admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:03:24 +00:00
parent 42a85c5f9e
commit 73bf7fab55
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
47 changed files with 3401 additions and 3401 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2006/0xxx/CVE-2006-0707.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0707", "ID": "CVE-2006-0707",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / (slash) characters, which is accessed using the PATH_INFO variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sourceforge.net/project/shownotes.php?release_id=391800", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=391800" "lang": "eng",
}, "value": "PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / (slash) characters, which is accessed using the PATH_INFO variable."
{ }
"name" : "16641", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/16641" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-0571", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0571" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "18858", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/18858" ]
}, },
{ "references": {
"name" : "pyblosxom-pathinfo-information-disclosure(24730)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24730" "name": "16641",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/16641"
} },
} {
"name": "pyblosxom-pathinfo-information-disclosure(24730)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24730"
},
{
"name": "ADV-2006-0571",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0571"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=391800",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=391800"
},
{
"name": "18858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18858"
}
]
}
}

140
2006/0xxx/CVE-2006-0762.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0762", "ID": "CVE-2006-0762",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WinAbility Folder Guard 4.11 allows local users to gain unauthorized access to certain capabilities of the application by renaming or moving the password file (FGuard.FGP), which disables the password requirement."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060213 Folder Guard password protection bypass", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/424855/100/0/threaded" "lang": "eng",
}, "value": "WinAbility Folder Guard 4.11 allows local users to gain unauthorized access to certain capabilities of the application by renaming or moving the password file (FGuard.FGP), which disables the password requirement."
{ }
"name" : "20060213 Re: Folder Guard password protection bypass", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/424905/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "folderguard-fguard-bypass-authentication(24725)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24725" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20060213 Re: Folder Guard password protection bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424905/100/0/threaded"
},
{
"name": "folderguard-fguard-bypass-authentication(24725)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24725"
},
{
"name": "20060213 Folder Guard password protection bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424855/100/0/threaded"
}
]
}
}

180
2006/0xxx/CVE-2006-0885.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0885", "ID": "CVE-2006-0885",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the show parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060221 [myimei]CuteNews1.4.1~ Add Comment For Protected UserNames~ XSS Attack", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/425583" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the show parameter."
{ }
"name" : "http://myimei.com/security/2006-02-20/cutenews141addcommentforprotectedusernamesxss-attack.html", ]
"refsource" : "MISC", },
"url" : "http://myimei.com/security/2006-02-20/cutenews141addcommentforprotectedusernamesxss-attack.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16740", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16740" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-0685", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/0685" ]
}, },
{ "references": {
"name" : "23400", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/23400" "name": "ADV-2006-0685",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/0685"
"name" : "18981", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18981" "name": "http://myimei.com/security/2006-02-20/cutenews141addcommentforprotectedusernamesxss-attack.html",
}, "refsource": "MISC",
{ "url": "http://myimei.com/security/2006-02-20/cutenews141addcommentforprotectedusernamesxss-attack.html"
"name" : "cutenews-shownews-xss(24835)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24835" "name": "23400",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/23400"
} },
} {
"name": "18981",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18981"
},
{
"name": "20060221 [myimei]CuteNews1.4.1~ Add Comment For Protected UserNames~ XSS Attack",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425583"
},
{
"name": "cutenews-shownews-xss(24835)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24835"
},
{
"name": "16740",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16740"
}
]
}
}

170
2006/0xxx/CVE-2006-0976.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0976", "ID": "CVE-2006-0976",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in scan_lang_insert.php in Boris Herbiniere-Seve SPiD 1.3.1 allows remote attackers to read arbitrary files via the lang parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060225 NSA Group Security Advisory NSAG-¹201-25.02.2006 Vulnerability SPiD v1.3.1", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/426073/100/0/threaded" "lang": "eng",
}, "value": "Directory traversal vulnerability in scan_lang_insert.php in Boris Herbiniere-Seve SPiD 1.3.1 allows remote attackers to read arbitrary files via the lang parameter."
{ }
"name" : "http://www.nsag.ru/vuln/955.html", ]
"refsource" : "MISC", },
"url" : "http://www.nsag.ru/vuln/955.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16822", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16822" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-0766", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/0766" ]
}, },
{ "references": {
"name" : "19033", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19033" "name": "spid-scanlanginsert-file-include(24955)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24955"
"name" : "spid-scanlanginsert-file-include(24955)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24955" "name": "ADV-2006-0766",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/0766"
} },
} {
"name": "http://www.nsag.ru/vuln/955.html",
"refsource": "MISC",
"url": "http://www.nsag.ru/vuln/955.html"
},
{
"name": "16822",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16822"
},
{
"name": "19033",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19033"
},
{
"name": "20060225 NSA Group Security Advisory NSAG-¹201-25.02.2006 Vulnerability SPiD v1.3.1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426073/100/0/threaded"
}
]
}
}

34
2006/1xxx/CVE-2006-1086.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2006-1086", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2006-1086",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-1083. Reason: This candidate is a duplicate of CVE-2006-1083. Notes: All CVE users should reference CVE-2006-1083 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-1083. Reason: This candidate is a duplicate of CVE-2006-1083. Notes: All CVE users should reference CVE-2006-1083 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

150
2006/1xxx/CVE-2006-1273.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1273", "ID": "CVE-2006-1273",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Mozilla Firefox 1.0.7 and 1.5.0.1 allows remote attackers to cause a denial of service (crash) via an HTML tag with a large number of script action handlers such as onload and onmouseover, which triggers the crash when the user views the page source. NOTE: Red Hat has disputed this issue, suggesting that \"It is likely the reporter was running the IE Tab extension,\" and Mozilla also confirmed that this is not an issue in Firefox itself."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060317 Re: Re: Remote overflow in MSIE script action handlers (mshtml.dll)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/427977/100/0/threaded" "lang": "eng",
}, "value": "** DISPUTED ** Mozilla Firefox 1.0.7 and 1.5.0.1 allows remote attackers to cause a denial of service (crash) via an HTML tag with a large number of script action handlers such as onload and onmouseover, which triggers the crash when the user views the page source. NOTE: Red Hat has disputed this issue, suggesting that \"It is likely the reporter was running the IE Tab extension,\" and Mozilla also confirmed that this is not an issue in Firefox itself."
{ }
"name" : "20060318 Re: Re: Remote overflow in MSIE script action handlers (mshtml.dll)", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/428159/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "31833", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/31833" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "593", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/593" ]
} },
] "references": {
} "reference_data": [
} {
"name": "31833",
"refsource": "OSVDB",
"url": "http://osvdb.org/31833"
},
{
"name": "20060318 Re: Re: Remote overflow in MSIE script action handlers (mshtml.dll)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/428159/100/0/threaded"
},
{
"name": "593",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/593"
},
{
"name": "20060317 Re: Re: Remote overflow in MSIE script action handlers (mshtml.dll)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427977/100/0/threaded"
}
]
}
}

160
2006/1xxx/CVE-2006-1646.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1646", "ID": "CVE-2006-1646",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in the Shoichi Sakane KAME Project racoon, as used by NetBSD 1.6, 2.x before 20060119, certain FreeBSD releases, and possibly other distributions of BSD or Linux operating systems, when running in aggressive mode, allows remote attackers to cause a denial of service (daemon crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/" "lang": "eng",
}, "value": "The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in the Shoichi Sakane KAME Project racoon, as used by NetBSD 1.6, 2.x before 20060119, certain FreeBSD releases, and possibly other distributions of BSD or Linux operating systems, when running in aggressive mode, allows remote attackers to cause a denial of service (daemon crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1."
{ }
"name" : "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en", ]
"refsource" : "MISC", },
"url" : "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://mail-index.netbsd.org/source-changes/2006/01/19/0017.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://mail-index.netbsd.org/source-changes/2006/01/19/0017.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "NetBSD-SA2006-003", ]
"refsource" : "NETBSD", }
"url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-003.txt.asc" ]
}, },
{ "references": {
"name" : "19463", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19463" "name": "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en",
} "refsource": "MISC",
] "url": "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en"
} },
} {
"name": "NetBSD-SA2006-003",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-003.txt.asc"
},
{
"name": "http://mail-index.netbsd.org/source-changes/2006/01/19/0017.html",
"refsource": "CONFIRM",
"url": "http://mail-index.netbsd.org/source-changes/2006/01/19/0017.html"
},
{
"name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/",
"refsource": "MISC",
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/"
},
{
"name": "19463",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19463"
}
]
}
}

160
2006/4xxx/CVE-2006-4717.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4717", "ID": "CVE-2006-4717",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The login redirection mechanism in the Drupal 4.7 Pubcookie module before 1.2.2.4 2006/09/06 and the Drupal 4.6 Pubcookie module before 1.6.2.1 2006/09/07 allows remote attackers to bypass authentication requirements and spoof identities of arbitrary users via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://drupal.org/node/83064", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://drupal.org/node/83064" "lang": "eng",
}, "value": "The login redirection mechanism in the Drupal 4.7 Pubcookie module before 1.2.2.4 2006/09/06 and the Drupal 4.6 Pubcookie module before 1.6.2.1 2006/09/07 allows remote attackers to bypass authentication requirements and spoof identities of arbitrary users via unspecified vectors."
{ }
"name" : "19920", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/19920" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-3530", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3530" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "28623", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/28623" ]
}, },
{ "references": {
"name" : "21811", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21811" "name": "19920",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/19920"
} },
} {
"name": "ADV-2006-3530",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3530"
},
{
"name": "21811",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21811"
},
{
"name": "http://drupal.org/node/83064",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/83064"
},
{
"name": "28623",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28623"
}
]
}
}

160
2006/5xxx/CVE-2006-5618.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5618", "ID": "CVE-2006-5618",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in script/cat_for_aff.php in Netref 4 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the ad_direct parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "2677", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2677" "lang": "eng",
}, "value": "Directory traversal vulnerability in script/cat_for_aff.php in Netref 4 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the ad_direct parameter."
{ }
"name" : "20789", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/20789" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-4259", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4259" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "22610", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/22610" ]
}, },
{ "references": {
"name" : "netref-catforaff-file-include(29889)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29889" "name": "ADV-2006-4259",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/4259"
} },
} {
"name": "netref-catforaff-file-include(29889)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29889"
},
{
"name": "2677",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2677"
},
{
"name": "20789",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20789"
},
{
"name": "22610",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22610"
}
]
}
}

200
2006/5xxx/CVE-2006-5882.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5882", "ID": "CVE-2006-5882",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver 3.50.21.10, as used in Cisco Linksys WPC300N Wireless-N Notebook Adapter before 4.100.15.5 and other products, allows remote attackers to execute arbitrary code via an 802.11 response frame containing a long SSID field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://projects.info-pull.com/mokb/MOKB-11-11-2006.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://projects.info-pull.com/mokb/MOKB-11-11-2006.html" "lang": "eng",
}, "value": "Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver 3.50.21.10, as used in Cisco Linksys WPC300N Wireless-N Notebook Adapter before 4.100.15.5 and other products, allows remote attackers to execute arbitrary code via an 802.11 response frame containing a long SSID field."
{ }
"name" : "http://www.linksys.com/servlet/Satellite?c=L_Download_C2&childpagename=US%2FLayout&cid=1115417109934&packedargs=sku%3D1144763513196&pagename=Linksys%2FCommon%2FVisitorWrapper", ]
"refsource" : "CONFIRM", },
"url" : "http://www.linksys.com/servlet/Satellite?c=L_Download_C2&childpagename=US%2FLayout&cid=1115417109934&packedargs=sku%3D1144763513196&pagename=Linksys%2FCommon%2FVisitorWrapper" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.kb.cert.org/vuls/id/MAPG-6VGNHW", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.kb.cert.org/vuls/id/MAPG-6VGNHW" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "VU#209376", ]
"refsource" : "CERT-VN", }
"url" : "http://www.kb.cert.org/vuls/id/209376" ]
}, },
{ "references": {
"name" : "ADV-2006-4460", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4460" "name": "VU#209376",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/209376"
"name" : "ADV-2006-4459", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4459" "name": "1017212",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1017212"
"name" : "1017212", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1017212" "name": "broadcom-bcmwl5-bo(30202)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30202"
"name" : "22831", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22831" "name": "ADV-2006-4460",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/4460"
"name" : "broadcom-bcmwl5-bo(30202)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30202" "name": "ADV-2006-4459",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/4459"
} },
} {
"name": "http://www.linksys.com/servlet/Satellite?c=L_Download_C2&childpagename=US%2FLayout&cid=1115417109934&packedargs=sku%3D1144763513196&pagename=Linksys%2FCommon%2FVisitorWrapper",
"refsource": "CONFIRM",
"url": "http://www.linksys.com/servlet/Satellite?c=L_Download_C2&childpagename=US%2FLayout&cid=1115417109934&packedargs=sku%3D1144763513196&pagename=Linksys%2FCommon%2FVisitorWrapper"
},
{
"name": "http://www.kb.cert.org/vuls/id/MAPG-6VGNHW",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MAPG-6VGNHW"
},
{
"name": "http://projects.info-pull.com/mokb/MOKB-11-11-2006.html",
"refsource": "MISC",
"url": "http://projects.info-pull.com/mokb/MOKB-11-11-2006.html"
},
{
"name": "22831",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22831"
}
]
}
}

170
2006/5xxx/CVE-2006-5954.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5954", "ID": "CVE-2006-5954",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in page.asp in NetVIOS 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the NewsID parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "2780", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2780" "lang": "eng",
}, "value": "SQL injection vulnerability in page.asp in NetVIOS 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the NewsID parameter."
{ }
"name" : "21088", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/21088" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-4517", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4517" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "30411", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/30411" ]
}, },
{ "references": {
"name" : "22901", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22901" "name": "21088",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/21088"
"name" : "netvios-page-sql-injection(30277)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30277" "name": "30411",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/30411"
} },
} {
"name": "22901",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22901"
},
{
"name": "2780",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2780"
},
{
"name": "netvios-page-sql-injection(30277)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30277"
},
{
"name": "ADV-2006-4517",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4517"
}
]
}
}

34
2006/5xxx/CVE-2006-5998.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2006-5998", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2006-5998",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
} }
] ]
} }
} }

140
2010/0xxx/CVE-2010-0326.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-0326", "ID": "CVE-2010-0326",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Developer log (devlog) extension 2.9.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://typo3.org/extensions/repository/view/devlog/2.9.2/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://typo3.org/extensions/repository/view/devlog/2.9.2/" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Developer log (devlog) extension 2.9.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/", ]
"refsource" : "CONFIRM", },
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "38164", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38164" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/devlog/2.9.2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/devlog/2.9.2/"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
},
{
"name": "38164",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38164"
}
]
}
}

150
2010/0xxx/CVE-2010-0797.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-0797", "ID": "CVE-2010-0797",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://typo3.org/extensions/repository/view/t3blog/0.8.0/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://typo3.org/extensions/repository/view/t3blog/0.8.0/" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-002/", ]
"refsource" : "CONFIRM", },
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-002/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "38030", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/38030" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "38388", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/38388" ]
} },
] "references": {
} "reference_data": [
} {
"name": "38030",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38030"
},
{
"name": "38388",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38388"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-002/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-002/"
},
{
"name": "http://typo3.org/extensions/repository/view/t3blog/0.8.0/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/t3blog/0.8.0/"
}
]
}
}

310
2010/2xxx/CVE-2010-2521.json
View File

@ -1,157 +1,157 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-2521", "ID": "CVE-2010-2521",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS server in the Linux kernel before 2.6.34-rc6 allow remote attackers to cause a denial of service (panic) or possibly execute arbitrary code via a crafted NFSv4 compound WRITE request, related to the read_buf and nfsd4_decode_compound functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" "lang": "eng",
}, "value": "Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS server in the Linux kernel before 2.6.34-rc6 allow remote attackers to cause a denial of service (panic) or possibly execute arbitrary code via a crafted NFSv4 compound WRITE request, related to the read_buf and nfsd4_decode_compound functions."
{ }
"name" : "[oss-security] 20100707 CVE request - kernel: nfsd4: bug in read_buf", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2010/07/07/1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20100708 Re: CVE request - kernel: nfsd4: bug in read_buf", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2010/07/09/2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2bc3c1179c781b359d4f2f3439cb3df72afc17fc", ]
"refsource" : "CONFIRM", }
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2bc3c1179c781b359d4f2f3439cb3df72afc17fc" ]
}, },
{ "references": {
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.34/ChangeLog-2.6.34-rc6", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.34/ChangeLog-2.6.34-rc6" "name": "RHSA-2010:0610",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0610.html"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=612028", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=612028" "name": "RHSA-2010:0893",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0893.html"
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" "name": "USN-1000-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1000-1"
"name" : "DSA-2094", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2010/dsa-2094" "name": "[oss-security] 20100707 CVE request - kernel: nfsd4: bug in read_buf",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2010/07/07/1"
"name" : "MDVSA-2010:198", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198" "name": "RHSA-2010:0606",
}, "refsource": "REDHAT",
{ "url": "https://rhn.redhat.com/errata/RHSA-2010-0606.html"
"name" : "MDVSA-2011:051", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051" "name": "MDVSA-2010:198",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
"name" : "RHSA-2010:0606", },
"refsource" : "REDHAT", {
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0606.html" "name": "RHSA-2010:0907",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0907.html"
"name" : "RHSA-2010:0610", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0610.html" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=612028",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=612028"
"name" : "RHSA-2010:0893", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0893.html" "name": "SUSE-SA:2010:040",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html"
"name" : "RHSA-2010:0907", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0907.html" "name": "MDVSA-2011:051",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:051"
"name" : "SUSE-SA:2010:040", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html" "name": "43315",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43315"
"name" : "USN-1000-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1000-1" "name": "DSA-2094",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2010/dsa-2094"
"name" : "42249", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/42249" "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
"name" : "1024286", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1024286" "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2bc3c1179c781b359d4f2f3439cb3df72afc17fc",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2bc3c1179c781b359d4f2f3439cb3df72afc17fc"
"name" : "43315", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43315" "name": "1024286",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1024286"
"name" : "ADV-2010-3050", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/3050" "name": "42249",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/42249"
} },
} {
"name": "ADV-2010-3050",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3050"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.34/ChangeLog-2.6.34-rc6",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.34/ChangeLog-2.6.34-rc6"
},
{
"name": "[oss-security] 20100708 Re: CVE request - kernel: nfsd4: bug in read_buf",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/07/09/2"
}
]
}
}

150
2010/3xxx/CVE-2010-3464.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3464", "ID": "CVE-2010-3464",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in admin/manager_users.class.php in SantaFox 2.02, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests, as demonstrated by adding administrative users via the save_admin action to admin/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100915 XSRF (CSRF) in SantaFox", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/513738/100/0/threaded" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in admin/manager_users.class.php in SantaFox 2.02, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests, as demonstrated by adding administrative users via the save_admin action to admin/index.php."
{ }
"name" : "http://packetstormsecurity.org/1009-exploits/santafox-xssxsrf.txt", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.org/1009-exploits/santafox-xssxsrf.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.htbridge.ch/advisory/xsrf_csrf_in_santafox.html", "description": [
"refsource" : "MISC", {
"url" : "http://www.htbridge.ch/advisory/xsrf_csrf_in_santafox.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "41465", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/41465" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://packetstormsecurity.org/1009-exploits/santafox-xssxsrf.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1009-exploits/santafox-xssxsrf.txt"
},
{
"name": "41465",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41465"
},
{
"name": "20100915 XSRF (CSRF) in SantaFox",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513738/100/0/threaded"
},
{
"name": "http://www.htbridge.ch/advisory/xsrf_csrf_in_santafox.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/xsrf_csrf_in_santafox.html"
}
]
}
}

160
2010/3xxx/CVE-2010-3623.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2010-3623", "ID": "CVE-2010-3623",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html" "lang": "eng",
}, "value": "Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors."
{ }
"name" : "SUSE-SA:2010:048", ]
"refsource" : "SUSE", },
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SR:2010:019", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "TA10-279A", ]
"refsource" : "CERT", }
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-279A.html" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:14129", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14129" "name": "SUSE-SA:2010:048",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html"
} },
} {
"name": "oval:org.mitre.oval:def:14129",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14129"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-21.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-21.html"
},
{
"name": "TA10-279A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-279A.html"
},
{
"name": "SUSE-SR:2010:019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
}
]
}
}

350
2010/3xxx/CVE-2010-3768.json
View File

@ -1,177 +1,177 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3768", "ID": "CVE-2010-3768",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets (CSS) rules."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-78.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-78.html" "lang": "eng",
}, "value": "Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets (CSS) rules."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=527276", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=527276" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=660420", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=660420" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.avaya.com/css/P8/documents/100124650", ]
"refsource" : "CONFIRM", }
"url" : "http://support.avaya.com/css/P8/documents/100124650" ]
}, },
{ "references": {
"name" : "FEDORA-2010-18773", "reference_data": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html" "name": "SUSE-SA:2011:003",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html"
"name" : "FEDORA-2010-18775", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html" "name": "FEDORA-2010-18775",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html"
"name" : "FEDORA-2010-18777", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052110.html" "name": "oval:org.mitre.oval:def:12533",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12533"
"name" : "FEDORA-2010-18778", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052220.html" "name": "MDVSA-2010:258",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:258"
"name" : "FEDORA-2010-18890", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html" "name": "MDVSA-2010:251",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:251"
"name" : "FEDORA-2010-18920", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html" "name": "http://support.avaya.com/css/P8/documents/100124650",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/css/P8/documents/100124650"
"name" : "MDVSA-2010:251", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:251" "name": "RHSA-2010:0966",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0966.html"
"name" : "MDVSA-2010:258", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:258" "name": "45352",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/45352"
"name" : "RHSA-2010:0966", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0966.html" "name": "USN-1019-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1019-1"
"name" : "RHSA-2010:0969", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0969.html" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=660420",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=660420"
"name" : "SUSE-SA:2011:003", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html" "name": "RHSA-2010:0969",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0969.html"
"name" : "USN-1019-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1019-1" "name": "42818",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42818"
"name" : "USN-1020-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1020-1" "name": "1024846",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1024846"
"name" : "45352", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/45352" "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-78.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-78.html"
"name" : "oval:org.mitre.oval:def:12533", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12533" "name": "FEDORA-2010-18778",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052220.html"
"name" : "1024846", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024846" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=527276",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=527276"
"name" : "1024848", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024848" "name": "1024848",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1024848"
"name" : "42716", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42716" "name": "FEDORA-2010-18920",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html"
"name" : "42818", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42818" "name": "FEDORA-2010-18777",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052110.html"
"name" : "ADV-2011-0030", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0030" "name": "ADV-2011-0030",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2011/0030"
} },
} {
"name": "FEDORA-2010-18890",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html"
},
{
"name": "42716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42716"
},
{
"name": "USN-1020-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1020-1"
},
{
"name": "FEDORA-2010-18773",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html"
}
]
}
}

160
2010/4xxx/CVE-2010-4681.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4681", "ID": "CVE-2010-4681",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to bypass SMTP inspection via vectors involving a prepended space character, aka Bug ID CSCte14901."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf" "lang": "eng",
}, "value": "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to bypass SMTP inspection via vectors involving a prepended space character, aka Bug ID CSCte14901."
{ }
"name" : "45767", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/45767" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1024963", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024963" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "42931", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/42931" ]
}, },
{ "references": {
"name" : "asa-smtpinspection-security-bypass(64607)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64607" "name": "1024963",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1024963"
} },
} {
"name": "asa-smtpinspection-security-bypass(64607)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64607"
},
{
"name": "http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf"
},
{
"name": "45767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45767"
},
{
"name": "42931",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42931"
}
]
}
}

200
2010/4xxx/CVE-2010-4738.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4738", "ID": "CVE-2010-4738",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Single and Multi Agent System 3.0 allow remote attackers to execute arbitrary SQL commands via the probe parameter to (1) multi/city.asp in the Multi Agent System and (2) resulttype.asp in the Single Agent System."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/files/view/96389/raemediaincresmas-sql.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/files/view/96389/raemediaincresmas-sql.txt" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Single and Multi Agent System 3.0 allow remote attackers to execute arbitrary SQL commands via the probe parameter to (1) multi/city.asp in the Multi Agent System and (2) resulttype.asp in the Single Agent System."
{ }
"name" : "45211", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/45211" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "45212", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/45212" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "69627", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/69627" ]
}, },
{ "references": {
"name" : "69628", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/69628" "name": "45212",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/45212"
"name" : "42515", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42515" "name": "69628",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/69628"
"name" : "8080", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/8080" "name": "http://packetstormsecurity.org/files/view/96389/raemediaincresmas-sql.txt",
}, "refsource": "MISC",
{ "url": "http://packetstormsecurity.org/files/view/96389/raemediaincresmas-sql.txt"
"name" : "8082", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/8082" "name": "45211",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/45211"
"name" : "8088", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/8088" "name": "42515",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/42515"
} },
} {
"name": "8080",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8080"
},
{
"name": "8082",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8082"
},
{
"name": "69627",
"refsource": "OSVDB",
"url": "http://osvdb.org/69627"
},
{
"name": "8088",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8088"
}
]
}
}

140
2010/4xxx/CVE-2010-4753.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4753", "ID": "CVE-2010-4753",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in LightNEasy.php in LightNEasy 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, which is not properly handled in a forced SQL error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://holisticinfosec.org/content/view/168/45/", "description_data": [
"refsource" : "MISC", {
"url" : "http://holisticinfosec.org/content/view/168/45/" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in LightNEasy.php in LightNEasy 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, which is not properly handled in a forced SQL error message."
{ }
"name" : "http://www.lightneasy.org/punbb/viewtopic.php?id=1207", ]
"refsource" : "CONFIRM", },
"url" : "http://www.lightneasy.org/punbb/viewtopic.php?id=1207" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "42391", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42391" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://holisticinfosec.org/content/view/168/45/",
"refsource": "MISC",
"url": "http://holisticinfosec.org/content/view/168/45/"
},
{
"name": "http://www.lightneasy.org/punbb/viewtopic.php?id=1207",
"refsource": "CONFIRM",
"url": "http://www.lightneasy.org/punbb/viewtopic.php?id=1207"
},
{
"name": "42391",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42391"
}
]
}
}

132
2014/10xxx/CVE-2014-10054.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00", "DATE_PUBLIC": "2018-04-02T00:00:00",
"ID" : "CVE-2014-10054", "ID": "CVE-2014-10054",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 400, SD 450, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SDX20" "version_value": "MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 400, SD 450, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SDX20"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 400, SD 450, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SDX20, lack of input validation on BT HCI commands processing allows privilege escalation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper access control in BTSOC."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2018-04-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2018-04-01" "lang": "eng",
}, "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 400, SD 450, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SDX20, lack of input validation on BT HCI commands processing allows privilege escalation."
{ }
"name" : "103671", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103671" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Improper access control in BTSOC."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
}

150
2014/3xxx/CVE-2014-3942.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3942", "ID": "CVE-2014-3942",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20140603 Re: CVE ID request: typo3", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2014/06/03/2" "lang": "eng",
}, "value": "The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object."
{ }
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/", ]
"refsource" : "CONFIRM", },
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-2942", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2014/dsa-2942" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "openSUSE-SU-2014:0813", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html" ]
} },
] "references": {
} "reference_data": [
} {
"name": "openSUSE-SU-2014:0813",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html"
},
{
"name": "DSA-2942",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2942"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
},
{
"name": "[oss-security] 20140603 Re: CVE ID request: typo3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/06/03/2"
}
]
}
}

140
2014/4xxx/CVE-2014-4193.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-4193", "ID": "CVE-2014-4193",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TLS implementation in EMC RSA BSAFE-Java Toolkits (aka Share for Java) supports the Extended Random extension during use of the Dual_EC_DRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by requesting long nonces from a server, a different issue than CVE-2007-6755."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://dualec.org/", "description_data": [
"refsource" : "MISC", {
"url" : "http://dualec.org/" "lang": "eng",
}, "value": "The TLS implementation in EMC RSA BSAFE-Java Toolkits (aka Share for Java) supports the Extended Random extension during use of the Dual_EC_DRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by requesting long nonces from a server, a different issue than CVE-2007-6755."
{ }
"name" : "http://dualec.org/DualECTLS.pdf", ]
"refsource" : "MISC", },
"url" : "http://dualec.org/DualECTLS.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "68191", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/68191" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "68191",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68191"
},
{
"name": "http://dualec.org/DualECTLS.pdf",
"refsource": "MISC",
"url": "http://dualec.org/DualECTLS.pdf"
},
{
"name": "http://dualec.org/",
"refsource": "MISC",
"url": "http://dualec.org/"
}
]
}
}

34
2014/4xxx/CVE-2014-4319.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-4319", "ID": "CVE-2014-4319",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2014/4xxx/CVE-2014-4435.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2014-4435", "ID": "CVE-2014-4435",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The \"iCloud Find My Mac\" feature in Apple OS X before 10.10 does not properly enforce rate limiting of lost-mode PIN entry, which makes it easier for physically proximate attackers to obtain access via a brute-force attack involving a series of reboots."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/kb/HT6535", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/kb/HT6535" "lang": "eng",
}, "value": "The \"iCloud Find My Mac\" feature in Apple OS X before 10.10 does not properly enforce rate limiting of lost-mode PIN entry, which makes it easier for physically proximate attackers to obtain access via a brute-force attack involving a series of reboots."
{ }
"name" : "APPLE-SA-2014-10-16-1", ]
"refsource" : "APPLE", },
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "70638", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/70638" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1031063", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1031063" ]
}, },
{ "references": {
"name" : "macosx-cve20144435-info-disc(97636)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97636" "name": "macosx-cve20144435-info-disc(97636)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97636"
} },
} {
"name": "APPLE-SA-2014-10-16-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
},
{
"name": "1031063",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031063"
},
{
"name": "https://support.apple.com/kb/HT6535",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT6535"
},
{
"name": "70638",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70638"
}
]
}
}

120
2014/4xxx/CVE-2014-4584.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-4584", "ID": "CVE-2014-4584",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in admin/editFacility.php in the wp-easybooking plugin 1.0.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the fID parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://codevigilant.com/disclosure/wp-plugin-wp-easybooking-a3-cross-site-scripting-xss", "description_data": [
"refsource" : "MISC", {
"url" : "http://codevigilant.com/disclosure/wp-plugin-wp-easybooking-a3-cross-site-scripting-xss" "lang": "eng",
} "value": "Cross-site scripting (XSS) vulnerability in admin/editFacility.php in the wp-easybooking plugin 1.0.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the fID parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://codevigilant.com/disclosure/wp-plugin-wp-easybooking-a3-cross-site-scripting-xss",
"refsource": "MISC",
"url": "http://codevigilant.com/disclosure/wp-plugin-wp-easybooking-a3-cross-site-scripting-xss"
}
]
}
}

150
2014/8xxx/CVE-2014-8471.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8471", "ID": "CVE-2014-8471",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to conduct replay attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141103-01-security-notice-for-ca-cloud-service-management.aspx", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141103-01-security-notice-for-ca-cloud-service-management.aspx" "lang": "eng",
}, "value": "CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to conduct replay attacks via unspecified vectors."
{ }
"name" : "70919", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/70919" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1031214", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031214" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ca-cloud-cve20148471-replay(98534)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98534" ]
} },
] "references": {
} "reference_data": [
} {
"name": "70919",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70919"
},
{
"name": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141103-01-security-notice-for-ca-cloud-service-management.aspx",
"refsource": "CONFIRM",
"url": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141103-01-security-notice-for-ca-cloud-service-management.aspx"
},
{
"name": "ca-cloud-cve20148471-replay(98534)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98534"
},
{
"name": "1031214",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031214"
}
]
}
}

130
2014/8xxx/CVE-2014-8663.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8663", "ID": "CVE-2014-8663",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/", "description_data": [
"refsource" : "MISC", {
"url" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/" "lang": "eng",
}, "value": "SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
{ }
"name" : "http://service.sap.com/sap/support/notes/0001965819", ]
"refsource" : "MISC", },
"url" : "http://service.sap.com/sap/support/notes/0001965819" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://service.sap.com/sap/support/notes/0001965819",
"refsource": "MISC",
"url": "http://service.sap.com/sap/support/notes/0001965819"
},
{
"name": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/",
"refsource": "MISC",
"url": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/"
}
]
}
}

190
2014/8xxx/CVE-2014-8682.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8682", "ID": "CVE-2014-8682",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20141114 CVE-2014-8682 Multiple Unauthenticated SQL Injections in Gogs", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/533995/100/0/threaded" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go."
{ }
"name" : "35238", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/35238" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20141114 CVE-2014-8682 Multiple Unauthenticated SQL Injections in Gogs", "description": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2014/Nov/33" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.com/files/129117/Gogs-Repository-Search-SQL-Injection.html", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.com/files/129117/Gogs-Repository-Search-SQL-Injection.html" ]
}, },
{ "references": {
"name" : "http://gogs.io/docs/intro/change_log.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://gogs.io/docs/intro/change_log.html" "name": "35238",
}, "refsource": "EXPLOIT-DB",
{ "url": "http://www.exploit-db.com/exploits/35238"
"name" : "https://github.com/gogits/gogs/commit/0c5ba4573aecc9eaed669e9431a70a5d9f184b8d", },
"refsource" : "CONFIRM", {
"url" : "https://github.com/gogits/gogs/commit/0c5ba4573aecc9eaed669e9431a70a5d9f184b8d" "name": "gogs-cve20148682-sql-injection(98694)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98694"
"name" : "71187", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/71187" "name": "http://packetstormsecurity.com/files/129117/Gogs-Repository-Search-SQL-Injection.html",
}, "refsource": "MISC",
{ "url": "http://packetstormsecurity.com/files/129117/Gogs-Repository-Search-SQL-Injection.html"
"name" : "gogs-cve20148682-sql-injection(98694)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98694" "name": "20141114 CVE-2014-8682 Multiple Unauthenticated SQL Injections in Gogs",
} "refsource": "FULLDISC",
] "url": "http://seclists.org/fulldisclosure/2014/Nov/33"
} },
} {
"name": "http://gogs.io/docs/intro/change_log.html",
"refsource": "CONFIRM",
"url": "http://gogs.io/docs/intro/change_log.html"
},
{
"name": "20141114 CVE-2014-8682 Multiple Unauthenticated SQL Injections in Gogs",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533995/100/0/threaded"
},
{
"name": "71187",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71187"
},
{
"name": "https://github.com/gogits/gogs/commit/0c5ba4573aecc9eaed669e9431a70a5d9f184b8d",
"refsource": "CONFIRM",
"url": "https://github.com/gogits/gogs/commit/0c5ba4573aecc9eaed669e9431a70a5d9f184b8d"
}
]
}
}

130
2014/8xxx/CVE-2014-8736.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8736", "ID": "CVE-2014-8736",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Open Atrium Core module for Drupal before 7.x-2.22 allows remote attackers to bypass access restrictions and read file attachments that have been removed from a node by leveraging a previous revision of the node."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.drupal.org/node/2357295", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.drupal.org/node/2357295" "lang": "eng",
}, "value": "The Open Atrium Core module for Drupal before 7.x-2.22 allows remote attackers to bypass access restrictions and read file attachments that have been removed from a node by leveraging a previous revision of the node."
{ }
"name" : "https://www.drupal.org/node/2357279", ]
"refsource" : "CONFIRM", },
"url" : "https://www.drupal.org/node/2357279" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2357295",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2357295"
},
{
"name": "https://www.drupal.org/node/2357279",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2357279"
}
]
}
}

34
2014/9xxx/CVE-2014-9008.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9008", "ID": "CVE-2014-9008",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2014/9xxx/CVE-2014-9192.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2014-9192", "ID": "CVE-2014-9192",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02" "lang": "eng",
}, "value": "Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation."
{ }
"name" : "71591", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/71591" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02"
},
{
"name": "71591",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71591"
}
]
}
}

34
2014/9xxx/CVE-2014-9613.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9613", "ID": "CVE-2014-9613",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2016/2xxx/CVE-2016-2138.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-2138", "ID": "CVE-2016-2138",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2016/2xxx/CVE-2016-2497.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-2497", "ID": "CVE-2016-2497",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "services/core/java/com/android/server/pm/PackageManagerService.java in the framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to increase intent-filter priority via a crafted application, aka internal bug 27450489."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://source.android.com/security/bulletin/2016-08-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://source.android.com/security/bulletin/2016-08-01.html" "lang": "eng",
}, "value": "services/core/java/com/android/server/pm/PackageManagerService.java in the framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to increase intent-filter priority via a crafted application, aka internal bug 27450489."
{ }
"name" : "https://android.googlesource.com/platform/frameworks/base/+/a75537b496e9df71c74c1d045ba5569631a16298", ]
"refsource" : "CONFIRM", },
"url" : "https://android.googlesource.com/platform/frameworks/base/+/a75537b496e9df71c74c1d045ba5569631a16298" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "92249", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/92249" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name": "92249",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92249"
},
{
"name": "https://android.googlesource.com/platform/frameworks/base/+/a75537b496e9df71c74c1d045ba5569631a16298",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/base/+/a75537b496e9df71c74c1d045ba5569631a16298"
}
]
}
}

34
2016/2xxx/CVE-2016-2575.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-2575", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-2575",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

170
2016/2xxx/CVE-2016-2813.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2016-2813", "ID": "CVE-2016-2813",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment, and possibly discover PIN values, via a crafted web site, a similar issue to CVE-2016-1780."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://dl.acm.org/citation.cfm?id=2714650", "description_data": [
"refsource" : "MISC", {
"url" : "http://dl.acm.org/citation.cfm?id=2714650" "lang": "eng",
}, "value": "Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment, and possibly discover PIN values, via a crafted web site, a similar issue to CVE-2016-1780."
{ }
"name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-43.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-43.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1197901", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1197901" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201701-15", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201701-15" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2016:1251", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html" "name": "1035692",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1035692"
"name" : "1035692", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1035692" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1197901",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1197901"
} },
} {
"name": "openSUSE-SU-2016:1251",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00038.html"
},
{
"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-43.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-43.html"
},
{
"name": "GLSA-201701-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "http://dl.acm.org/citation.cfm?id=2714650",
"refsource": "MISC",
"url": "http://dl.acm.org/citation.cfm?id=2714650"
}
]
}
}

140
2016/3xxx/CVE-2016-3004.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2016-3004", "ID": "CVE-2016-3004",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the set of available applications."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21990864", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21990864" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the set of available applications."
{ }
"name" : "LO90039", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1LO90039" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "94332", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/94332" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21990864",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990864"
},
{
"name": "LO90039",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LO90039"
},
{
"name": "94332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94332"
}
]
}
}

160
2016/3xxx/CVE-2016-3295.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2016-3295", "ID": "CVE-2016-3295",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS16-104", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104" "lang": "eng",
}, "value": "Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability.\""
{ }
"name" : "MS16-105", ]
"refsource" : "MS", },
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "92830", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/92830" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1036788", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1036788" ]
}, },
{ "references": {
"name" : "1036789", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036789" "name": "1036789",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1036789"
} },
} {
"name": "92830",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92830"
},
{
"name": "MS16-104",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-104"
},
{
"name": "MS16-105",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105"
},
{
"name": "1036788",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036788"
}
]
}
}

150
2016/3xxx/CVE-2016-3522.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2016-3522", "ID": "CVE-2016-3522",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Application Service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Application Service."
{ }
"name" : "91787", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/91787" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "91861", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/91861" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1036403", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1036403" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "91861",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91861"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "1036403",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036403"
}
]
}
}

130
2016/3xxx/CVE-2016-3752.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-3752", "ID": "CVE-2016-3752",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "internal/app/ChooserActivity.java in the ChooserTarget service in Android 6.x before 2016-07-01 mishandles target security checks, which allows attackers to gain privileges via a crafted application, aka internal bug 28384423."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://source.android.com/security/bulletin/2016-07-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://source.android.com/security/bulletin/2016-07-01.html" "lang": "eng",
}, "value": "internal/app/ChooserActivity.java in the ChooserTarget service in Android 6.x before 2016-07-01 mishandles target security checks, which allows attackers to gain privileges via a crafted application, aka internal bug 28384423."
{ }
"name" : "https://android.googlesource.com/platform/frameworks/base/+/ddbf2db5b946be8fdc45c7b0327bf560b2a06988", ]
"refsource" : "CONFIRM", },
"url" : "https://android.googlesource.com/platform/frameworks/base/+/ddbf2db5b946be8fdc45c7b0327bf560b2a06988" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/frameworks/base/+/ddbf2db5b946be8fdc45c7b0327bf560b2a06988",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/base/+/ddbf2db5b946be8fdc45c7b0327bf560b2a06988"
},
{
"name": "http://source.android.com/security/bulletin/2016-07-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-07-01.html"
}
]
}
}

150
2016/3xxx/CVE-2016-3863.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-3863", "ID": "CVE-2016-3863",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in the AVCC reassembly implementation in Utils.cpp in libstagefright in MediaMuxer in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to execute arbitrary code via a crafted media file, aka internal bug 29161888."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://source.android.com/security/bulletin/2016-09-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://source.android.com/security/bulletin/2016-09-01.html" "lang": "eng",
}, "value": "Multiple stack-based buffer overflows in the AVCC reassembly implementation in Utils.cpp in libstagefright in MediaMuxer in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to execute arbitrary code via a crafted media file, aka internal bug 29161888."
{ }
"name" : "https://android.googlesource.com/platform/frameworks/av/+/119a012b2a9a186655da4bef3ed4ed8dd9b94c26", ]
"refsource" : "CONFIRM", },
"url" : "https://android.googlesource.com/platform/frameworks/av/+/119a012b2a9a186655da4bef3ed4ed8dd9b94c26" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "92817", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/92817" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1036763", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1036763" ]
} },
] "references": {
} "reference_data": [
} {
"name": "92817",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92817"
},
{
"name": "http://source.android.com/security/bulletin/2016-09-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-09-01.html"
},
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/119a012b2a9a186655da4bef3ed4ed8dd9b94c26",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/119a012b2a9a186655da4bef3ed4ed8dd9b94c26"
},
{
"name": "1036763",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036763"
}
]
}
}

240
2016/6xxx/CVE-2016-6515.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6515", "ID": "CVE-2016-6515",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "40888", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/40888/" "lang": "eng",
}, "value": "The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string."
{ }
"name" : "[oss-security] 20160801 Announce: OpenSSH 7.3 released", ]
"refsource" : "MLIST", },
"url" : "http://openwall.com/lists/oss-security/2016/08/01/2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update", "description": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.com/files/140070/OpenSSH-7.2-Denial-Of-Service.html", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.com/files/140070/OpenSSH-7.2-Denial-Of-Service.html" ]
}, },
{ "references": {
"name" : "https://github.com/openssh/openssh-portable/commit/fcd135c9df440bcd2d5870405ad3311743d78d97", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/openssh/openssh-portable/commit/fcd135c9df440bcd2d5870405ad3311743d78d97" "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03779en_us",
}, "refsource": "CONFIRM",
{ "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03779en_us"
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" "name": "https://security.netapp.com/advisory/ntap-20171130-0003/",
}, "refsource": "CONFIRM",
{ "url": "https://security.netapp.com/advisory/ntap-20171130-0003/"
"name" : "https://security.netapp.com/advisory/ntap-20171130-0003/", },
"refsource" : "CONFIRM", {
"url" : "https://security.netapp.com/advisory/ntap-20171130-0003/" "name": "https://github.com/openssh/openssh-portable/commit/fcd135c9df440bcd2d5870405ad3311743d78d97",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/openssh/openssh-portable/commit/fcd135c9df440bcd2d5870405ad3311743d78d97"
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03779en_us", },
"refsource" : "CONFIRM", {
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03779en_us" "name": "http://packetstormsecurity.com/files/140070/OpenSSH-7.2-Denial-Of-Service.html",
}, "refsource": "MISC",
{ "url": "http://packetstormsecurity.com/files/140070/OpenSSH-7.2-Denial-Of-Service.html"
"name" : "FEDORA-2016-4a3debc3a6", },
"refsource" : "FEDORA", {
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2L6RW34VFNXYNVVN2CN73YAGJ5VMTFU/" "name": "40888",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/40888/"
"name" : "FreeBSD-SA-17:06", },
"refsource" : "FREEBSD", {
"url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:06.openssh.asc" "name": "92212",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/92212"
"name" : "RHSA-2017:2029", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:2029" "name": "FreeBSD-SA-17:06",
}, "refsource": "FREEBSD",
{ "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:06.openssh.asc"
"name" : "92212", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/92212" "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name" : "1036487", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036487" "name": "1036487",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1036487"
} },
} {
"name": "FEDORA-2016-4a3debc3a6",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2L6RW34VFNXYNVVN2CN73YAGJ5VMTFU/"
},
{
"name": "RHSA-2017:2029",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2029"
},
{
"name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
},
{
"name": "[oss-security] 20160801 Announce: OpenSSH 7.3 released",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2016/08/01/2"
}
]
}
}

140
2016/6xxx/CVE-2016-6988.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2016-6988", "ID": "CVE-2016-6988",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, and CVE-2016-6993."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html" "lang": "eng",
}, "value": "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6949, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, and CVE-2016-6993."
{ }
"name" : "93491", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/93491" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1036986", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036986" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1036986",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036986"
},
{
"name": "93491",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93491"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
}
]
}
}

162
2016/7xxx/CVE-2016-7114.json
View File

@ -1,83 +1,83 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC" : "2017-07-04T00:00:00", "DATE_PUBLIC": "2017-07-04T00:00:00",
"ID" : "CVE-2016-7114", "ID": "CVE-2016-7114",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02; SIPROTEC 7SJ686 : All versions < V 4.87; SIPROTEC 7UT686 : All versions < V 4.02; SIPROTEC 7SD686 : All versions < V 4.05; SIPROTEC 7SJ66 : All versions < V 4.30. Attackers with network access to the device's web interface (port 80/tcp) could possibly circumvent authentication and perform certain administrative operations. A legitimate user must be logged into the web interface for the attack to be successful."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-03", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-03" "lang": "eng",
}, "value": "A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02; SIPROTEC 7SJ686 : All versions < V 4.87; SIPROTEC 7UT686 : All versions < V 4.02; SIPROTEC 7SD686 : All versions < V 4.05; SIPROTEC 7SJ66 : All versions < V 4.30. Attackers with network access to the device's web interface (port 80/tcp) could possibly circumvent authentication and perform certain administrative operations. A legitimate user must be logged into the web interface for the attack to be successful."
{ }
"name" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-630413.pdf", ]
"refsource" : "CONFIRM", },
"url" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-630413.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-323211.pdf", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-323211.pdf" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "92745", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/92745" ]
}, },
{ "references": {
"name" : "99471", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99471" "name": "92745",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/92745"
} },
} {
"name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-323211.pdf",
"refsource": "CONFIRM",
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-323211.pdf"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-03"
},
{
"name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-630413.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-630413.pdf"
},
{
"name": "99471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99471"
}
]
}
}

140
2016/7xxx/CVE-2016-7283.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2016-7283", "ID": "CVE-2016-7283",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS16-144", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-144" "lang": "eng",
}, "value": "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
{ }
"name" : "94726", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/94726" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037448", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037448" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "MS16-144",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-144"
},
{
"name": "94726",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94726"
},
{
"name": "1037448",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037448"
}
]
}
}