectors, as identified by Oracle Vuln# JDE01."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-january2006-update(24321)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "18493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "16287",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16287"
},
{
"name": "VU#545804",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"name": "1015499",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015499"
},
{
"name": "ADV-2006-0243",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18608"
}
]
}
}

220
2006/0xxx/CVE-2006-0337.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0337",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allows remote attackers to execute arbitrary code via crafted ZIP archives."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.f-secure.com/security/fsc-2006-1.shtml",
"refsource" : "CONFIRM",
"url" : "http://www.f-secure.com/security/fsc-2006-1.shtml"
},
{
"name" : "Q-103",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/q-103.shtml"
},
{
"name" : "16309",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16309"
},
{
"name" : "ADV-2006-0257",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0257"
},
{
"name" : "22632",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22632"
},
{
"name" : "1015507",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015507"
},
{
"name" : "1015508",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015508"
},
{
"name" : "1015509",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015509"
},
{
"name" : "1015510",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015510"
},
{
"name" : "18529",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18529"
},
{
"name" : "fsecure-zip-bo(24198)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24198"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allows remote attackers to execute arbitrary code via crafted ZIP archives."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.f-secure.com/security/fsc-2006-1.shtml",
"refsource": "CONFIRM",
"url": "http://www.f-secure.com/security/fsc-2006-1.shtml"
},
{
"name": "1015510",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015510"
},
{
"name": "18529",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18529"
},
{
"name": "22632",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22632"
},
{
"name": "fsecure-zip-bo(24198)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24198"
},
{
"name": "1015509",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015509"
},
{
"name": "16309",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16309"
},
{
"name": "Q-103",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/q-103.shtml"
},
{
"name": "1015508",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015508"
},
{
"name": "1015507",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015507"
},
{
"name": "ADV-2006-0257",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0257"
}
]
}
}

140
2006/0xxx/CVE-2006-0504.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0504",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in MailEnable Enterprise Edition before 1.2 allows remote attackers to cause a denial of service (CPU utilization) by viewing \"formatted quoted-printable emails\" via webmail."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mailenable.com/enterprisehistory.asp",
"refsource" : "CONFIRM",
"url" : "http://www.mailenable.com/enterprisehistory.asp"
},
{
"name" : "18716",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18716"
},
{
"name" : "mailenable-webmail-dos(24517)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24517"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in MailEnable Enterprise Edition before 1.2 allows remote attackers to cause a denial of service (CPU utilization) by viewing \"formatted quoted-printable emails\" via webmail."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mailenable.com/enterprisehistory.asp",
"refsource": "CONFIRM",
"url": "http://www.mailenable.com/enterprisehistory.asp"
},
{
"name": "18716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18716"
},
{
"name": "mailenable-webmail-dos(24517)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24517"
}
]
}
}

170
2006/0xxx/CVE-2006-0780.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0780",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in weblog.pl in PerlBlog 1.09b and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) email parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060227 [eVuln] PerlBlog Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/426260/100/0/threaded"
},
{
"name" : "http://evuln.com/vulns/81/summary.html",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/81/summary.html"
},
{
"name" : "16707",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16707"
},
{
"name" : "18924",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18924"
},
{
"name" : "508",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/508"
},
{
"name" : "perlblog-weblog-xss(24691)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24691"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in weblog.pl in PerlBlog 1.09b and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) email parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "perlblog-weblog-xss(24691)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24691"
},
{
"name": "20060227 [eVuln] PerlBlog Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426260/100/0/threaded"
},
{
"name": "http://evuln.com/vulns/81/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/81/summary.html"
},
{
"name": "508",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/508"
},
{
"name": "18924",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18924"
},
{
"name": "16707",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16707"
}
]
}
}

210
2006/0xxx/CVE-2006-0896.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0896",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Sources/Register.php in Simple Machine Forum (SMF) 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For HTTP header field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0896",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060306 [eVuln] Simple Machines Forum - SMF 'X-Forwarded-For' XSS Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/426824/100/0/threaded"
},
{
"name" : "http://evuln.com/vulns/86/summary.html",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/86/summary.html"
},
{
"name" : "20060410 VEndor ACK: Simple Machines Forum Register.php X-Forwarded-For XSS",
"refsource" : "VIM",
"url" : "http://attrition.org/pipermail/vim/2006-April/000682.html"
},
{
"name" : "http://www.simplemachines.org/community/index.php?topic=78841.0",
"refsource" : "CONFIRM",
"url" : "http://www.simplemachines.org/community/index.php?topic=78841.0"
},
{
"name" : "16841",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16841"
},
{
"name" : "ADV-2006-0726",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0726"
},
{
"name" : "23480",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23480"
},
{
"name" : "19004",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19004"
},
{
"name" : "545",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/545"
},
{
"name" : "smf-register-xss(24915)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24915"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Sources/Register.php in Simple Machine Forum (SMF) 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For HTTP header field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0726",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0726"
},
{
"name": "545",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/545"
},
{
"name": "http://evuln.com/vulns/86/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/86/summary.html"
},
{
"name": "19004",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19004"
},
{
"name": "23480",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23480"
},
{
"name": "20060410 VEndor ACK: Simple Machines Forum Register.php X-Forwarded-For XSS",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-April/000682.html"
},
{
"name": "http://www.simplemachines.org/community/index.php?topic=78841.0",
"refsource": "CONFIRM",
"url": "http://www.simplemachines.org/community/index.php?topic=78841.0"
},
{
"name": "16841",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16841"
},
{
"name": "smf-register-xss(24915)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24915"
},
{
"name": "20060306 [eVuln] Simple Machines Forum - SMF 'X-Forwarded-For' XSS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426824/100/0/threaded"
}
]
}
}

340
2006/1xxx/CVE-2006-1615.json
View File

@ -1,172 +1,172 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1615",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=407078&group_id=86638",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=407078&group_id=86638"
},
{
"name" : "http://up2date.astaro.com/2006/05/low_up2date_6202.html",
"refsource" : "CONFIRM",
"url" : "http://up2date.astaro.com/2006/05/low_up2date_6202.html"
},
{
"name" : "APPLE-SA-2006-05-11",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
},
{
"name" : "DSA-1024",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1024"
},
{
"name" : "GLSA-200604-06",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-06.xml"
},
{
"name" : "MDKSA-2006:067",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:067"
},
{
"name" : "SUSE-SA:2006:020",
"refsource" : "SUSE",
"url" : "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.html"
},
{
"name" : "2006-0020",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2006/0020"
},
{
"name" : "TA06-132A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
},
{
"name" : "17388",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17388"
},
{
"name" : "17951",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17951"
},
{
"name" : "ADV-2006-1258",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1258"
},
{
"name" : "ADV-2006-1779",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1779"
},
{
"name" : "24458",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24458"
},
{
"name" : "19534",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19534"
},
{
"name" : "19536",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19536"
},
{
"name" : "19570",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19570"
},
{
"name" : "19608",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19608"
},
{
"name" : "19564",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19564"
},
{
"name" : "19567",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19567"
},
{
"name" : "20077",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20077"
},
{
"name" : "23719",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23719"
},
{
"name" : "clamav-output-format-string(25661)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25661"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19567",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19567"
},
{
"name": "17951",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17951"
},
{
"name": "ADV-2006-1258",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1258"
},
{
"name": "ADV-2006-1779",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1779"
},
{
"name": "TA06-132A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=407078&group_id=86638",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=407078&group_id=86638"
},
{
"name": "24458",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24458"
},
{
"name": "19570",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19570"
},
{
"name": "http://up2date.astaro.com/2006/05/low_up2date_6202.html",
"refsource": "CONFIRM",
"url": "http://up2date.astaro.com/2006/05/low_up2date_6202.html"
},
{
"name": "GLSA-200604-06",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-06.xml"
},
{
"name": "19608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19608"
},
{
"name": "19534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19534"
},
{
"name": "19564",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19564"
},
{
"name": "19536",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19536"
},
{
"name": "APPLE-SA-2006-05-11",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
},
{
"name": "SUSE-SA:2006:020",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.html"
},
{
"name": "MDKSA-2006:067",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:067"
},
{
"name": "17388",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17388"
},
{
"name": "DSA-1024",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1024"
},
{
"name": "23719",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23719"
},
{
"name": "20077",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20077"
},
{
"name": "clamav-output-format-string(25661)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25661"
},
{
"name": "2006-0020",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0020"
}
]
}
}

440
2006/3xxx/CVE-2006-3083.json
View File

@ -1,222 +1,222 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3083",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060808 MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/442599/100/0/threaded"
},
{
"name" : "20060816 UPDATED: MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/443498/100/100/threaded"
},
{
"name" : "http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt",
"refsource" : "CONFIRM",
"url" : "http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-211.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-211.htm"
},
{
"name" : "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt",
"refsource" : "CONFIRM",
"url" : "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt"
},
{
"name" : "http://www.pdc.kth.se/heimdal/advisory/2006-08-08/",
"refsource" : "CONFIRM",
"url" : "http://www.pdc.kth.se/heimdal/advisory/2006-08-08/"
},
{
"name" : "DSA-1146",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1146"
},
{
"name" : "GLSA-200608-15",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml"
},
{
"name" : "GLSA-200608-21",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200608-21.xml"
},
{
"name" : "MDKSA-2006:139",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:139"
},
{
"name" : "RHSA-2006:0612",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0612.html"
},
{
"name" : "SUSE-SR:2006:020",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_20_sr.html"
},
{
"name" : "SUSE-SR:2006:022",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_22_sr.html"
},
{
"name" : "USN-334-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-334-1"
},
{
"name" : "VU#580124",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/580124"
},
{
"name" : "19427",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19427"
},
{
"name" : "oval:org.mitre.oval:def:9515",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9515"
},
{
"name" : "ADV-2006-3225",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3225"
},
{
"name" : "27869",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27869"
},
{
"name" : "27870",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27870"
},
{
"name" : "1016664",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016664"
},
{
"name" : "21423",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21423"
},
{
"name" : "21436",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21436"
},
{
"name" : "21439",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21439"
},
{
"name" : "21461",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21461"
},
{
"name" : "21402",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21402"
},
{
"name" : "21441",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21441"
},
{
"name" : "21456",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21456"
},
{
"name" : "21527",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21527"
},
{
"name" : "22291",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22291"
},
{
"name" : "21613",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21613"
},
{
"name" : "21847",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21847"
},
{
"name" : "21467",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21467"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2006:139",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:139"
},
{
"name": "VU#580124",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/580124"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-211.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-211.htm"
},
{
"name": "http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2006-001-setuid.txt"
},
{
"name": "27869",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27869"
},
{
"name": "21847",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21847"
},
{
"name": "SUSE-SR:2006:020",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_20_sr.html"
},
{
"name": "GLSA-200608-21",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200608-21.xml"
},
{
"name": "21461",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21461"
},
{
"name": "21467",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21467"
},
{
"name": "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt",
"refsource": "CONFIRM",
"url": "ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.2-setuid-patch.txt"
},
{
"name": "DSA-1146",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1146"
},
{
"name": "RHSA-2006:0612",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0612.html"
},
{
"name": "21436",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21436"
},
{
"name": "ADV-2006-3225",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3225"
},
{
"name": "21527",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21527"
},
{
"name": "27870",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27870"
},
{
"name": "http://www.pdc.kth.se/heimdal/advisory/2006-08-08/",
"refsource": "CONFIRM",
"url": "http://www.pdc.kth.se/heimdal/advisory/2006-08-08/"
},
{
"name": "20060808 MITKRB-SA-2006-001: multiple local privilege escalation vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442599/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:9515",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9515"
},
{
"name": "21439",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21439"
},
{
"name": "21402",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21402"
},
{
"name": "20060816 UPDATED: MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443498/100/100/threaded"
},
{
"name": "21613",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21613"
},
{
"name": "SUSE-SR:2006:022",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_22_sr.html"
},
{
"name": "1016664",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016664"
},
{
"name": "21441",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21441"
},
{
"name": "22291",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22291"
},
{
"name": "21456",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21456"
},
{
"name": "GLSA-200608-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200608-15.xml"
},
{
"name": "21423",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21423"
},
{
"name": "USN-334-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-334-1"
},
{
"name": "19427",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19427"
}
]
}
}

34
2006/3xxx/CVE-2006-3433.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3433",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2006-3433",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
}
]
}
}

180
2006/3xxx/CVE-2006-3674.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3674",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a large number handled by the id_req_handler function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://aluigi.altervista.org/adv/atrondos-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/atrondos-adv.txt"
},
{
"name" : "19015",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19015"
},
{
"name" : "ADV-2006-2836",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2836"
},
{
"name" : "21093",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21093"
},
{
"name" : "1239",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1239"
},
{
"name" : "armagetron-nnetobject-dos(27787)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27787"
},
{
"name" : "armagetron-idreqhandler-dos(27793)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27793"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a large number handled by the id_req_handler function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "armagetron-idreqhandler-dos(27793)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27793"
},
{
"name": "1239",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1239"
},
{
"name": "armagetron-nnetobject-dos(27787)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27787"
},
{
"name": "21093",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21093"
},
{
"name": "ADV-2006-2836",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2836"
},
{
"name": "http://aluigi.altervista.org/adv/atrondos-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/atrondos-adv.txt"
},
{
"name": "19015",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19015"
}
]
}
}

160
2006/3xxx/CVE-2006-3729.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3729",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DataSourceControl in Internet Explorer 6 on Windows XP SP2 with Office installed allows remote attackers to cause a denial of service (crash) via a large negative integer argument to the getDataMemberName method of a OWC11.DataSourceControl.11 object, which leads to an integer overflow and a null dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3729",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://browserfun.blogspot.com/2006/07/mobb-19-datasourcecontrol.html",
"refsource" : "MISC",
"url" : "http://browserfun.blogspot.com/2006/07/mobb-19-datasourcecontrol.html"
},
{
"name" : "19069",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19069"
},
{
"name" : "ADV-2006-2883",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2883"
},
{
"name" : "27111",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27111"
},
{
"name" : "ie-datasourcecontrol-dos(27803)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27803"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DataSourceControl in Internet Explorer 6 on Windows XP SP2 with Office installed allows remote attackers to cause a denial of service (crash) via a large negative integer argument to the getDataMemberName method of a OWC11.DataSourceControl.11 object, which leads to an integer overflow and a null dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2883",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2883"
},
{
"name": "ie-datasourcecontrol-dos(27803)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27803"
},
{
"name": "http://browserfun.blogspot.com/2006/07/mobb-19-datasourcecontrol.html",
"refsource": "MISC",
"url": "http://browserfun.blogspot.com/2006/07/mobb-19-datasourcecontrol.html"
},
{
"name": "27111",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27111"
},
{
"name": "19069",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19069"
}
]
}
}

140
2006/4xxx/CVE-2006-4222.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4222",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.0.2.13 have unspecified vectors and impact, including (1) an \"authority problem\" in ThreadIdentitySupport as identified by PK25199, and \"Potential security exposure\" issues as identified by (2) PK22747, (3) PK24334, (4) PK25740, and (5) PK26123."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876#60213",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876#60213"
},
{
"name" : "ADV-2006-3281",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3281"
},
{
"name" : "21487",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21487"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.0.2.13 have unspecified vectors and impact, including (1) an \"authority problem\" in ThreadIdentitySupport as identified by PK25199, and \"Potential security exposure\" issues as identified by (2) PK22747, (3) PK24334, (4) PK25740, and (5) PK26123."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3281",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3281"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876#60213",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876#60213"
},
{
"name": "21487",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21487"
}
]
}
}

170
2006/4xxx/CVE-2006-4919.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4919",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090915 Site@School 2.4.02 and below Multiple remote Command",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=115869368313367&w=2"
},
{
"name" : "2374",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2374"
},
{
"name" : "20053",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20053"
},
{
"name" : "ADV-2006-3664",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3664"
},
{
"name" : "1016887",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016887"
},
{
"name" : "21975",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21975"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090915 Site@School 2.4.02 and below Multiple remote Command",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=115869368313367&w=2"
},
{
"name": "2374",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2374"
},
{
"name": "ADV-2006-3664",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3664"
},
{
"name": "21975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21975"
},
{
"name": "1016887",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016887"
},
{
"name": "20053",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20053"
}
]
}
}

150
2010/2xxx/CVE-2010-2010.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2010",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via a node title."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/803944",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/803944"
},
{
"name" : "40285",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40285"
},
{
"name" : "39884",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39884"
},
{
"name" : "chaos-tool-titles-xss(58721)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58721"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via a node title."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "chaos-tool-titles-xss(58721)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58721"
},
{
"name": "39884",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39884"
},
{
"name": "http://drupal.org/node/803944",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/803944"
},
{
"name": "40285",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40285"
}
]
}
}

160
2010/2xxx/CVE-2010-2054.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2054",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB 1.3.4 through 1.3.7, when the configuration sets httpMaxContentLength to a zero value, allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a large integer in the Content-Length HTTP header, aka bug #3001915. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100601 SFCB vulnerabilities",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=bugtraq&m=127549079109192&w=2"
},
{
"name" : "http://sblim.cvs.sourceforge.net/viewvc/sblim/sfcb/httpAdapter.c?r1=1.85&r2=1.86",
"refsource" : "CONFIRM",
"url" : "http://sblim.cvs.sourceforge.net/viewvc/sblim/sfcb/httpAdapter.c?r1=1.85&r2=1.86"
},
{
"name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=3001915&group_id=128809&atid=712784",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=3001915&group_id=128809&atid=712784"
},
{
"name" : "40018",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40018"
},
{
"name" : "ADV-2010-1312",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1312"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB 1.3.4 through 1.3.7, when the configuration sets httpMaxContentLength to a zero value, allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a large integer in the Content-Length HTTP header, aka bug #3001915. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40018",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40018"
},
{
"name": "ADV-2010-1312",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1312"
},
{
"name": "http://sblim.cvs.sourceforge.net/viewvc/sblim/sfcb/httpAdapter.c?r1=1.85&r2=1.86",
"refsource": "CONFIRM",
"url": "http://sblim.cvs.sourceforge.net/viewvc/sblim/sfcb/httpAdapter.c?r1=1.85&r2=1.86"
},
{
"name": "http://sourceforge.net/tracker/index.php?func=detail&aid=3001915&group_id=128809&atid=712784",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/index.php?func=detail&aid=3001915&group_id=128809&atid=712784"
},
{
"name": "[oss-security] 20100601 SFCB vulnerabilities",
"refsource": "MLIST",
"url": "http://marc.info/?l=bugtraq&m=127549079109192&w=2"
}
]
}
}

150
2010/2xxx/CVE-2010-2324.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2324",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified \"link injection\" actions via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "PM09250",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM09250"
},
{
"name" : "PM15829",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM15829"
},
{
"name" : "40096",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40096"
},
{
"name" : "ADV-2010-1411",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1411"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified \"link injection\" actions via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-1411",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1411"
},
{
"name": "PM15829",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM15829"
},
{
"name": "PM09250",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM09250"
},
{
"name": "40096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40096"
}
]
}
}

140
2010/2xxx/CVE-2010-2361.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2361",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Winny 2.0b7.1 and earlier does not properly process BBS information, which has unspecified impact and remote attack vectors that might lead to use of the product's host for DDoS attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#54336184",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN54336184/index.html"
},
{
"name" : "JVNDB-2010-000027",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000027.html"
},
{
"name" : "winny-bbs-dos(61278)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61278"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Winny 2.0b7.1 and earlier does not properly process BBS information, which has unspecified impact and remote attack vectors that might lead to use of the product's host for DDoS attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#54336184",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN54336184/index.html"
},
{
"name": "winny-bbs-dos(61278)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61278"
},
{
"name": "JVNDB-2010-000027",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000027.html"
}
]
}
}

190
2010/2xxx/CVE-2010-2993.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2993",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The IPMI dissector in Wireshark 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html"
},
{
"name" : "SUSE-SR:2011:001",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
},
{
"name" : "SUSE-SR:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name" : "oval:org.mitre.oval:def:12031",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12031"
},
{
"name" : "42877",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42877"
},
{
"name" : "43068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43068"
},
{
"name" : "ADV-2011-0076",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0076"
},
{
"name" : "ADV-2011-0212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0212"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IPMI dissector in Wireshark 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2011:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html"
},
{
"name": "oval:org.mitre.oval:def:12031",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12031"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "42877",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42877"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html"
},
{
"name": "ADV-2011-0076",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0076"
}
]
}
}

120
2010/3xxx/CVE-2010-3365.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3365",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mistelix 0.31 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3365",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598297",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598297"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mistelix 0.31 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598297",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598297"
}
]
}
}

34
2010/3xxx/CVE-2010-3610.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3610",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3610",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

290
2010/3xxx/CVE-2010-3770.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3770",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via (1) x-mac-arabic, (2) x-mac-farsi, or (3) x-mac-hebrew characters that may be converted to angle brackets during rendering."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-84.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-84.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=601429",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=601429"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100124650",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100124650"
},
{
"name" : "DSA-2132",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2132"
},
{
"name" : "FEDORA-2010-18773",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html"
},
{
"name" : "FEDORA-2010-18775",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html"
},
{
"name" : "FEDORA-2010-18890",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html"
},
{
"name" : "FEDORA-2010-18920",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html"
},
{
"name" : "MDVSA-2010:251",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:251"
},
{
"name" : "RHSA-2010:0966",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0966.html"
},
{
"name" : "SUSE-SA:2011:003",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html"
},
{
"name" : "USN-1019-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1019-1"
},
{
"name" : "45353",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45353"
},
{
"name" : "oval:org.mitre.oval:def:12348",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12348"
},
{
"name" : "1024851",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024851"
},
{
"name" : "42716",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42716"
},
{
"name" : "42818",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42818"
},
{
"name" : "ADV-2011-0030",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0030"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via (1) x-mac-arabic, (2) x-mac-farsi, or (3) x-mac-hebrew characters that may be converted to angle brackets during rendering."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45353",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45353"
},
{
"name": "SUSE-SA:2011:003",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html"
},
{
"name": "FEDORA-2010-18775",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html"
},
{
"name": "MDVSA-2010:251",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:251"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=601429",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=601429"
},
{
"name": "http://support.avaya.com/css/P8/documents/100124650",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100124650"
},
{
"name": "RHSA-2010:0966",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0966.html"
},
{
"name": "USN-1019-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1019-1"
},
{
"name": "42818",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42818"
},
{
"name": "oval:org.mitre.oval:def:12348",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12348"
},
{
"name": "DSA-2132",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2132"
},
{
"name": "http://www.mozilla.org/security/announce/2010/mfsa2010-84.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-84.html"
},
{
"name": "FEDORA-2010-18920",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html"
},
{
"name": "ADV-2011-0030",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0030"
},
{
"name": "FEDORA-2010-18890",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html"
},
{
"name": "1024851",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024851"
},
{
"name": "42716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42716"
},
{
"name": "FEDORA-2010-18773",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html"
}
]
}
}

270
2010/3xxx/CVE-2010-3976.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3976",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash Player."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-3976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100910 Adobe Flash Player IE version 10.1.x Insecure DLL Hijacking Vulnerability (dwmapi.dll)",
"refsource" : "BUGTRAQ",
"url" : "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00070.html"
},
{
"name" : "20101105 ASPR #2010-11-05-01: Remote Binary Planting in Adobe Flash Player",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/514653/100/0/threaded"
},
{
"name" : "http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bflash_player%5D_10.1.x_insecure_dll_hijacking_%28dwmapi.dll%29",
"refsource" : "MISC",
"url" : "http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bflash_player%5D_10.1.x_insecure_dll_hijacking_%28dwmapi.dll%29"
},
{
"name" : "http://www.acrossecurity.com/aspr/ASPR-2010-11-05-1-PUB.txt",
"refsource" : "MISC",
"url" : "http://www.acrossecurity.com/aspr/ASPR-2010-11-05-1-PUB.txt"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-26.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-26.html"
},
{
"name" : "http://support.apple.com/kb/HT4435",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4435"
},
{
"name" : "APPLE-SA-2010-11-10-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name" : "GLSA-201101-09",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201101-09.xml"
},
{
"name" : "HPSBMA02663",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=130331642631603&w=2"
},
{
"name" : "SSRT100428",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=130331642631603&w=2"
},
{
"name" : "SUSE-SA:2010:055",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html"
},
{
"name" : "44671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44671"
},
{
"name" : "oval:org.mitre.oval:def:6926",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6926"
},
{
"name" : "43026",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43026"
},
{
"name" : "ADV-2010-2903",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2903"
},
{
"name" : "ADV-2011-0192",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0192"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash Player."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0192",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0192"
},
{
"name": "20101105 ASPR #2010-11-05-01: Remote Binary Planting in Adobe Flash Player",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514653/100/0/threaded"
},
{
"name": "http://support.apple.com/kb/HT4435",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "oval:org.mitre.oval:def:6926",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6926"
},
{
"name": "http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bflash_player%5D_10.1.x_insecure_dll_hijacking_%28dwmapi.dll%29",
"refsource": "MISC",
"url": "http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bflash_player%5D_10.1.x_insecure_dll_hijacking_%28dwmapi.dll%29"
},
{
"name": "43026",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43026"
},
{
"name": "GLSA-201101-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
},
{
"name": "APPLE-SA-2010-11-10-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "http://www.acrossecurity.com/aspr/ASPR-2010-11-05-1-PUB.txt",
"refsource": "MISC",
"url": "http://www.acrossecurity.com/aspr/ASPR-2010-11-05-1-PUB.txt"
},
{
"name": "SUSE-SA:2010:055",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html"
},
{
"name": "SSRT100428",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130331642631603&w=2"
},
{
"name": "ADV-2010-2903",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2903"
},
{
"name": "HPSBMA02663",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130331642631603&w=2"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-26.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-26.html"
},
{
"name": "20100910 Adobe Flash Player IE version 10.1.x Insecure DLL Hijacking Vulnerability (dwmapi.dll)",
"refsource": "BUGTRAQ",
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00070.html"
},
{
"name": "44671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44671"
}
]
}
}

270
2010/4xxx/CVE-2010-4462.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4462",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs, a different vulnerability than CVE-2010-4454 and CVE-2010-4473."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-4462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html",
"refsource" : "CONFIRM",
"url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html"
},
{
"name" : "HPSBMU02797",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name" : "HPSBUX02777",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133728004526190&w=2"
},
{
"name" : "SSRT100854",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133728004526190&w=2"
},
{
"name" : "SSRT100867",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name" : "HPSBMU02799",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name" : "RHSA-2011:0282",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0282.html"
},
{
"name" : "RHSA-2011:0880",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
},
{
"name" : "SUSE-SA:2011:024",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html"
},
{
"name" : "SUSE-SU-2011:0823",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html"
},
{
"name" : "oval:org.mitre.oval:def:12841",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12841"
},
{
"name" : "oval:org.mitre.oval:def:14039",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14039"
},
{
"name" : "44954",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44954"
},
{
"name" : "49198",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49198"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs, a different vulnerability than CVE-2010-4454 and CVE-2010-4473."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:12841",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12841"
},
{
"name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html",
"refsource": "CONFIRM",
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"name": "HPSBMU02799",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name": "SUSE-SU-2011:0823",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html"
},
{
"name": "44954",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44954"
},
{
"name": "RHSA-2011:0880",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
},
{
"name": "RHSA-2011:0282",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0282.html"
},
{
"name": "SSRT100867",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name": "49198",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49198"
},
{
"name": "SUSE-SA:2011:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html"
},
{
"name": "HPSBUX02777",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133728004526190&w=2"
},
{
"name": "oval:org.mitre.oval:def:14039",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14039"
},
{
"name": "SSRT100854",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133728004526190&w=2"
},
{
"name": "HPSBMU02797",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
}
]
}
}

160
2010/4xxx/CVE-2010-4802.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4802",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952"
},
{
"name" : "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes",
"refsource" : "CONFIRM",
"url" : "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
},
{
"name" : "https://github.com/kraih/mojo/commit/aa7c8da54b1ebd4ccb64aa66dede7b7cdb381c44",
"refsource" : "CONFIRM",
"url" : "https://github.com/kraih/mojo/commit/aa7c8da54b1ebd4ccb64aa66dede7b7cdb381c44"
},
{
"name" : "https://github.com/kraih/mojo/commit/b3a1fb453eda447c0bb082cd9eed81bb75a7564a",
"refsource" : "CONFIRM",
"url" : "https://github.com/kraih/mojo/commit/b3a1fb453eda447c0bb082cd9eed81bb75a7564a"
},
{
"name" : "DSA-2239",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2239"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes",
"refsource": "CONFIRM",
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
},
{
"name": "https://github.com/kraih/mojo/commit/b3a1fb453eda447c0bb082cd9eed81bb75a7564a",
"refsource": "CONFIRM",
"url": "https://github.com/kraih/mojo/commit/b3a1fb453eda447c0bb082cd9eed81bb75a7564a"
},
{
"name": "https://github.com/kraih/mojo/commit/aa7c8da54b1ebd4ccb64aa66dede7b7cdb381c44",
"refsource": "CONFIRM",
"url": "https://github.com/kraih/mojo/commit/aa7c8da54b1ebd4ccb64aa66dede7b7cdb381c44"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952"
},
{
"name": "DSA-2239",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2239"
}
]
}
}

170
2011/0xxx/CVE-2011-0605.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0605",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2011-0605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html"
},
{
"name" : "46200",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46200"
},
{
"name" : "oval:org.mitre.oval:def:13890",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13890"
},
{
"name" : "1025033",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025033"
},
{
"name" : "ADV-2011-0337",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0337"
},
{
"name" : "reader-acrobat-unspec-ce(65308)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65308"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46200",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46200"
},
{
"name": "reader-acrobat-unspec-ce(65308)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65308"
},
{
"name": "ADV-2011-0337",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0337"
},
{
"name": "1025033",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025033"
},
{
"name": "oval:org.mitre.oval:def:13890",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13890"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-03.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html"
}
]
}
}

140
2011/1xxx/CVE-2011-1051.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1051",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the COFF/EPOC/EXPLOAD input file loaders in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to memory allocation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.hex-rays.com/vulnfix.shtml",
"refsource" : "CONFIRM",
"url" : "https://www.hex-rays.com/vulnfix.shtml"
},
{
"name" : "46525",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46525"
},
{
"name" : "idapro-coffepocexpload-unspecified(65561)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65561"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the COFF/EPOC/EXPLOAD input file loaders in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to memory allocation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.hex-rays.com/vulnfix.shtml",
"refsource": "CONFIRM",
"url": "https://www.hex-rays.com/vulnfix.shtml"
},
{
"name": "46525",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46525"
},
{
"name": "idapro-coffepocexpload-unspecified(65561)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65561"
}
]
}
}

230
2011/1xxx/CVE-2011-1176.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1176",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1176",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[mpm-itk] 20110321 CVE 2011-1176: Sometimes runs as root instead of the default Apache user",
"refsource" : "MLIST",
"url" : "http://lists.err.no/pipermail/mpm-itk/2011-March/000393.html"
},
{
"name" : "[mpm-itk] 20110321 mpm-itk version 2.2.17-01 released",
"refsource" : "MLIST",
"url" : "http://lists.err.no/pipermail/mpm-itk/2011-March/000394.html"
},
{
"name" : "[oss-security] 20110320 CVE request: MPM-ITK module for Apache HTTPD",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/20/1"
},
{
"name" : "[oss-security] 20110321 Re: CVE request: MPM-ITK module for Apache HTTPD",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/21/13"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618857",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618857"
},
{
"name" : "DSA-2202",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2202"
},
{
"name" : "MDVSA-2011:057",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:057"
},
{
"name" : "46953",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46953"
},
{
"name" : "ADV-2011-0748",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0748"
},
{
"name" : "ADV-2011-0749",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0749"
},
{
"name" : "ADV-2011-0824",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0824"
},
{
"name" : "apache-mtmitk-weak-security(66248)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66248"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46953",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46953"
},
{
"name": "MDVSA-2011:057",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:057"
},
{
"name": "[mpm-itk] 20110321 mpm-itk version 2.2.17-01 released",
"refsource": "MLIST",
"url": "http://lists.err.no/pipermail/mpm-itk/2011-March/000394.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618857",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618857"
},
{
"name": "apache-mtmitk-weak-security(66248)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66248"
},
{
"name": "ADV-2011-0824",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0824"
},
{
"name": "ADV-2011-0748",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0748"
},
{
"name": "DSA-2202",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2202"
},
{
"name": "ADV-2011-0749",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0749"
},
{
"name": "[oss-security] 20110321 Re: CVE request: MPM-ITK module for Apache HTTPD",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/21/13"
},
{
"name": "[oss-security] 20110320 CVE request: MPM-ITK module for Apache HTTPD",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/20/1"
},
{
"name": "[mpm-itk] 20110321 CVE 2011-1176: Sometimes runs as root instead of the default Apache user",
"refsource": "MLIST",
"url": "http://lists.err.no/pipermail/mpm-itk/2011-March/000393.html"
}
]
}
}

150
2011/1xxx/CVE-2011-1558.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1558",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) 1.0.4 before FP3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1242."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg24029060",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg24029060"
},
{
"name" : "IO13663",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IO13663"
},
{
"name" : "43993",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43993"
},
{
"name" : "ADV-2011-0834",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0834"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) 1.0.4 before FP3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1242."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0834",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0834"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg24029060",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029060"
},
{
"name": "IO13663",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IO13663"
},
{
"name": "43993",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43993"
}
]
}
}

120
2014/3xxx/CVE-2014-3396.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3396",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass intended Typhoon line-card ACL restrictions via transit traffic, aka Bug ID CSCup30133."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141003 Cisco IOS XR Software Compression ACL Bypass Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3396"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass intended Typhoon line-card ACL restrictions via transit traffic, aka Bug ID CSCup30133."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141003 Cisco IOS XR Software Compression ACL Bypass Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3396"
}
]
}
}

34
2014/3xxx/CVE-2014-3839.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3839",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3839",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/6xxx/CVE-2014-6614.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6614",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6614",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/7xxx/CVE-2014-7129.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7129",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Argus Leader Print Edition (aka com.argusleader.android.prod) application 6.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#634505",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/634505"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Argus Leader Print Edition (aka com.argusleader.android.prod) application 6.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#634505",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/634505"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

170
2014/7xxx/CVE-2014-7217.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7217",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to libraries/TableSearch.class.php and libraries/Util.class.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7217",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php",
"refsource" : "CONFIRM",
"url" : "http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php"
},
{
"name" : "https://github.com/phpmyadmin/phpmyadmin/commit/304fb2b645b36a39e03b954fdbd567173ebe6448",
"refsource" : "CONFIRM",
"url" : "https://github.com/phpmyadmin/phpmyadmin/commit/304fb2b645b36a39e03b954fdbd567173ebe6448"
},
{
"name" : "https://github.com/phpmyadmin/phpmyadmin/commit/c1a3f85fbd1a9569646e7cf1b791325ae82c7961",
"refsource" : "CONFIRM",
"url" : "https://github.com/phpmyadmin/phpmyadmin/commit/c1a3f85fbd1a9569646e7cf1b791325ae82c7961"
},
{
"name" : "openSUSE-SU-2014:1280",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-10/msg00009.html"
},
{
"name" : "70252",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70252"
},
{
"name" : "61777",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61777"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to libraries/TableSearch.class.php and libraries/Util.class.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:1280",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00009.html"
},
{
"name": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php"
},
{
"name": "70252",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70252"
},
{
"name": "61777",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61777"
},
{
"name": "https://github.com/phpmyadmin/phpmyadmin/commit/c1a3f85fbd1a9569646e7cf1b791325ae82c7961",
"refsource": "CONFIRM",
"url": "https://github.com/phpmyadmin/phpmyadmin/commit/c1a3f85fbd1a9569646e7cf1b791325ae82c7961"
},
{
"name": "https://github.com/phpmyadmin/phpmyadmin/commit/304fb2b645b36a39e03b954fdbd567173ebe6448",
"refsource": "CONFIRM",
"url": "https://github.com/phpmyadmin/phpmyadmin/commit/304fb2b645b36a39e03b954fdbd567173ebe6448"
}
]
}
}

140
2014/7xxx/CVE-2014-7267.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7267",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the output-page generator in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-7268."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-7267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ricksoft.jp/document/pages/viewpage.action?pageId=172425369",
"refsource" : "CONFIRM",
"url" : "https://www.ricksoft.jp/document/pages/viewpage.action?pageId=172425369"
},
{
"name" : "JVN#09289074",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN09289074/index.html"
},
{
"name" : "JVNDB-2014-000151",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000151"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the output-page generator in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-7268."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#09289074",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN09289074/index.html"
},
{
"name": "JVNDB-2014-000151",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000151"
},
{
"name": "https://www.ricksoft.jp/document/pages/viewpage.action?pageId=172425369",
"refsource": "CONFIRM",
"url": "https://www.ricksoft.jp/document/pages/viewpage.action?pageId=172425369"
}
]
}
}

130
2014/7xxx/CVE-2014-7814.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7814",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL filter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-7814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "RHSA-2015:0028",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0028.html"
},
{
"name" : "62255",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62255"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL filter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62255",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62255"
},
{
"name": "RHSA-2015:0028",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0028.html"
}
]
}
}

140
2014/8xxx/CVE-2014-8371.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8371",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle attackers to spoof CIM servers via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle attackers to spoof CIM servers via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
}
]
}
}

180
2014/8xxx/CVE-2014-8591.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8591",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/",
"refsource" : "MISC",
"url" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/"
},
{
"name" : "https://erpscan.io/advisories/erpscan-14-016-sap-netweaver-httpd-partial-http-post-requests-dos/",
"refsource" : "MISC",
"url" : "https://erpscan.io/advisories/erpscan-14-016-sap-netweaver-httpd-partial-http-post-requests-dos/"
},
{
"name" : "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/",
"refsource" : "MISC",
"url" : "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/"
},
{
"name" : "https://service.sap.com/sap/support/notes/1966655",
"refsource" : "CONFIRM",
"url" : "https://service.sap.com/sap/support/notes/1966655"
},
{
"name" : "https://twitter.com/SAP_Gsupport/status/524138333065449472",
"refsource" : "CONFIRM",
"url" : "https://twitter.com/SAP_Gsupport/status/524138333065449472"
},
{
"name" : "71030",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71030"
},
{
"name" : "sap-netweaver-cve20148591-dos(98582)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98582"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/",
"refsource": "MISC",
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/"
},
{
"name": "https://service.sap.com/sap/support/notes/1966655",
"refsource": "CONFIRM",
"url": "https://service.sap.com/sap/support/notes/1966655"
},
{
"name": "https://erpscan.io/advisories/erpscan-14-016-sap-netweaver-httpd-partial-http-post-requests-dos/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-14-016-sap-netweaver-httpd-partial-http-post-requests-dos/"
},
{
"name": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/",
"refsource": "MISC",
"url": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/"
},
{
"name": "sap-netweaver-cve20148591-dos(98582)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98582"
},
{
"name": "https://twitter.com/SAP_Gsupport/status/524138333065449472",
"refsource": "CONFIRM",
"url": "https://twitter.com/SAP_Gsupport/status/524138333065449472"
},
{
"name": "71030",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71030"
}
]
}
}

250
2014/8xxx/CVE-2014-8730.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8730",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, AAM 11.4.0 through 11.5.1, AFM 11.3.0 through 11.5.1, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, PEM 11.3.0 through 11.6.0, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.4.1 and BIG-IQ Cloud and Security 4.0.0 through 4.4.0 and Device 4.2.0 through 4.4.0, when using TLS 1.x before TLS 1.2, does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). NOTE: the scope of this identifier is limited to the F5 implementation only. Other vulnerable implementations should receive their own CVE ID, since this is not a vulnerability within the design of TLS 1.x itself."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141209 Re: CVE question: Return of POODLE",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/12/09/27"
},
{
"name" : "https://www.imperialviolet.org/2014/12/08/poodleagain.html",
"refsource" : "MISC",
"url" : "https://www.imperialviolet.org/2014/12/08/poodleagain.html"
},
{
"name" : "https://devcentral.f5.com/articles/cve-2014-8730-padding-issue-8151",
"refsource" : "CONFIRM",
"url" : "https://devcentral.f5.com/articles/cve-2014-8730-padding-issue-8151"
},
{
"name" : "https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15882.html",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15882.html"
},
{
"name" : "https://support.lenovo.com/product_security/poodle",
"refsource" : "CONFIRM",
"url" : "https://support.lenovo.com/product_security/poodle"
},
{
"name" : "https://support.lenovo.com/us/en/product_security/poodle",
"refsource" : "CONFIRM",
"url" : "https://support.lenovo.com/us/en/product_security/poodle"
},
{
"name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635",
"refsource" : "CONFIRM",
"url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693337",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693337"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693495",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693495"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693271",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21693271"
},
{
"name" : "HPSBPV03516",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=144372772101168&w=2"
},
{
"name" : "62167",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62167"
},
{
"name" : "62224",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62224"
},
{
"name" : "62388",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62388"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, AAM 11.4.0 through 11.5.1, AFM 11.3.0 through 11.5.1, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, PEM 11.3.0 through 11.6.0, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.4.1 and BIG-IQ Cloud and Security 4.0.0 through 4.4.0 and Device 4.2.0 through 4.4.0, when using TLS 1.x before TLS 1.2, does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). NOTE: the scope of this identifier is limited to the F5 implementation only. Other vulnerable implementations should receive their own CVE ID, since this is not a vulnerability within the design of TLS 1.x itself."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62167",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62167"
},
{
"name": "[oss-security] 20141209 Re: CVE question: Return of POODLE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/12/09/27"
},
{
"name": "HPSBPV03516",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=144372772101168&w=2"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21693495",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693495"
},
{
"name": "https://devcentral.f5.com/articles/cve-2014-8730-padding-issue-8151",
"refsource": "CONFIRM",
"url": "https://devcentral.f5.com/articles/cve-2014-8730-padding-issue-8151"
},
{
"name": "62224",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62224"
},
{
"name": "https://support.lenovo.com/us/en/product_security/poodle",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/poodle"
},
{
"name": "https://www.imperialviolet.org/2014/12/08/poodleagain.html",
"refsource": "MISC",
"url": "https://www.imperialviolet.org/2014/12/08/poodleagain.html"
},
{
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21693271",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693271"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21693337",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693337"
},
{
"name": "62388",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62388"
},
{
"name": "https://support.lenovo.com/product_security/poodle",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/product_security/poodle"
},
{
"name": "https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15882.html",
"refsource": "CONFIRM",
"url": "https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15882.html"
}
]
}
}

160
2014/9xxx/CVE-2014-9096.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9096",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140724 Pligg 2.x SQLi / PWD disclosure / RCE",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Jul/136"
},
{
"name" : "http://packetstormsecurity.com/files/127615/Pligg-2.0.1-SQL-Injection-Command-Execution.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127615/Pligg-2.0.1-SQL-Injection-Command-Execution.html"
},
{
"name" : "https://github.com/Pligg/pligg-cms/commit/4891c4d8742b9dabd67e7250840e3434865aebed",
"refsource" : "CONFIRM",
"url" : "https://github.com/Pligg/pligg-cms/commit/4891c4d8742b9dabd67e7250840e3434865aebed"
},
{
"name" : "https://github.com/Pligg/pligg-cms/commit/efb967b944375cd3ea3cd84c80d86d339dbe030e",
"refsource" : "CONFIRM",
"url" : "https://github.com/Pligg/pligg-cms/commit/efb967b944375cd3ea3cd84c80d86d339dbe030e"
},
{
"name" : "68893",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68893"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68893",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68893"
},
{
"name": "http://packetstormsecurity.com/files/127615/Pligg-2.0.1-SQL-Injection-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127615/Pligg-2.0.1-SQL-Injection-Command-Execution.html"
},
{
"name": "https://github.com/Pligg/pligg-cms/commit/efb967b944375cd3ea3cd84c80d86d339dbe030e",
"refsource": "CONFIRM",
"url": "https://github.com/Pligg/pligg-cms/commit/efb967b944375cd3ea3cd84c80d86d339dbe030e"
},
{
"name": "20140724 Pligg 2.x SQLi / PWD disclosure / RCE",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jul/136"
},
{
"name": "https://github.com/Pligg/pligg-cms/commit/4891c4d8742b9dabd67e7250840e3434865aebed",
"refsource": "CONFIRM",
"url": "https://github.com/Pligg/pligg-cms/commit/4891c4d8742b9dabd67e7250840e3434865aebed"
}
]
}
}

210
2014/9xxx/CVE-2014-9330.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9330",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP image, related to dimensions, which triggers an out-of-bounds read."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141222 CVE-2014-9330: Libtiff integer overflow in bmp2tiff",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Dec/97"
},
{
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2494",
"refsource" : "CONFIRM",
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2494"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name" : "DSA-3273",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3273"
},
{
"name" : "GLSA-201701-16",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-16"
},
{
"name" : "RHSA-2016:1546",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
},
{
"name" : "RHSA-2016:1547",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
},
{
"name" : "71789",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71789"
},
{
"name" : "1031442",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031442"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP image, related to dimensions, which triggers an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "71789",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71789"
},
{
"name": "RHSA-2016:1547",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "GLSA-201701-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-16"
},
{
"name": "1031442",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031442"
},
{
"name": "DSA-3273",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3273"
},
{
"name": "20141222 CVE-2014-9330: Libtiff integer overflow in bmp2tiff",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/97"
},
{
"name": "RHSA-2016:1546",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
},
{
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2494",
"refsource": "CONFIRM",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2494"
}
]
}
}

200
2014/9xxx/CVE-2014-9750.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9750",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9750",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.ntp.org/show_bug.cgi?id=2671",
"refsource" : "CONFIRM",
"url" : "http://bugs.ntp.org/show_bug.cgi?id=2671"
},
{
"name" : "http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne",
"refsource" : "CONFIRM",
"url" : "http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1184573",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1184573"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us"
},
{
"name" : "DSA-3388",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3388"
},
{
"name" : "RHSA-2015:1459",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
},
{
"name" : "VU#852879",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/852879"
},
{
"name" : "72583",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72583"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#852879",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/852879"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne"
},
{
"name": "72583",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72583"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1184573",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184573"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "DSA-3388",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "RHSA-2015:1459",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
},
{
"name": "http://bugs.ntp.org/show_bug.cgi?id=2671",
"refsource": "CONFIRM",
"url": "http://bugs.ntp.org/show_bug.cgi?id=2671"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03886en_us"
}
]
}
}

360
2016/2xxx/CVE-2016-2315.json
View File

@ -1,182 +1,182 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2315",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160315 server and client side remote code execution through a bu ffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ-2016-2315)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/03/15/5"
},
{
"name" : "http://pastebin.com/UX2P2jjg",
"refsource" : "MISC",
"url" : "http://pastebin.com/UX2P2jjg"
},
{
"name" : "https://github.com/git/git/commit/34fa79a6cde56d6d428ab0d3160cb094ebad3305",
"refsource" : "CONFIRM",
"url" : "https://github.com/git/git/commit/34fa79a6cde56d6d428ab0d3160cb094ebad3305"
},
{
"name" : "https://github.com/git/git/commit/de1e67d0703894cb6ea782e36abb63976ab07e60",
"refsource" : "CONFIRM",
"url" : "https://github.com/git/git/commit/de1e67d0703894cb6ea782e36abb63976ab07e60"
},
{
"name" : "https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.7.4.txt",
"refsource" : "CONFIRM",
"url" : "https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.7.4.txt"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name" : "DSA-3521",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3521"
},
{
"name" : "FEDORA-2016-6554eff611",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179121.html"
},
{
"name" : "FEDORA-2016-cee7647200",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180763.html"
},
{
"name" : "FEDORA-2016-8f164810c3",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183147.html"
},
{
"name" : "GLSA-201605-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201605-01"
},
{
"name" : "RHSA-2016:0496",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0496.html"
},
{
"name" : "SUSE-SU-2016:0796",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00059.html"
},
{
"name" : "SUSE-SU-2016:0798",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00060.html"
},
{
"name" : "openSUSE-SU-2016:0802",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00061.html"
},
{
"name" : "openSUSE-SU-2016:0803",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00062.html"
},
{
"name" : "openSUSE-SU-2016:0826",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00071.html"
},
{
"name" : "openSUSE-SU-2016:0829",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00074.html"
},
{
"name" : "openSUSE-SU-2016:0831",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00076.html"
},
{
"name" : "openSUSE-SU-2016:0832",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00077.html"
},
{
"name" : "openSUSE-SU-2016:0958",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-04/msg00011.html"
},
{
"name" : "USN-2938-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2938-1"
},
{
"name" : "84355",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/84355"
},
{
"name" : "1035290",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035290"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:0829",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00074.html"
},
{
"name": "FEDORA-2016-8f164810c3",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183147.html"
},
{
"name": "DSA-3521",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3521"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "GLSA-201605-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-01"
},
{
"name": "1035290",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035290"
},
{
"name": "84355",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84355"
},
{
"name": "openSUSE-SU-2016:0803",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00062.html"
},
{
"name": "http://pastebin.com/UX2P2jjg",
"refsource": "MISC",
"url": "http://pastebin.com/UX2P2jjg"
},
{
"name": "FEDORA-2016-cee7647200",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180763.html"
},
{
"name": "[oss-security] 20160315 server and client side remote code execution through a bu ffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ-2016-2315)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/03/15/5"
},
{
"name": "openSUSE-SU-2016:0958",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00011.html"
},
{
"name": "RHSA-2016:0496",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0496.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "https://github.com/git/git/commit/34fa79a6cde56d6d428ab0d3160cb094ebad3305",
"refsource": "CONFIRM",
"url": "https://github.com/git/git/commit/34fa79a6cde56d6d428ab0d3160cb094ebad3305"
},
{
"name": "https://github.com/git/git/commit/de1e67d0703894cb6ea782e36abb63976ab07e60",
"refsource": "CONFIRM",
"url": "https://github.com/git/git/commit/de1e67d0703894cb6ea782e36abb63976ab07e60"
},
{
"name": "https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.7.4.txt",
"refsource": "CONFIRM",
"url": "https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.7.4.txt"
},
{
"name": "openSUSE-SU-2016:0802",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00061.html"
},
{
"name": "USN-2938-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2938-1"
},
{
"name": "openSUSE-SU-2016:0826",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00071.html"
},
{
"name": "openSUSE-SU-2016:0832",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00077.html"
},
{
"name": "FEDORA-2016-6554eff611",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179121.html"
},
{
"name": "openSUSE-SU-2016:0831",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00076.html"
},
{
"name": "SUSE-SU-2016:0796",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00059.html"
},
{
"name": "SUSE-SU-2016:0798",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00060.html"
}
]
}
}

120
2016/6xxx/CVE-2016-6181.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6181",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6180, CVE-2016-6182, CVE-2016-6183, and CVE-2016-6184."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160716-01-smartphone-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160716-01-smartphone-en"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6180, CVE-2016-6182, CVE-2016-6183, and CVE-2016-6184."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160716-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160716-01-smartphone-en"
}
]
}
}

190
2016/6xxx/CVE-2016-6351.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6351",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU host via vectors involving DMA read into ESP command buffer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-6351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160726 CVE request Qemu: scsi: esp: oob write access while reading ESP command",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/07/25/14"
},
{
"name" : "[oss-security] 20160726 Re: CVE request Qemu: scsi: esp: oob write access while reading ESP command",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/07/26/7"
},
{
"name" : "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
},
{
"name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11",
"refsource" : "CONFIRM",
"url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11"
},
{
"name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=cc96677469388bad3d66479379735cf75db069e3",
"refsource" : "CONFIRM",
"url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=cc96677469388bad3d66479379735cf75db069e3"
},
{
"name" : "USN-3047-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"name" : "USN-3047-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"name" : "92119",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92119"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU host via vectors involving DMA read into ESP command buffer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3047-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3047-1"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=cc96677469388bad3d66479379735cf75db069e3",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=cc96677469388bad3d66479379735cf75db069e3"
},
{
"name": "USN-3047-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3047-2"
},
{
"name": "[oss-security] 20160726 CVE request Qemu: scsi: esp: oob write access while reading ESP command",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/25/14"
},
{
"name": "[oss-security] 20160726 Re: CVE request Qemu: scsi: esp: oob write access while reading ESP command",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/26/7"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11"
},
{
"name": "92119",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92119"
},
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html"
}
]
}
}

162
2016/6xxx/CVE-2016-6559.json
View File

@ -1,83 +1,83 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-6559",
"STATE" : "PUBLIC",
"TITLE" : "The BSD libc library's link_ntoa() function may be vulnerable to a classic buffer overflow"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "libc library",
"version" : {
"version_data" : [
{
"affected" : "=",
"version_name" : "link_ntoa()",
"version_value" : "link_ntoa()"
}
]
}
}
]
},
"vendor_name" : "BSD"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by FreeBSD developers, it is very unlikely that applications exist that utilize link_ntoa() in an exploitable manner, and the CERT/CC is not aware of any proof of concept. A blog post describes the functionality of link_ntoa() and points out that none of the base utilities use this function in an exploitable manner. For more information, please see FreeBSD Security Advisory SA-16:37."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-120"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6559",
"STATE": "PUBLIC",
"TITLE": "The BSD libc library's link_ntoa() function may be vulnerable to a classic buffer overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libc library",
"version": {
"version_data": [
{
"affected": "=",
"version_name": "link_ntoa()",
"version_value": "link_ntoa()"
}
]
}
}
]
},
"vendor_name": "BSD"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "FreeBSD-SA-16:37",
"refsource" : "FREEBSD",
"url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:37.libc.asc"
},
{
"name" : "VU#548487",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/548487"
},
{
"name" : "94694",
"refsource" : "BID",
"url" : "https://www.securityfocus.com/bid/94694"
},
{
"name" : "1037398",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037398"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by FreeBSD developers, it is very unlikely that applications exist that utilize link_ntoa() in an exploitable manner, and the CERT/CC is not aware of any proof of concept. A blog post describes the functionality of link_ntoa() and points out that none of the base utilities use this function in an exploitable manner. For more information, please see FreeBSD Security Advisory SA-16:37."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037398",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037398"
},
{
"name": "FreeBSD-SA-16:37",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:37.libc.asc"
},
{
"name": "VU#548487",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/548487"
},
{
"name": "94694",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/94694"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

150
2016/6xxx/CVE-2016-6620.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6620",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function without verification that it's valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180706 [SECURITY] [DLA 1415-1] phpmyadmin security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html"
},
{
"name" : "https://www.phpmyadmin.net/security/PMASA-2016-43",
"refsource" : "CONFIRM",
"url" : "https://www.phpmyadmin.net/security/PMASA-2016-43"
},
{
"name" : "GLSA-201701-32",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-32"
},
{
"name" : "95055",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95055"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function without verification that it's valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95055",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95055"
},
{
"name": "[debian-lts-announce] 20180706 [SECURITY] [DLA 1415-1] phpmyadmin security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html"
},
{
"name": "https://www.phpmyadmin.net/security/PMASA-2016-43",
"refsource": "CONFIRM",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-43"
},
{
"name": "GLSA-201701-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-32"
}
]
}
}

140
2016/6xxx/CVE-2016-6946.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6946",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-6946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
},
{
"name" : "93491",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93491"
},
{
"name" : "1036986",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036986"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036986",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036986"
},
{
"name": "93491",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93491"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
}
]
}
}

140
2016/6xxx/CVE-2016-6976.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6976",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-6976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
},
{
"name" : "93496",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93496"
},
{
"name" : "1036986",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036986"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036986",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036986"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
},
{
"name": "93496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93496"
}
]
}
}

180
2017/18xxx/CVE-2017-18255.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18255",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1572e45a924f254d9570093abde46430c3172e3d",
"refsource" : "MISC",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1572e45a924f254d9570093abde46430c3172e3d"
},
{
"name" : "https://github.com/torvalds/linux/commit/1572e45a924f254d9570093abde46430c3172e3d",
"refsource" : "MISC",
"url" : "https://github.com/torvalds/linux/commit/1572e45a924f254d9570093abde46430c3172e3d"
},
{
"name" : "USN-3696-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3696-1/"
},
{
"name" : "USN-3696-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3696-2/"
},
{
"name" : "USN-3754-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3754-1/"
},
{
"name" : "103607",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103607"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3696-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3696-1/"
},
{
"name": "USN-3754-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3754-1/"
},
{
"name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1572e45a924f254d9570093abde46430c3172e3d",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1572e45a924f254d9570093abde46430c3172e3d"
},
{
"name": "103607",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103607"
},
{
"name": "USN-3696-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3696-2/"
},
{
"name": "https://github.com/torvalds/linux/commit/1572e45a924f254d9570093abde46430c3172e3d",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/1572e45a924f254d9570093abde46430c3172e3d"
}
]
}
}

170
2017/5xxx/CVE-2017-5108.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-5108",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android",
"version" : {
"version_data" : [
{
"version_value" : "Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Type confusion"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux and Android"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html",
"refsource" : "MISC",
"url" : "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html"
},
{
"name" : "https://crbug.com/695830",
"refsource" : "MISC",
"url" : "https://crbug.com/695830"
},
{
"name" : "DSA-3926",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3926"
},
{
"name" : "GLSA-201709-15",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201709-15"
},
{
"name" : "RHSA-2017:1833",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1833"
},
{
"name" : "99950",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99950"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Type confusion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201709-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-15"
},
{
"name": "DSA-3926",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3926"
},
{
"name": "https://crbug.com/695830",
"refsource": "MISC",
"url": "https://crbug.com/695830"
},
{
"name": "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html"
},
{
"name": "99950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99950"
},
{
"name": "RHSA-2017:1833",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1833"
}
]
}
}

130
2017/5xxx/CVE-2017-5235.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@rapid7.com",
"ID" : "CVE-2017-5235",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Metasploit Pro",
"version" : {
"version_data" : [
{
"version_value" : "All versions prior to version 4.13.0-2017022101"
}
]
}
}
]
},
"vendor_name" : "Rapid7"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DLL Preloading"
}
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2017-5235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit Pro",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.13.0-2017022101"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products",
"refsource" : "CONFIRM",
"url" : "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
},
{
"name" : "96548",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96548"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Preloading"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products",
"refsource": "CONFIRM",
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
},
{
"name": "96548",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96548"
}
]
}
}

34
2017/5xxx/CVE-2017-5269.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5269",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5269",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

152
2017/5xxx/CVE-2017-5703.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"DATE_PUBLIC" : "2018-04-03T00:00:00",
"ID" : "CVE-2017-5703",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Intel 6th generation Intel Core Processors, Intel 7th generation Processors, Intel Xeon Scalable Processors, Intel Xeon Processor E3 v5 Family, Intel Xeon Processor E3 v6 Family, and Intel Atom Processor C Series.",
"version" : {
"version_data" : [
{
"version_value" : "All"
}
]
}
}
]
},
"vendor_name" : "Intel Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Configuration of SPI Flash in platforms based on multiple Intel platforms allow a local attacker to alter the behavior of the SPI flash potentially leading to a Denial of Service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2018-04-03T00:00:00",
"ID": "CVE-2017-5703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel 6th generation Intel Core Processors, Intel 7th generation Processors, Intel Xeon Scalable Processors, Intel Xeon Processor E3 v5 Family, Intel Xeon Processor E3 v6 Family, and Intel Atom Processor C Series.",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00087&languageid=en-fr",
"refsource" : "CONFIRM",
"url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00087&languageid=en-fr"
},
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03867en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03867en_us"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180924-0004/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180924-0004/"
},
{
"name" : "1040626",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040626"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Configuration of SPI Flash in platforms based on multiple Intel platforms allow a local attacker to alter the behavior of the SPI flash potentially leading to a Denial of Service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03867en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03867en_us"
},
{
"name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00087&languageid=en-fr",
"refsource": "CONFIRM",
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00087&languageid=en-fr"
},
{
"name": "1040626",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040626"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180924-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180924-0004/"
}
]
}
}

34
2017/5xxx/CVE-2017-5890.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5890",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5890",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/5xxx/CVE-2017-5989.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5989",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5989",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}