admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:17:47 +00:00
parent 3eeff2b5b8
commit 68acf0d123
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 4277 additions and 4277 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
2006/0xxx/CVE-2006-0661.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0661",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Scriptme SmE GB Host 1.21 and SmE Blog Host allows remote attackers to inject arbitrary web script or HTML via the BBcode url tag."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://evuln.com/vulns/65/summary.html",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/65/summary.html"
},
{
"name" : "16585",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16585"
},
{
"name" : "ADV-2006-0504",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0504"
},
{
"name" : "18786",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18786"
},
{
"name" : "447",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/447"
},
{
"name" : "sme-bbcode-xss(24543)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24543"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Scriptme SmE GB Host 1.21 and SmE Blog Host allows remote attackers to inject arbitrary web script or HTML via the BBcode url tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16585",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16585"
},
{
"name": "18786",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18786"
},
{
"name": "ADV-2006-0504",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0504"
},
{
"name": "sme-bbcode-xss(24543)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24543"
},
{
"name": "http://evuln.com/vulns/65/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/65/summary.html"
},
{
"name": "447",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/447"
}
]
}
}

170
2006/0xxx/CVE-2006-0760.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0760",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP interpreter only for \".php\" names."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://lighttpd.net/news/",
"refsource" : "CONFIRM",
"url" : "http://lighttpd.net/news/"
},
{
"name" : "http://www.lighttpd.net/news/",
"refsource" : "CONFIRM",
"url" : "http://www.lighttpd.net/news/"
},
{
"name" : "ADV-2006-0550",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0550"
},
{
"name" : "23229",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23229"
},
{
"name" : "18869",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18869"
},
{
"name" : "lighttpd-ext-source-disclosure(24699)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24699"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP interpreter only for \".php\" names."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lighttpd.net/news/",
"refsource": "CONFIRM",
"url": "http://lighttpd.net/news/"
},
{
"name": "ADV-2006-0550",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0550"
},
{
"name": "18869",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18869"
},
{
"name": "http://www.lighttpd.net/news/",
"refsource": "CONFIRM",
"url": "http://www.lighttpd.net/news/"
},
{
"name": "23229",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23229"
},
{
"name": "lighttpd-ext-source-disclosure(24699)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24699"
}
]
}
}

180
2006/0xxx/CVE-2006-0811.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0811",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in reguser.php in Skate Board 0.9 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters involved with the registration form."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060303 [eVuln] Skate Board Multimple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/426658/30/0/threaded"
},
{
"name" : "http://evuln.com/vulns/84/summary.html",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/84/summary.html"
},
{
"name" : "16936",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16936"
},
{
"name" : "23305",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23305"
},
{
"name" : "18978",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18978"
},
{
"name" : "540",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/540"
},
{
"name" : "skateboard-registration-xss(24781)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24781"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in reguser.php in Skate Board 0.9 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters involved with the registration form."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16936",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16936"
},
{
"name": "http://evuln.com/vulns/84/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/84/summary.html"
},
{
"name": "23305",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23305"
},
{
"name": "skateboard-registration-xss(24781)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24781"
},
{
"name": "20060303 [eVuln] Skate Board Multimple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426658/30/0/threaded"
},
{
"name": "540",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/540"
},
{
"name": "18978",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18978"
}
]
}
}

160
2006/1xxx/CVE-2006-1030.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1030",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in mod_templatechooser in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via an unspecified attack vector that reveals the path."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.joomla.org/content/view/938/78/",
"refsource" : "CONFIRM",
"url" : "http://www.joomla.org/content/view/938/78/"
},
{
"name" : "ADV-2006-0818",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0818"
},
{
"name" : "23818",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23818"
},
{
"name" : "19105",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19105"
},
{
"name" : "joomla-multiple-disclose-path(25028)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25028"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in mod_templatechooser in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via an unspecified attack vector that reveals the path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0818",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0818"
},
{
"name": "19105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19105"
},
{
"name": "23818",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23818"
},
{
"name": "joomla-multiple-disclose-path(25028)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25028"
},
{
"name": "http://www.joomla.org/content/view/938/78/",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/content/view/938/78/"
}
]
}
}

160
2006/1xxx/CVE-2006-1153.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1153",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in D2-Shoutbox 4.2 allows remote attackers to execute arbitrary SQL commands via the load parameter, when performing a Shoutbox action through Invision Power Board (IPB)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "1556",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1556"
},
{
"name" : "16984",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16984"
},
{
"name" : "ADV-2006-0865",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0865"
},
{
"name" : "19132",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19132"
},
{
"name" : "d2shoutbox-index-sql-injection(25074)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25074"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in D2-Shoutbox 4.2 allows remote attackers to execute arbitrary SQL commands via the load parameter, when performing a Shoutbox action through Invision Power Board (IPB)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19132",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19132"
},
{
"name": "ADV-2006-0865",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0865"
},
{
"name": "16984",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16984"
},
{
"name": "d2shoutbox-index-sql-injection(25074)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25074"
},
{
"name": "1556",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1556"
}
]
}
}

160
2006/1xxx/CVE-2006-1166.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1166",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Monotone 0.25 and earlier, when a user creates a file in a directory called \"mt\", and when checking out that file on a case-insensitive file system such as Windows or Mac OS X, places the file into the \"MT\" bookkeeping directory, which could allow context-dependent attackers to execute arbitrary Lua programs as the user running monotone."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[Monotone-devel] 20060308 [ANNOUNCE] Monotone 0.25.2 -- security fix release",
"refsource" : "MLIST",
"url" : "http://lists.gnu.org/archive/html/monotone-devel/2006-03/msg00062.html"
},
{
"name" : "17139",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17139"
},
{
"name" : "ADV-2006-0990",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0990"
},
{
"name" : "19260",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19260"
},
{
"name" : "monotone-mt-lua-code-execution(25294)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25294"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Monotone 0.25 and earlier, when a user creates a file in a directory called \"mt\", and when checking out that file on a case-insensitive file system such as Windows or Mac OS X, places the file into the \"MT\" bookkeeping directory, which could allow context-dependent attackers to execute arbitrary Lua programs as the user running monotone."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19260"
},
{
"name": "[Monotone-devel] 20060308 [ANNOUNCE] Monotone 0.25.2 -- security fix release",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/monotone-devel/2006-03/msg00062.html"
},
{
"name": "17139",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17139"
},
{
"name": "ADV-2006-0990",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0990"
},
{
"name": "monotone-mt-lua-code-execution(25294)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25294"
}
]
}
}

310
2006/1xxx/CVE-2006-1522.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1522",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The sys_add_key function in the keyring code in Linux kernel 2.6.16.1 and 2.6.17-rc1, and possibly earlier versions, allows local users to cause a denial of service (OOPS) via keyctl requests that add a key to a user key instead of a keyring key, which causes an invalid dereference in the __keyring_search_one function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-1522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188466",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188466"
},
{
"name" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c3a9d6541f84ac3ff566982d08389b87c1c36b4e",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c3a9d6541f84ac3ff566982d08389b87c1c36b4e"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm"
},
{
"name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.3",
"refsource" : "CONFIRM",
"url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.3"
},
{
"name" : "FEDORA-2006-423",
"refsource" : "FEDORA",
"url" : "http://lwn.net/Alerts/180820/"
},
{
"name" : "MDKSA-2006:086",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:086"
},
{
"name" : "RHSA-2006:0493",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0493.html"
},
{
"name" : "USN-302-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-302-1"
},
{
"name" : "17451",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17451"
},
{
"name" : "oval:org.mitre.oval:def:9325",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9325"
},
{
"name" : "ADV-2006-1307",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1307"
},
{
"name" : "ADV-2006-1475",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1475"
},
{
"name" : "24507",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24507"
},
{
"name" : "19573",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19573"
},
{
"name" : "20157",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20157"
},
{
"name" : "20237",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20237"
},
{
"name" : "20716",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20716"
},
{
"name" : "21745",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21745"
},
{
"name" : "19735",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19735"
},
{
"name" : "linux-keyringsearchone-dos(25722)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25722"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sys_add_key function in the keyring code in Linux kernel 2.6.16.1 and 2.6.17-rc1, and possibly earlier versions, allows local users to cause a denial of service (OOPS) via keyctl requests that add a key to a user key instead of a keyring key, which causes an invalid dereference in the __keyring_search_one function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm"
},
{
"name": "RHSA-2006:0493",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0493.html"
},
{
"name": "19735",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19735"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188466",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188466"
},
{
"name": "linux-keyringsearchone-dos(25722)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25722"
},
{
"name": "20716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20716"
},
{
"name": "FEDORA-2006-423",
"refsource": "FEDORA",
"url": "http://lwn.net/Alerts/180820/"
},
{
"name": "21745",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21745"
},
{
"name": "USN-302-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-302-1"
},
{
"name": "oval:org.mitre.oval:def:9325",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9325"
},
{
"name": "24507",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24507"
},
{
"name": "19573",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19573"
},
{
"name": "ADV-2006-1307",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1307"
},
{
"name": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c3a9d6541f84ac3ff566982d08389b87c1c36b4e",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c3a9d6541f84ac3ff566982d08389b87c1c36b4e"
},
{
"name": "17451",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17451"
},
{
"name": "ADV-2006-1475",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1475"
},
{
"name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.3",
"refsource": "CONFIRM",
"url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.3"
},
{
"name": "20237",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20237"
},
{
"name": "MDKSA-2006:086",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:086"
},
{
"name": "20157",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20157"
}
]
}
}

140
2006/1xxx/CVE-2006-1852.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1852",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in category.php in Article Publisher Pro 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cname parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/04/article-publisher-pro-sql-inj.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/04/article-publisher-pro-sql-inj.html"
},
{
"name" : "24730",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24730"
},
{
"name" : "articlepublisher-category-sql-injection(25898)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25898"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in category.php in Article Publisher Pro 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cname parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pridels0.blogspot.com/2006/04/article-publisher-pro-sql-inj.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/04/article-publisher-pro-sql-inj.html"
},
{
"name": "articlepublisher-category-sql-injection(25898)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25898"
},
{
"name": "24730",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24730"
}
]
}
}

210
2006/4xxx/CVE-2006-4196.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4196",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in index.php in WEBInsta CMS 0.3.1 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the templates_dir parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060814 [ECHO_ADV_45$2006] WEBinsta CMS 0.3.1 (templates_dir) Remote File Inclusion Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/443154/100/0/threaded"
},
{
"name" : "20060903 Re: [ECHO_ADV_45$2006] WEBinsta CMS 0.3.1 (templates_dir) Remote File Inclusion Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445083/100/0/threaded"
},
{
"name" : "http://advisories.echo.or.id/adv/adv45-K-159-2006.txt",
"refsource" : "MISC",
"url" : "http://advisories.echo.or.id/adv/adv45-K-159-2006.txt"
},
{
"name" : "2175",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2175"
},
{
"name" : "http://my.opera.com/atomo64/blog/show.dml/443167",
"refsource" : "MISC",
"url" : "http://my.opera.com/atomo64/blog/show.dml/443167"
},
{
"name" : "19489",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19489"
},
{
"name" : "ADV-2006-3276",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3276"
},
{
"name" : "21463",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21463"
},
{
"name" : "1400",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1400"
},
{
"name" : "webinsta-index-file-include(28371)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28371"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in index.php in WEBInsta CMS 0.3.1 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the templates_dir parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060814 [ECHO_ADV_45$2006] WEBinsta CMS 0.3.1 (templates_dir) Remote File Inclusion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443154/100/0/threaded"
},
{
"name": "ADV-2006-3276",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3276"
},
{
"name": "webinsta-index-file-include(28371)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28371"
},
{
"name": "19489",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19489"
},
{
"name": "http://my.opera.com/atomo64/blog/show.dml/443167",
"refsource": "MISC",
"url": "http://my.opera.com/atomo64/blog/show.dml/443167"
},
{
"name": "20060903 Re: [ECHO_ADV_45$2006] WEBinsta CMS 0.3.1 (templates_dir) Remote File Inclusion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445083/100/0/threaded"
},
{
"name": "21463",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21463"
},
{
"name": "http://advisories.echo.or.id/adv/adv45-K-159-2006.txt",
"refsource": "MISC",
"url": "http://advisories.echo.or.id/adv/adv45-K-159-2006.txt"
},
{
"name": "2175",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2175"
},
{
"name": "1400",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1400"
}
]
}
}

210
2006/4xxx/CVE-2006-4228.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4228",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Symantec Veritas NetBackup PureDisk Remote Office Edition 6.0 before MP1 20060816 allows remote attackers to bypass authentication and gain privileges via unknown attack vectors in the management interface."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060816 SYM06-16 Symantec NetBackup PureDisk Remote Office Edition Elevation of Privilege",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/443395/100/0/threaded"
},
{
"name" : "20060817 Re: SYM06-16 Symantec NetBackup PureDisk Remote Office Edition Elevation of Privilege",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/443520/100/0/threaded"
},
{
"name" : "http://securityresponse.symantec.com/avcenter/security/Content/2006.08.16.html",
"refsource" : "CONFIRM",
"url" : "http://securityresponse.symantec.com/avcenter/security/Content/2006.08.16.html"
},
{
"name" : "http://seer.entsupport.symantec.com/docs/284734.htm",
"refsource" : "CONFIRM",
"url" : "http://seer.entsupport.symantec.com/docs/284734.htm"
},
{
"name" : "19524",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19524"
},
{
"name" : "ADV-2006-3299",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3299"
},
{
"name" : "1016704",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016704"
},
{
"name" : "21507",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21507"
},
{
"name" : "1412",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1412"
},
{
"name" : "netbackup-puredisk-auth-bypass(28415)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28415"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Veritas NetBackup PureDisk Remote Office Edition 6.0 before MP1 20060816 allows remote attackers to bypass authentication and gain privileges via unknown attack vectors in the management interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016704",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016704"
},
{
"name": "1412",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1412"
},
{
"name": "netbackup-puredisk-auth-bypass(28415)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28415"
},
{
"name": "20060816 SYM06-16 Symantec NetBackup PureDisk Remote Office Edition Elevation of Privilege",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443395/100/0/threaded"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.08.16.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.08.16.html"
},
{
"name": "21507",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21507"
},
{
"name": "http://seer.entsupport.symantec.com/docs/284734.htm",
"refsource": "CONFIRM",
"url": "http://seer.entsupport.symantec.com/docs/284734.htm"
},
{
"name": "20060817 Re: SYM06-16 Symantec NetBackup PureDisk Remote Office Edition Elevation of Privilege",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443520/100/0/threaded"
},
{
"name": "ADV-2006-3299",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3299"
},
{
"name": "19524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19524"
}
]
}
}

180
2006/4xxx/CVE-2006-4427.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4427",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "index.php in eFiction before 2.0.7 allows remote attackers to bypass authentication and gain privileges by setting the (1) adminloggedin, (2) loggedin, and (3) level parameters to \"1\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2255",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2255"
},
{
"name" : "http://efiction.org/forums/index.php?topic=3698",
"refsource" : "CONFIRM",
"url" : "http://efiction.org/forums/index.php?topic=3698"
},
{
"name" : "19717",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19717"
},
{
"name" : "ADV-2006-3392",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3392"
},
{
"name" : "28237",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28237"
},
{
"name" : "21625",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21625"
},
{
"name" : "efiction-admin-security-bypass(28595)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28595"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "index.php in eFiction before 2.0.7 allows remote attackers to bypass authentication and gain privileges by setting the (1) adminloggedin, (2) loggedin, and (3) level parameters to \"1\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "efiction-admin-security-bypass(28595)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28595"
},
{
"name": "19717",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19717"
},
{
"name": "2255",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2255"
},
{
"name": "28237",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28237"
},
{
"name": "http://efiction.org/forums/index.php?topic=3698",
"refsource": "CONFIRM",
"url": "http://efiction.org/forums/index.php?topic=3698"
},
{
"name": "ADV-2006-3392",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3392"
},
{
"name": "21625",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21625"
}
]
}
}

140
2006/4xxx/CVE-2006-4851.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4851",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in system/_b/contentFiles/gBHTMLEditor.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "84179",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/84179"
},
{
"name" : "ADV-2006-3642",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3642"
},
{
"name" : "bolinos-index-file-include(28991)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28991"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in system/_b/contentFiles/gBHTMLEditor.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "84179",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84179"
},
{
"name": "ADV-2006-3642",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3642"
},
{
"name": "bolinos-index-file-include(28991)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28991"
}
]
}
}

140
2006/4xxx/CVE-2006-4983.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4983",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco NAC allows quarantined devices to communicate over the network with (1) DNS, (2) DHCP, and (3) EAPoUDP, which allows attackers to bypass control methods by tunneling network traffic through one of these protocols."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060919 White paper release: Bypassing network access control (NAC) systems",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446421/100/0/threaded"
},
{
"name" : "http://www.insightix.com/files/pdf/Bypassing_NAC_Solutions_Whitepaper.pdf",
"refsource" : "MISC",
"url" : "http://www.insightix.com/files/pdf/Bypassing_NAC_Solutions_Whitepaper.pdf"
},
{
"name" : "30977",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/30977"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco NAC allows quarantined devices to communicate over the network with (1) DNS, (2) DHCP, and (3) EAPoUDP, which allows attackers to bypass control methods by tunneling network traffic through one of these protocols."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060919 White paper release: Bypassing network access control (NAC) systems",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446421/100/0/threaded"
},
{
"name": "30977",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30977"
},
{
"name": "http://www.insightix.com/files/pdf/Bypassing_NAC_Solutions_Whitepaper.pdf",
"refsource": "MISC",
"url": "http://www.insightix.com/files/pdf/Bypassing_NAC_Solutions_Whitepaper.pdf"
}
]
}
}

190
2006/5xxx/CVE-2006-5256.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5256",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in claroline/inc/lib/import.lib.php in Claroline 1.8.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061010 claroline <= 180rc1 Remote File Inclusion",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/448174/100/0/threaded"
},
{
"name" : "2510",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2510"
},
{
"name" : "20444",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20444"
},
{
"name" : "ADV-2006-3996",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3996"
},
{
"name" : "1017044",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017044"
},
{
"name" : "22364",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22364"
},
{
"name" : "1719",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1719"
},
{
"name" : "claroline-import-file-include(29426)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29426"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in claroline/inc/lib/import.lib.php in Claroline 1.8.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "claroline-import-file-include(29426)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29426"
},
{
"name": "2510",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2510"
},
{
"name": "20061010 claroline <= 180rc1 Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448174/100/0/threaded"
},
{
"name": "20444",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20444"
},
{
"name": "1719",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1719"
},
{
"name": "ADV-2006-3996",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3996"
},
{
"name": "22364",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22364"
},
{
"name": "1017044",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017044"
}
]
}
}

160
2010/0xxx/CVE-2010-0482.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0482",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka \"Windows Kernel Malformed Image Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-0482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS10-021",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-021"
},
{
"name" : "TA10-103A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-103A.html"
},
{
"name" : "oval:org.mitre.oval:def:7176",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7176"
},
{
"name" : "1023850",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023850"
},
{
"name" : "39374",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39374"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka \"Windows Kernel Malformed Image Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39374",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39374"
},
{
"name": "MS10-021",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-021"
},
{
"name": "oval:org.mitre.oval:def:7176",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7176"
},
{
"name": "TA10-103A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-103A.html"
},
{
"name": "1023850",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023850"
}
]
}
}

260
2010/0xxx/CVE-2010-0732.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0732",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0732",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100212 CVE Request: gnome-screensaver termination by pressing \"Enter\"",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/02/12/1"
},
{
"name" : "[oss-security] 20100305 Re: CVE Request: gnome-screensaver termination by pressing \"Enter\"",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/03/05/2"
},
{
"name" : "[oss-security] 20100316 Re: Re: CVE Request: gnome-screensaver termination by pressing \"Enter\"",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/03/16/9"
},
{
"name" : "http://www.heise.de/newsticker/meldung/Gnome-Bildschirmsperre-in-OpenSuse-Linux-wirkungslos-2-Update-928580.html",
"refsource" : "MISC",
"url" : "http://www.heise.de/newsticker/meldung/Gnome-Bildschirmsperre-in-OpenSuse-Linux-wirkungslos-2-Update-928580.html"
},
{
"name" : "http://ftp.gnome.org/pub/gnome/sources/gtk+/2.18/gtk+-2.18.5.news",
"refsource" : "CONFIRM",
"url" : "http://ftp.gnome.org/pub/gnome/sources/gtk+/2.18/gtk+-2.18.5.news"
},
{
"name" : "http://git.gnome.org/browse/gnome-screensaver/commit/?h=gnome-2-28&id=98f8a22412cf388217fd5b88915eadd274d68520",
"refsource" : "CONFIRM",
"url" : "http://git.gnome.org/browse/gnome-screensaver/commit/?h=gnome-2-28&id=98f8a22412cf388217fd5b88915eadd274d68520"
},
{
"name" : "http://git.gnome.org/browse/gnome-screensaver/commit/?id=ab08cc93f2dc6223c8c00bfa1ca4f2d89069dbe0",
"refsource" : "CONFIRM",
"url" : "http://git.gnome.org/browse/gnome-screensaver/commit/?id=ab08cc93f2dc6223c8c00bfa1ca4f2d89069dbe0"
},
{
"name" : "http://git.gnome.org/browse/gtk+/commit/?id=0748cf563d0d0d03001a62589f13be16a8ec06c1",
"refsource" : "CONFIRM",
"url" : "http://git.gnome.org/browse/gtk+/commit/?id=0748cf563d0d0d03001a62589f13be16a8ec06c1"
},
{
"name" : "https://bugs.edge.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/446395",
"refsource" : "CONFIRM",
"url" : "https://bugs.edge.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/446395"
},
{
"name" : "https://bugzilla.gnome.org/show_bug.cgi?id=598476",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.gnome.org/show_bug.cgi?id=598476"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=565527",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=565527"
},
{
"name" : "MDVSA-2010:109",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:109"
},
{
"name" : "SUSE-SR:2010:008",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
},
{
"name" : "38211",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38211"
},
{
"name" : "39317",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39317"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39317",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39317"
},
{
"name": "[oss-security] 20100212 CVE Request: gnome-screensaver termination by pressing \"Enter\"",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/02/12/1"
},
{
"name": "[oss-security] 20100316 Re: Re: CVE Request: gnome-screensaver termination by pressing \"Enter\"",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/03/16/9"
},
{
"name": "38211",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38211"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=565527",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=565527"
},
{
"name": "http://git.gnome.org/browse/gnome-screensaver/commit/?id=ab08cc93f2dc6223c8c00bfa1ca4f2d89069dbe0",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/gnome-screensaver/commit/?id=ab08cc93f2dc6223c8c00bfa1ca4f2d89069dbe0"
},
{
"name": "SUSE-SR:2010:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
},
{
"name": "http://ftp.gnome.org/pub/gnome/sources/gtk+/2.18/gtk+-2.18.5.news",
"refsource": "CONFIRM",
"url": "http://ftp.gnome.org/pub/gnome/sources/gtk+/2.18/gtk+-2.18.5.news"
},
{
"name": "MDVSA-2010:109",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:109"
},
{
"name": "http://git.gnome.org/browse/gnome-screensaver/commit/?h=gnome-2-28&id=98f8a22412cf388217fd5b88915eadd274d68520",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/gnome-screensaver/commit/?h=gnome-2-28&id=98f8a22412cf388217fd5b88915eadd274d68520"
},
{
"name": "https://bugs.edge.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/446395",
"refsource": "CONFIRM",
"url": "https://bugs.edge.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/446395"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=598476",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=598476"
},
{
"name": "[oss-security] 20100305 Re: CVE Request: gnome-screensaver termination by pressing \"Enter\"",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/03/05/2"
},
{
"name": "http://git.gnome.org/browse/gtk+/commit/?id=0748cf563d0d0d03001a62589f13be16a8ec06c1",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/gtk+/commit/?id=0748cf563d0d0d03001a62589f13be16a8ec06c1"
},
{
"name": "http://www.heise.de/newsticker/meldung/Gnome-Bildschirmsperre-in-OpenSuse-Linux-wirkungslos-2-Update-928580.html",
"refsource": "MISC",
"url": "http://www.heise.de/newsticker/meldung/Gnome-Bildschirmsperre-in-OpenSuse-Linux-wirkungslos-2-Update-928580.html"
}
]
}
}

130
2010/2xxx/CVE-2010-2318.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2318",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in cms_data.php in PHPCityPortal 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/1001-exploits/phpcityportal-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1001-exploits/phpcityportal-xss.txt"
},
{
"name" : "40532",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40532"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in cms_data.php in PHPCityPortal 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/1001-exploits/phpcityportal-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1001-exploits/phpcityportal-xss.txt"
},
{
"name": "40532",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40532"
}
]
}
}

130
2010/2xxx/CVE-2010-2818.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2818",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the SunRPC inspection feature on the Cisco Firewall Services Module (FWSM) with software 3.1 before 3.1(17.2), 3.2 before 3.2(16.1), 4.0 before 4.0(10.1), and 4.1 before 4.1(1.1) for Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service (device reload) via crafted SunRPC messages, aka Bug ID CSCte61710."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-2818",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100804 Multiple Vulnerabilities in Cisco Firewall Services Module",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3f130.shtml"
},
{
"name" : "40843",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40843"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the SunRPC inspection feature on the Cisco Firewall Services Module (FWSM) with software 3.1 before 3.1(17.2), 3.2 before 3.2(16.1), 4.0 before 4.0(10.1), and 4.1 before 4.1(1.1) for Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service (device reload) via crafted SunRPC messages, aka Bug ID CSCte61710."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40843"
},
{
"name": "20100804 Multiple Vulnerabilities in Cisco Firewall Services Module",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3f130.shtml"
}
]
}
}

190
2010/3xxx/CVE-2010-3255.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3255",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 6.0.472.53 and webkitgtk before 1.2.6 do not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=51653",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=51653"
},
{
"name" : "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html"
},
{
"name" : "MDVSA-2011:039",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name" : "RHSA-2011:0177",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0177.html"
},
{
"name" : "oval:org.mitre.oval:def:11736",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11736"
},
{
"name" : "43086",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43086"
},
{
"name" : "ADV-2011-0216",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0216"
},
{
"name" : "ADV-2011-0552",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0552"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 6.0.472.53 and webkitgtk before 1.2.6 do not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:039",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=51653",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=51653"
},
{
"name": "ADV-2011-0216",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0216"
},
{
"name": "43086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43086"
},
{
"name": "RHSA-2011:0177",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0177.html"
},
{
"name": "oval:org.mitre.oval:def:11736",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11736"
},
{
"name": "ADV-2011-0552",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"name": "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html"
}
]
}
}

200
2010/3xxx/CVE-2010-3274.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3274",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110210 CORE-2011-0103 - ZOHO ManageEngine ADSelfService multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516396/100/0/threaded"
},
{
"name" : "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities",
"refsource" : "MISC",
"url" : "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities"
},
{
"name" : "46331",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46331"
},
{
"name" : "70871",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/70871"
},
{
"name" : "70872",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/70872"
},
{
"name" : "43241",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43241"
},
{
"name" : "8089",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8089"
},
{
"name" : "ADV-2011-0392",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0392"
},
{
"name" : "adselfservice-employeesearch-xss(65349)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65349"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43241",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43241"
},
{
"name": "70872",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70872"
},
{
"name": "ADV-2011-0392",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0392"
},
{
"name": "20110210 CORE-2011-0103 - ZOHO ManageEngine ADSelfService multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516396/100/0/threaded"
},
{
"name": "8089",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8089"
},
{
"name": "adselfservice-employeesearch-xss(65349)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65349"
},
{
"name": "70871",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/70871"
},
{
"name": "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/zoho-manageengine-vulnerabilities"
},
{
"name": "46331",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46331"
}
]
}
}

330
2010/3xxx/CVE-2010-3861.json
View File

@ -1,167 +1,167 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3861",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize a certain block of heap memory, which allows local users to obtain potentially sensitive information via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value, a different vulnerability than CVE-2010-2478."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20101025 CVE request: kernel: heap contents leak from ETHTOOL_GRXCLSRLALL",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/10/25/4"
},
{
"name" : "[oss-security] 20101026 Re: CVE request: kernel: heap contents leak from ETHTOOL_GRXCLSRLALL",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/10/26/1"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ae6df5f96a51818d6376da5307d773baeece4014",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ae6df5f96a51818d6376da5307d773baeece4014"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=646725",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=646725"
},
{
"name" : "RHSA-2010:0958",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0958.html"
},
{
"name" : "RHSA-2011:0007",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0007.html"
},
{
"name" : "SUSE-SA:2011:001",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html"
},
{
"name" : "SUSE-SA:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html"
},
{
"name" : "SUSE-SA:2011:004",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html"
},
{
"name" : "SUSE-SA:2011:007",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
},
{
"name" : "USN-1041-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1041-1"
},
{
"name" : "44427",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44427"
},
{
"name" : "42778",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42778"
},
{
"name" : "42801",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42801"
},
{
"name" : "42758",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42758"
},
{
"name" : "42932",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42932"
},
{
"name" : "42890",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42890"
},
{
"name" : "ADV-2011-0012",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0012"
},
{
"name" : "ADV-2011-0070",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0070"
},
{
"name" : "ADV-2011-0124",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0124"
},
{
"name" : "ADV-2011-0298",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0298"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize a certain block of heap memory, which allows local users to obtain potentially sensitive information via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value, a different vulnerability than CVE-2010-2478."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2011:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html"
},
{
"name": "42778",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42778"
},
{
"name": "[oss-security] 20101025 CVE request: kernel: heap contents leak from ETHTOOL_GRXCLSRLALL",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/10/25/4"
},
{
"name": "42801",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42801"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=646725",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=646725"
},
{
"name": "SUSE-SA:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html"
},
{
"name": "SUSE-SA:2011:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html"
},
{
"name": "42932",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42932"
},
{
"name": "USN-1041-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1041-1"
},
{
"name": "RHSA-2011:0007",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html"
},
{
"name": "[oss-security] 20101026 Re: CVE request: kernel: heap contents leak from ETHTOOL_GRXCLSRLALL",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/10/26/1"
},
{
"name": "ADV-2011-0124",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0124"
},
{
"name": "SUSE-SA:2011:007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html"
},
{
"name": "ADV-2011-0298",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0298"
},
{
"name": "RHSA-2010:0958",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0958.html"
},
{
"name": "42758",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42758"
},
{
"name": "42890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42890"
},
{
"name": "ADV-2011-0012",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0012"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ae6df5f96a51818d6376da5307d773baeece4014",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ae6df5f96a51818d6376da5307d773baeece4014"
},
{
"name": "ADV-2011-0070",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0070"
},
{
"name": "44427",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44427"
}
]
}
}

230
2010/4xxx/CVE-2010-4665.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4665",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a directory data structure with many directory entries."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110412 libtiff CVE assignments",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/04/12/10"
},
{
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2218",
"refsource" : "CONFIRM",
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2218"
},
{
"name" : "http://www.remotesensing.org/libtiff/v3.9.5.html",
"refsource" : "CONFIRM",
"url" : "http://www.remotesensing.org/libtiff/v3.9.5.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=695887",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=695887"
},
{
"name" : "DSA-2552",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2552"
},
{
"name" : "FEDORA-2011-5304",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058478.html"
},
{
"name" : "GLSA-201209-02",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201209-02.xml"
},
{
"name" : "SUSE-SR:2011:009",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name" : "USN-1416-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-1416-1"
},
{
"name" : "47338",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47338"
},
{
"name" : "44271",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44271"
},
{
"name" : "50726",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50726"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a directory data structure with many directory entries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110412 libtiff CVE assignments",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/12/10"
},
{
"name": "44271",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44271"
},
{
"name": "SUSE-SR:2011:009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2218",
"refsource": "CONFIRM",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2218"
},
{
"name": "DSA-2552",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2552"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=695887",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=695887"
},
{
"name": "GLSA-201209-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
},
{
"name": "FEDORA-2011-5304",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058478.html"
},
{
"name": "http://www.remotesensing.org/libtiff/v3.9.5.html",
"refsource": "CONFIRM",
"url": "http://www.remotesensing.org/libtiff/v3.9.5.html"
},
{
"name": "USN-1416-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1416-1"
},
{
"name": "47338",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47338"
},
{
"name": "50726",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50726"
}
]
}
}

170
2010/4xxx/CVE-2010-4945.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4945",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the CamelcityDB (com_camelcitydb2) component 2.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14530",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14530"
},
{
"name" : "http://packetstormsecurity.org/0901-exploits/joomlacamel-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0901-exploits/joomlacamel-sql.txt"
},
{
"name" : "http://packetstormsecurity.org/1008-exploits/joomlacamelcitydb2-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1008-exploits/joomlacamelcitydb2-sql.txt"
},
{
"name" : "33254",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33254"
},
{
"name" : "8465",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8465"
},
{
"name" : "camelcitydb2-itemid-sql-injection(60860)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60860"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the CamelcityDB (com_camelcitydb2) component 2.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8465",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8465"
},
{
"name": "33254",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33254"
},
{
"name": "http://packetstormsecurity.org/1008-exploits/joomlacamelcitydb2-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1008-exploits/joomlacamelcitydb2-sql.txt"
},
{
"name": "camelcitydb2-itemid-sql-injection(60860)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60860"
},
{
"name": "http://packetstormsecurity.org/0901-exploits/joomlacamel-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0901-exploits/joomlacamel-sql.txt"
},
{
"name": "14530",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14530"
}
]
}
}

140
2011/1xxx/CVE-2011-1794.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1794",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the FilterEffect::copyImageBytes function in platform/graphics/filters/FilterEffect.cpp in the SVG filter implementation in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted dimensions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-1794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://crbug.com/78327",
"refsource" : "CONFIRM",
"url" : "http://crbug.com/78327"
},
{
"name" : "http://launchpad.net/bugs/778822",
"refsource" : "CONFIRM",
"url" : "http://launchpad.net/bugs/778822"
},
{
"name" : "http://trac.webkit.org/changeset/84422",
"refsource" : "CONFIRM",
"url" : "http://trac.webkit.org/changeset/84422"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the FilterEffect::copyImageBytes function in platform/graphics/filters/FilterEffect.cpp in the SVG filter implementation in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted dimensions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://crbug.com/78327",
"refsource": "CONFIRM",
"url": "http://crbug.com/78327"
},
{
"name": "http://trac.webkit.org/changeset/84422",
"refsource": "CONFIRM",
"url": "http://trac.webkit.org/changeset/84422"
},
{
"name": "http://launchpad.net/bugs/778822",
"refsource": "CONFIRM",
"url": "http://launchpad.net/bugs/778822"
}
]
}
}

130
2014/3xxx/CVE-2014-3416.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3416",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "uPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the portlet-admin portlet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.jasig.org/uportal/download/uportal-4-0-13-1",
"refsource" : "CONFIRM",
"url" : "http://www.jasig.org/uportal/download/uportal-4-0-13-1"
},
{
"name" : "https://issues.jasig.org/browse/UP-4105",
"refsource" : "CONFIRM",
"url" : "https://issues.jasig.org/browse/UP-4105"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "uPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the portlet-admin portlet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.jasig.org/uportal/download/uportal-4-0-13-1",
"refsource": "CONFIRM",
"url": "http://www.jasig.org/uportal/download/uportal-4-0-13-1"
},
{
"name": "https://issues.jasig.org/browse/UP-4105",
"refsource": "CONFIRM",
"url": "https://issues.jasig.org/browse/UP-4105"
}
]
}
}

760
2014/3xxx/CVE-2014-3511.json
View File

@ -1,382 +1,382 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3511",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a \"protocol downgrade\" issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
"refsource" : "MLIST",
"url" : "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
},
{
"name" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=280b1f1ad12131defcd986676a8fc9717aaa601b",
"refsource" : "CONFIRM",
"url" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=280b1f1ad12131defcd986676a8fc9717aaa601b"
},
{
"name" : "https://www.openssl.org/news/secadv_20140806.txt",
"refsource" : "CONFIRM",
"url" : "https://www.openssl.org/news/secadv_20140806.txt"
},
{
"name" : "http://www.arubanetworks.com/support/alerts/aid-08182014.txt",
"refsource" : "CONFIRM",
"url" : "http://www.arubanetworks.com/support/alerts/aid-08182014.txt"
},
{
"name" : "http://www.tenable.com/security/tns-2014-06",
"refsource" : "CONFIRM",
"url" : "http://www.tenable.com/security/tns-2014-06"
},
{
"name" : "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc",
"refsource" : "CONFIRM",
"url" : "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
},
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10084",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10084"
},
{
"name" : "http://www.splunk.com/view/SP-CAAANHS",
"refsource" : "CONFIRM",
"url" : "http://www.splunk.com/view/SP-CAAANHS"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686997",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
},
{
"name" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682293",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"name" : "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15564.html",
"refsource" : "CONFIRM",
"url" : "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15564.html"
},
{
"name" : "https://techzone.ergon.ch/CVE-2014-3511",
"refsource" : "CONFIRM",
"url" : "https://techzone.ergon.ch/CVE-2014-3511"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683389",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1127504",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1127504"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2014-1052.html",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2014-1052.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
},
{
"name" : "https://support.citrix.com/article/CTX216642",
"refsource" : "CONFIRM",
"url" : "https://support.citrix.com/article/CTX216642"
},
{
"name" : "DSA-2998",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2998"
},
{
"name" : "FEDORA-2014-9301",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
},
{
"name" : "FEDORA-2014-9308",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
},
{
"name" : "FreeBSD-SA-14:18",
"refsource" : "FREEBSD",
"url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
},
{
"name" : "GLSA-201412-39",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201412-39.xml"
},
{
"name" : "HPSBMU03260",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142495837901899&w=2"
},
{
"name" : "SSRT101894",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142495837901899&w=2"
},
{
"name" : "HPSBMU03216",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142350350616251&w=2"
},
{
"name" : "SSRT101818",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142350350616251&w=2"
},
{
"name" : "HPSBMU03267",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142624590206005&w=2"
},
{
"name" : "HPSBHF03293",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142660345230545&w=2"
},
{
"name" : "SSRT101846",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142660345230545&w=2"
},
{
"name" : "HPSBMU03304",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142791032306609&w=2"
},
{
"name" : "HPSBMU03261",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=143290522027658&w=2"
},
{
"name" : "HPSBMU03263",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=143290437727362&w=2"
},
{
"name" : "NetBSD-SA2014-008",
"refsource" : "NETBSD",
"url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
},
{
"name" : "RHSA-2015:0197",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0197.html"
},
{
"name" : "RHSA-2015:0126",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0126.html"
},
{
"name" : "openSUSE-SU-2014:1052",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
},
{
"name" : "69079",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69079"
},
{
"name" : "1030693",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030693"
},
{
"name" : "59887",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59887"
},
{
"name" : "60377",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60377"
},
{
"name" : "60810",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60810"
},
{
"name" : "60890",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60890"
},
{
"name" : "60917",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60917"
},
{
"name" : "60921",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60921"
},
{
"name" : "60938",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60938"
},
{
"name" : "61775",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61775"
},
{
"name" : "61959",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61959"
},
{
"name" : "59756",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59756"
},
{
"name" : "60803",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60803"
},
{
"name" : "61017",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61017"
},
{
"name" : "61043",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61043"
},
{
"name" : "61100",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61100"
},
{
"name" : "61139",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61139"
},
{
"name" : "61184",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61184"
},
{
"name" : "58962",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58962"
},
{
"name" : "59700",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59700"
},
{
"name" : "59710",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59710"
},
{
"name" : "60022",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60022"
},
{
"name" : "60684",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60684"
},
{
"name" : "60221",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60221"
},
{
"name" : "60493",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60493"
},
{
"name" : "openssl-cve20143511-sec-bypass(95162)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95162"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a \"protocol downgrade\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:1052",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-1052.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-1052.html"
},
{
"name": "60221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60221"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
},
{
"name": "61184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61184"
},
{
"name": "SSRT101846",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142660345230545&w=2"
},
{
"name": "60022",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60022"
},
{
"name": "https://www.openssl.org/news/secadv_20140806.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv_20140806.txt"
},
{
"name": "61017",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61017"
},
{
"name": "RHSA-2015:0197",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0197.html"
},
{
"name": "60377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60377"
},
{
"name": "SSRT101818",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142350350616251&w=2"
},
{
"name": "59887",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59887"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
},
{
"name": "HPSBMU03304",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142791032306609&w=2"
},
{
"name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
},
{
"name": "60890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60890"
},
{
"name": "GLSA-201412-39",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
},
{
"name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15564.html",
"refsource": "CONFIRM",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15564.html"
},
{
"name": "HPSBHF03293",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142660345230545&w=2"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
},
{
"name": "HPSBMU03260",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142495837901899&w=2"
},
{
"name": "60803",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60803"
},
{
"name": "59700",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59700"
},
{
"name": "FEDORA-2014-9308",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html"
},
{
"name": "1030693",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030693"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"name": "openssl-cve20143511-sec-bypass(95162)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95162"
},
{
"name": "http://www.splunk.com/view/SP-CAAANHS",
"refsource": "CONFIRM",
"url": "http://www.splunk.com/view/SP-CAAANHS"
},
{
"name": "60917",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60917"
},
{
"name": "HPSBMU03216",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142350350616251&w=2"
},
{
"name": "http://www.tenable.com/security/tns-2014-06",
"refsource": "CONFIRM",
"url": "http://www.tenable.com/security/tns-2014-06"
},
{
"name": "NetBSD-SA2014-008",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10084",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10084"
},
{
"name": "60493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60493"
},
{
"name": "59710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59710"
},
{
"name": "60921",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60921"
},
{
"name": "69079",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69079"
},
{
"name": "61043",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61043"
},
{
"name": "60810",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60810"
},
{
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=280b1f1ad12131defcd986676a8fc9717aaa601b",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=280b1f1ad12131defcd986676a8fc9717aaa601b"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
},
{
"name": "61100",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61100"
},
{
"name": "FreeBSD-SA-14:18",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
},
{
"name": "61775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61775"
},
{
"name": "SSRT101894",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142495837901899&w=2"
},
{
"name": "DSA-2998",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2998"
},
{
"name": "HPSBMU03263",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=143290437727362&w=2"
},
{
"name": "FEDORA-2014-9301",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html"
},
{
"name": "61959",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61959"
},
{
"name": "59756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59756"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1127504",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127504"
},
{
"name": "HPSBMU03267",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142624590206005&w=2"
},
{
"name": "HPSBMU03261",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=143290522027658&w=2"
},
{
"name": "RHSA-2015:0126",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0126.html"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
},
{
"name": "58962",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58962"
},
{
"name": "http://www.arubanetworks.com/support/alerts/aid-08182014.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/support/alerts/aid-08182014.txt"
},
{
"name": "60938",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60938"
},
{
"name": "60684",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60684"
},
{
"name": "https://support.citrix.com/article/CTX216642",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX216642"
},
{
"name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
"refsource": "MLIST",
"url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
},
{
"name": "https://techzone.ergon.ch/CVE-2014-3511",
"refsource": "CONFIRM",
"url": "https://techzone.ergon.ch/CVE-2014-3511"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
},
{
"name": "61139",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61139"
}
]
}
}

250
2014/3xxx/CVE-2014-3647.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3647",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141024 kvm issues",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/10/24/9"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=234f3ce485d54017f15cf5e0699cff4100121601",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=234f3ce485d54017f15cf5e0699cff4100121601"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d1442d85cc30ea75f7d399474ca738e0bc96f715",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d1442d85cc30ea75f7d399474ca738e0bc96f715"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1144897",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1144897"
},
{
"name" : "https://github.com/torvalds/linux/commit/234f3ce485d54017f15cf5e0699cff4100121601",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/234f3ce485d54017f15cf5e0699cff4100121601"
},
{
"name" : "https://github.com/torvalds/linux/commit/d1442d85cc30ea75f7d399474ca738e0bc96f715",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/d1442d85cc30ea75f7d399474ca738e0bc96f715"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name" : "DSA-3060",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3060"
},
{
"name" : "SUSE-SU-2015:0481",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
},
{
"name" : "openSUSE-SU-2015:0566",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
},
{
"name" : "USN-2394-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2394-1"
},
{
"name" : "USN-2417-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2417-1"
},
{
"name" : "USN-2418-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2418-1"
},
{
"name" : "70748",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70748"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70748",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70748"
},
{
"name": "USN-2418-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2418-1"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d1442d85cc30ea75f7d399474ca738e0bc96f715",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d1442d85cc30ea75f7d399474ca738e0bc96f715"
},
{
"name": "USN-2417-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2417-1"
},
{
"name": "DSA-3060",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3060"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=234f3ce485d54017f15cf5e0699cff4100121601",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=234f3ce485d54017f15cf5e0699cff4100121601"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "SUSE-SU-2015:0481",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
},
{
"name": "openSUSE-SU-2015:0566",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
},
{
"name": "USN-2394-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2394-1"
},
{
"name": "[oss-security] 20141024 kvm issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/10/24/9"
},
{
"name": "https://github.com/torvalds/linux/commit/d1442d85cc30ea75f7d399474ca738e0bc96f715",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/d1442d85cc30ea75f7d399474ca738e0bc96f715"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1144897",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144897"
},
{
"name": "https://github.com/torvalds/linux/commit/234f3ce485d54017f15cf5e0699cff4100121601",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/234f3ce485d54017f15cf5e0699cff4100121601"
}
]
}
}

150
2014/3xxx/CVE-2014-3975.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3975",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Absolute path traversal vulnerability in filemanager.php in AuraCMS 3.0 allows remote attackers to list a directory via a full pathname in the viewdir parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3975",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "33555",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/33555"
},
{
"name" : "http://bot24.blogspot.com/2014/05/auracms-30-cross-site-scripting-local.html",
"refsource" : "MISC",
"url" : "http://bot24.blogspot.com/2014/05/auracms-30-cross-site-scripting-local.html"
},
{
"name" : "http://packetstormsecurity.com/files/126843/AuraCMS-3.0-Cross-Site-Scripting-Local-File-Inclusion.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/126843/AuraCMS-3.0-Cross-Site-Scripting-Local-File-Inclusion.html"
},
{
"name" : "107555",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/show/osvdb/107555"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in filemanager.php in AuraCMS 3.0 allows remote attackers to list a directory via a full pathname in the viewdir parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107555",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/107555"
},
{
"name": "33555",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/33555"
},
{
"name": "http://packetstormsecurity.com/files/126843/AuraCMS-3.0-Cross-Site-Scripting-Local-File-Inclusion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126843/AuraCMS-3.0-Cross-Site-Scripting-Local-File-Inclusion.html"
},
{
"name": "http://bot24.blogspot.com/2014/05/auracms-30-cross-site-scripting-local.html",
"refsource": "MISC",
"url": "http://bot24.blogspot.com/2014/05/auracms-30-cross-site-scripting-local.html"
}
]
}
}

34
2014/7xxx/CVE-2014-7350.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7350",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-7350",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

140
2014/7xxx/CVE-2014-7395.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7395",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The USF BCM (aka com.appmakr.app193115) application 252847 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#611537",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/611537"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The USF BCM (aka com.appmakr.app193115) application 252847 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#611537",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/611537"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

310
2014/8xxx/CVE-2014-8090.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8090",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/",
"refsource" : "CONFIRM",
"url" : "https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/"
},
{
"name" : "http://advisories.mageia.org/MGASA-2014-0472.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2014-0472.html"
},
{
"name" : "https://support.apple.com/HT205267",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205267"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name" : "APPLE-SA-2015-09-30-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name" : "DSA-3159",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3159"
},
{
"name" : "DSA-3157",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3157"
},
{
"name" : "MDVSA-2015:129",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:129"
},
{
"name" : "RHSA-2014:1911",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1911.html"
},
{
"name" : "RHSA-2014:1912",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1912.html"
},
{
"name" : "RHSA-2014:1913",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1913.html"
},
{
"name" : "RHSA-2014:1914",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1914.html"
},
{
"name" : "openSUSE-SU-2014:1589",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html"
},
{
"name" : "openSUSE-SU-2015:0002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-01/msg00000.html"
},
{
"name" : "openSUSE-SU-2015:0007",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-01/msg00004.html"
},
{
"name" : "USN-2412-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2412-1"
},
{
"name" : "71230",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71230"
},
{
"name" : "59948",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59948"
},
{
"name" : "62748",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62748"
},
{
"name" : "62050",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62050"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:1589",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html"
},
{
"name": "59948",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59948"
},
{
"name": "RHSA-2014:1912",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1912.html"
},
{
"name": "DSA-3159",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3159"
},
{
"name": "62050",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62050"
},
{
"name": "APPLE-SA-2015-09-30-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "RHSA-2014:1913",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1913.html"
},
{
"name": "https://support.apple.com/HT205267",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205267"
},
{
"name": "RHSA-2014:1911",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1911.html"
},
{
"name": "DSA-3157",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3157"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0472.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0472.html"
},
{
"name": "https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/"
},
{
"name": "USN-2412-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2412-1"
},
{
"name": "62748",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62748"
},
{
"name": "MDVSA-2015:129",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:129"
},
{
"name": "71230",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71230"
},
{
"name": "openSUSE-SU-2015:0007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00004.html"
},
{
"name": "RHSA-2014:1914",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1914.html"
},
{
"name": "openSUSE-SU-2015:0002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00000.html"
}
]
}
}

34
2014/8xxx/CVE-2014-8203.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8203",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-8203",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

170
2014/8xxx/CVE-2014-8493.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8493",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "35272",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/35272"
},
{
"name" : "35276",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/35276"
},
{
"name" : "20141117 CVE-2014-8493 - ZTE ZXHN H108L Authentication Bypass",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Nov/46"
},
{
"name" : "http://packetstormsecurity.com/files/129139/ZTE-ZXHN-H108L-Access-Bypass.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129139/ZTE-ZXHN-H108L-Access-Bypass.html"
},
{
"name" : "https://projectzero.gr/en/2014/11/zte-zxhn-h108l-authentication-bypass/",
"refsource" : "MISC",
"url" : "https://projectzero.gr/en/2014/11/zte-zxhn-h108l-authentication-bypass/"
},
{
"name" : "zxhnh108l-cve20148493-sec-bypass(98733)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98733"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/129139/ZTE-ZXHN-H108L-Access-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129139/ZTE-ZXHN-H108L-Access-Bypass.html"
},
{
"name": "35276",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35276"
},
{
"name": "20141117 CVE-2014-8493 - ZTE ZXHN H108L Authentication Bypass",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/46"
},
{
"name": "https://projectzero.gr/en/2014/11/zte-zxhn-h108l-authentication-bypass/",
"refsource": "MISC",
"url": "https://projectzero.gr/en/2014/11/zte-zxhn-h108l-authentication-bypass/"
},
{
"name": "35272",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35272"
},
{
"name": "zxhnh108l-cve20148493-sec-bypass(98733)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98733"
}
]
}
}

150
2014/8xxx/CVE-2014-8609.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8609",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for broadcasting an intent with arbitrary component, action, or category information via a third-party authenticator in a crafted application, aka Bug 17356824."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141126 CVE-2014-8609 Android Settings application privilege leakage vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Nov/81"
},
{
"name" : "http://packetstormsecurity.com/files/129281/Android-Settings-Pendingintent-Leak.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129281/Android-Settings-Pendingintent-Leak.html"
},
{
"name" : "http://xteam.baidu.com/?p=158",
"refsource" : "MISC",
"url" : "http://xteam.baidu.com/?p=158"
},
{
"name" : "https://android.googlesource.com/platform/packages/apps/Settings/+/f5d3e74ecc2b973941d8adbe40c6b23094b5abb7",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/packages/apps/Settings/+/f5d3e74ecc2b973941d8adbe40c6b23094b5abb7"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for broadcasting an intent with arbitrary component, action, or category information via a third-party authenticator in a crafted application, aka Bug 17356824."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/129281/Android-Settings-Pendingintent-Leak.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129281/Android-Settings-Pendingintent-Leak.html"
},
{
"name": "http://xteam.baidu.com/?p=158",
"refsource": "MISC",
"url": "http://xteam.baidu.com/?p=158"
},
{
"name": "20141126 CVE-2014-8609 Android Settings application privilege leakage vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/81"
},
{
"name": "https://android.googlesource.com/platform/packages/apps/Settings/+/f5d3e74ecc2b973941d8adbe40c6b23094b5abb7",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/packages/apps/Settings/+/f5d3e74ecc2b973941d8adbe40c6b23094b5abb7"
}
]
}
}

150
2014/8xxx/CVE-2014-8656.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8656",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the root account, which makes it easier for remote attackers to obtain access to certain sensitive information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "35075",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/35075"
},
{
"name" : "http://packetstormsecurity.com/files/128860/CBN-CH6640E-CG6640E-Wireless-Gateway-XSS-CSRF-DoS-Disclosure.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128860/CBN-CH6640E-CG6640E-Wireless-Gateway-XSS-CSRF-DoS-Disclosure.html"
},
{
"name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5203.php",
"refsource" : "MISC",
"url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5203.php"
},
{
"name" : "113836",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/show/osvdb/113836"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the root account, which makes it easier for remote attackers to obtain access to certain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5203.php",
"refsource": "MISC",
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5203.php"
},
{
"name": "35075",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35075"
},
{
"name": "http://packetstormsecurity.com/files/128860/CBN-CH6640E-CG6640E-Wireless-Gateway-XSS-CSRF-DoS-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128860/CBN-CH6640E-CG6640E-Wireless-Gateway-XSS-CSRF-DoS-Disclosure.html"
},
{
"name": "113836",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/113836"
}
]
}
}

190
2014/8xxx/CVE-2014-8988.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8988",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MantisBT before 1.2.18 allows remote authenticated users to bypass the $g_download_attachments_threshold and $g_view_attachments_threshold restrictions and read attachments for private projects by leveraging access to a project that does not restrict access to attachments and a request to the download URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141115 CVE Request: information disclosure in MantisBT attachments",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/11/15/6"
},
{
"name" : "[oss-security] 20141119 Re: CVE Request: information disclosure in MantisBT attachments",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q4/693"
},
{
"name" : "http://www.mantisbt.org/bugs/view.php?id=17742",
"refsource" : "CONFIRM",
"url" : "http://www.mantisbt.org/bugs/view.php?id=17742"
},
{
"name" : "https://github.com/mantisbt/mantisbt/commit/5f0b150b",
"refsource" : "CONFIRM",
"url" : "https://github.com/mantisbt/mantisbt/commit/5f0b150b"
},
{
"name" : "DSA-3120",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3120"
},
{
"name" : "71104",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71104"
},
{
"name" : "62101",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62101"
},
{
"name" : "mantisbt-fileapi-sec-bypass(98731)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98731"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MantisBT before 1.2.18 allows remote authenticated users to bypass the $g_download_attachments_threshold and $g_view_attachments_threshold restrictions and read attachments for private projects by leveraging access to a project that does not restrict access to attachments and a request to the download URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20141115 CVE Request: information disclosure in MantisBT attachments",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/11/15/6"
},
{
"name": "https://github.com/mantisbt/mantisbt/commit/5f0b150b",
"refsource": "CONFIRM",
"url": "https://github.com/mantisbt/mantisbt/commit/5f0b150b"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=17742",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=17742"
},
{
"name": "62101",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62101"
},
{
"name": "71104",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71104"
},
{
"name": "[oss-security] 20141119 Re: CVE Request: information disclosure in MantisBT attachments",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q4/693"
},
{
"name": "mantisbt-fileapi-sec-bypass(98731)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98731"
},
{
"name": "DSA-3120",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3120"
}
]
}
}

150
2014/9xxx/CVE-2014-9477.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9477",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Listings extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) url parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-9477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[MediaWiki-announce] 20141217 MediaWiki Security and Maintenance Releases: 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
"refsource" : "MLIST",
"url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
},
{
"name" : "[oss-security] 20141221 CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/12/21/2"
},
{
"name" : "[oss-security] 20150103 Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/01/03/13"
},
{
"name" : "https://phabricator.wikimedia.org/T77624",
"refsource" : "CONFIRM",
"url" : "https://phabricator.wikimedia.org/T77624"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Listings extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://phabricator.wikimedia.org/T77624",
"refsource": "CONFIRM",
"url": "https://phabricator.wikimedia.org/T77624"
},
{
"name": "[oss-security] 20150103 Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/03/13"
},
{
"name": "[oss-security] 20141221 CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/12/21/2"
},
{
"name": "[MediaWiki-announce] 20141217 MediaWiki Security and Maintenance Releases: 1.24.1, 1.23.8, 1.22.15 and 1.19.23",
"refsource": "MLIST",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html"
}
]
}
}

160
2014/9xxx/CVE-2014-9811.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9811",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141224 Imagemagick fuzzing bug",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/12/24/1"
},
{
"name" : "[oss-security] 20160602 Re: ImageMagick CVEs",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=82a5bbdd47b9b3f43ce3c2aa18741aecc4a0f962",
"refsource" : "CONFIRM",
"url" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=82a5bbdd47b9b3f43ce3c2aa18741aecc4a0f962"
},
{
"name" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=914da276f717b3e21e5af6614887af14af87a9b8",
"refsource" : "CONFIRM",
"url" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=914da276f717b3e21e5af6614887af14af87a9b8"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343467",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343467"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=82a5bbdd47b9b3f43ce3c2aa18741aecc4a0f962",
"refsource": "CONFIRM",
"url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=82a5bbdd47b9b3f43ce3c2aa18741aecc4a0f962"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343467",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343467"
},
{
"name": "[oss-security] 20160602 Re: ImageMagick CVEs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name": "[oss-security] 20141224 Imagemagick fuzzing bug",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/12/24/1"
},
{
"name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=914da276f717b3e21e5af6614887af14af87a9b8",
"refsource": "CONFIRM",
"url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=914da276f717b3e21e5af6614887af14af87a9b8"
}
]
}
}

180
2014/9xxx/CVE-2014-9849.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9849",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The png coder in ImageMagick allows remote attackers to cause a denial of service (crash)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160602 Re: ImageMagick CVEs",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343509",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343509"
},
{
"name" : "SUSE-SU-2016:1782",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html"
},
{
"name" : "SUSE-SU-2016:1784",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html"
},
{
"name" : "openSUSE-SU-2016:1748",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html"
},
{
"name" : "openSUSE-SU-2016:1833",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html"
},
{
"name" : "USN-3131-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3131-1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The png coder in ImageMagick allows remote attackers to cause a denial of service (crash)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:1833",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html"
},
{
"name": "SUSE-SU-2016:1782",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html"
},
{
"name": "[oss-security] 20160602 Re: ImageMagick CVEs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name": "openSUSE-SU-2016:1748",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html"
},
{
"name": "SUSE-SU-2016:1784",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343509",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343509"
},
{
"name": "USN-3131-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3131-1"
}
]
}
}

132
2014/9xxx/CVE-2014-9991.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00",
"ID" : "CVE-2014-9991",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
{
"version_value" : "MDM9206, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 450"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, and SD 450, if a client or host sends more than 16k bytes of USB mass storage transfer, a buffer overflow occurs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in WIREDCONNECTIVITY"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-04-02T00:00:00",
"ID": "CVE-2014-9991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "MDM9206, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 450"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name" : "103671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103671"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, and SD 450, if a client or host sends more than 16k bytes of USB mass storage transfer, a buffer overflow occurs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in WIREDCONNECTIVITY"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
}

34
2016/2xxx/CVE-2016-2215.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2215",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2215",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2016/2xxx/CVE-2016-2663.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2663",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2663",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/2xxx/CVE-2016-2739.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2739",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2739",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

150
2016/2xxx/CVE-2016-2855.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2855",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Huawei Mobile Broadband HL Service 22.001.25.00.03 and earlier uses a weak ACL for the MobileBrServ program data directory, which allows local users to gain SYSTEM privileges by modifying VERSION.dll."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160512 Huawei Mobile Broadband HL Service Local Privilege Escalation",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/May/34"
},
{
"name" : "http://packetstormsecurity.com/files/137025/Huawei-Mobile-Broadband-HL-Service-22.001.25.00.03-Local-Privilege-Escalation.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/137025/Huawei-Mobile-Broadband-HL-Service-22.001.25.00.03-Local-Privilege-Escalation.html"
},
{
"name" : "https://bogner.sh/2016/05/cve-2016-2855-huawei-mobile-broadband-hl-service-local-privilege-escalation/",
"refsource" : "MISC",
"url" : "https://bogner.sh/2016/05/cve-2016-2855-huawei-mobile-broadband-hl-service-local-privilege-escalation/"
},
{
"name" : "https://www.youtube.com/watch?v=MwtjE2PmEJU",
"refsource" : "MISC",
"url" : "https://www.youtube.com/watch?v=MwtjE2PmEJU"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Huawei Mobile Broadband HL Service 22.001.25.00.03 and earlier uses a weak ACL for the MobileBrServ program data directory, which allows local users to gain SYSTEM privileges by modifying VERSION.dll."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160512 Huawei Mobile Broadband HL Service Local Privilege Escalation",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/May/34"
},
{
"name": "https://bogner.sh/2016/05/cve-2016-2855-huawei-mobile-broadband-hl-service-local-privilege-escalation/",
"refsource": "MISC",
"url": "https://bogner.sh/2016/05/cve-2016-2855-huawei-mobile-broadband-hl-service-local-privilege-escalation/"
},
{
"name": "http://packetstormsecurity.com/files/137025/Huawei-Mobile-Broadband-HL-Service-22.001.25.00.03-Local-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/137025/Huawei-Mobile-Broadband-HL-Service-22.001.25.00.03-Local-Privilege-Escalation.html"
},
{
"name": "https://www.youtube.com/watch?v=MwtjE2PmEJU",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=MwtjE2PmEJU"
}
]
}
}

34
2016/6xxx/CVE-2016-6011.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6011",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6011",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

190
2016/6xxx/CVE-2016-6262.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6262",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[help-libidn] 20160720 Libidn 1.33 released",
"refsource" : "MLIST",
"url" : "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
},
{
"name" : "[oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"name" : "[oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"name" : "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60",
"refsource" : "CONFIRM",
"url" : "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60"
},
{
"name" : "openSUSE-SU-2016:1924",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html"
},
{
"name" : "openSUSE-SU-2016:2135",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"name" : "USN-3068-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3068-1"
},
{
"name" : "92070",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92070"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160721 Re: CVE request: multiple issues fixed in GNU libidn 1.33",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/4"
},
{
"name": "openSUSE-SU-2016:2135",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html"
},
{
"name": "[oss-security] 20160720 CVE request: multiple issues fixed in GNU libidn 1.33",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/6"
},
{
"name": "openSUSE-SU-2016:1924",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00005.html"
},
{
"name": "92070",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92070"
},
{
"name": "[help-libidn] 20160720 Libidn 1.33 released",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html"
},
{
"name": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60"
},
{
"name": "USN-3068-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3068-1"
}
]
}
}

150
2016/6xxx/CVE-2016-6486.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6486",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Siemens SINEMA Server uses weak permissions for the application folder, which allows local users to gain privileges via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-215-02",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-215-02"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-478",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-478"
},
{
"name" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-321174.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-321174.pdf"
},
{
"name" : "92254",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92254"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Siemens SINEMA Server uses weak permissions for the application folder, which allows local users to gain privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-215-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-215-02"
},
{
"name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-321174.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-321174.pdf"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-478",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-478"
},
{
"name": "92254",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92254"
}
]
}
}

140
2016/6xxx/CVE-2016-6606.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6606",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.phpmyadmin.net/security/PMASA-2016-29",
"refsource" : "CONFIRM",
"url" : "https://www.phpmyadmin.net/security/PMASA-2016-29"
},
{
"name" : "GLSA-201701-32",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-32"
},
{
"name" : "94114",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94114"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.phpmyadmin.net/security/PMASA-2016-29",
"refsource": "CONFIRM",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-29"
},
{
"name": "94114",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94114"
},
{
"name": "GLSA-201701-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-32"
}
]
}
}

34
2016/7xxx/CVE-2016-7159.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7159",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7159",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2016/7xxx/CVE-2016-7549.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7549",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified other impact by leveraging access to a renderer process, related to render_frame_host_impl.cc and render_widget_host_impl.cc, as demonstrated by a Password Manager message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-7549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://codereview.chromium.org/1534933002",
"refsource" : "CONFIRM",
"url" : "https://codereview.chromium.org/1534933002"
},
{
"name" : "https://crbug.com/556351",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/556351"
},
{
"name" : "https://crbug.com/646394",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/646394"
},
{
"name" : "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"refsource" : "CONFIRM",
"url" : "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"name" : "RHSA-2016:1905",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
},
{
"name" : "93160",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93160"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified other impact by leveraging access to a renderer process, related to render_frame_host_impl.cc and render_widget_host_impl.cc, as demonstrated by a Password Manager message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93160",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93160"
},
{
"name": "https://crbug.com/556351",
"refsource": "CONFIRM",
"url": "https://crbug.com/556351"
},
{
"name": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html",
"refsource": "CONFIRM",
"url": "https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_13.html"
},
{
"name": "RHSA-2016:1905",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1905.html"
},
{
"name": "https://crbug.com/646394",
"refsource": "CONFIRM",
"url": "https://crbug.com/646394"
},
{
"name": "https://codereview.chromium.org/1534933002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1534933002"
}
]
}
}

34
2017/5xxx/CVE-2017-5739.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5739",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5739",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}