admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:37:13 +00:00
parent acf11d70c0
commit 776e24e8e4
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 4378 additions and 4378 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2006/0xxx/CVE-2006-0655.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0655", "ID": "CVE-2006-0655",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in (1) link_edited.php and (2) link_added.php in Hinton Design phpht Topsites 1.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060211 [eVuln] phpht Topsites Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/424741/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) link_edited.php and (2) link_added.php in Hinton Design phpht Topsites 1.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "http://evuln.com/vulns/59/summary.html", ]
"refsource" : "MISC", },
"url" : "http://evuln.com/vulns/59/summary.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16562", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16562" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "18782", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/18782" ]
} },
] "references": {
} "reference_data": [
} {
"name": "16562",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16562"
},
{
"name": "20060211 [eVuln] phpht Topsites Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424741/100/0/threaded"
},
{
"name": "http://evuln.com/vulns/59/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/59/summary.html"
},
{
"name": "18782",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18782"
}
]
}
}

150
2006/0xxx/CVE-2006-0667.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0667", "ID": "CVE-2006-0667",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lscfg in IBM AIX 5.2 and 5.3 allows local users to modify arbitrary files via a symlink attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "IY77624", "description_data": [
"refsource" : "AIXAPAR", {
"url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY77624" "lang": "eng",
}, "value": "lscfg in IBM AIX 5.2 and 5.3 allows local users to modify arbitrary files via a symlink attack."
{ }
"name" : "IY77638", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY77638" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2005-2096", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/2096" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1015622", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1015622" ]
} },
] "references": {
} "reference_data": [
} {
"name": "ADV-2005-2096",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2096"
},
{
"name": "IY77624",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY77624"
},
{
"name": "IY77638",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY77638"
},
{
"name": "1015622",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015622"
}
]
}
}

190
2006/0xxx/CVE-2006-0703.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0703", "ID": "CVE-2006-0703",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in index.php in imageVue 16.1 has unknown impact, probably a cross-site scripting (XSS) vulnerability involving the query string that is not quoted when inserted into style and body tags, as demonstrated using a bgcol parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060211 imageVue16.1 upload vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/424745/30/0/threaded" "lang": "eng",
}, "value": "Unspecified vulnerability in index.php in imageVue 16.1 has unknown impact, probably a cross-site scripting (XSS) vulnerability involving the query string that is not quoted when inserted into style and body tags, as demonstrated using a bgcol parameter."
{ }
"name" : "20060719 Re: imageVue16.1 upload vulnerability", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/440586/100/100/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20061029 Re: imageVue16.1 upload vulnerability", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/450047/100/100/threaded" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "16594", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/16594" ]
}, },
{ "references": {
"name" : "ADV-2006-0570", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0570" "name": "ADV-2006-0570",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/0570"
"name" : "18802", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18802" "name": "20061029 Re: imageVue16.1 upload vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/450047/100/100/threaded"
"name" : "429", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/429" "name": "20060211 imageVue16.1 upload vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/424745/30/0/threaded"
"name" : "imagevue-index-sql-injection(24642)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24642" "name": "18802",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/18802"
} },
} {
"name": "20060719 Re: imageVue16.1 upload vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440586/100/100/threaded"
},
{
"name": "16594",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16594"
},
{
"name": "429",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/429"
},
{
"name": "imagevue-index-sql-injection(24642)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24642"
}
]
}
}

170
2006/0xxx/CVE-2006-0944.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0944", "ID": "CVE-2006-0944",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Archangel Weblog 0.90.02 allows remote attackers to bypass authentication by setting the ba_admin cookie to 1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060226 Archangel Weblog 0.90.02 Admin Authentication Bypass & Remote File Inclusion", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/426184/100/0/threaded" "lang": "eng",
}, "value": "Archangel Weblog 0.90.02 allows remote attackers to bypass authentication by setting the ba_admin cookie to 1."
{ }
"name" : "3859", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/3859" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16848", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16848" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "23620", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/23620" ]
}, },
{ "references": {
"name" : "1015689", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015689" "name": "1015689",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1015689"
"name" : "archangel-admin-auth-bypass(24984)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24984" "name": "archangel-admin-auth-bypass(24984)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24984"
} },
} {
"name": "16848",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16848"
},
{
"name": "23620",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23620"
},
{
"name": "20060226 Archangel Weblog 0.90.02 Admin Authentication Bypass & Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426184/100/0/threaded"
},
{
"name": "3859",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3859"
}
]
}
}

180
2006/1xxx/CVE-2006-1370.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1370", "ID": "CVE-2006-1370",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, RealPlayer 8, and RealPlayer Enterprise before 20060322 allows remote attackers to have an unknown impact via a malicious Mimio boardCast (mbc) file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.service.real.com/realplayer/security/03162006_player/en/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.service.real.com/realplayer/security/03162006_player/en/" "lang": "eng",
}, "value": "Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, RealPlayer 8, and RealPlayer Enterprise before 20060322 allows remote attackers to have an unknown impact via a malicious Mimio boardCast (mbc) file."
{ }
"name" : "VU#451556", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/451556" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "17202", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17202" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-1057", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/1057" ]
}, },
{ "references": {
"name" : "1015810", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015810" "name": "http://www.service.real.com/realplayer/security/03162006_player/en/",
}, "refsource": "CONFIRM",
{ "url": "http://www.service.real.com/realplayer/security/03162006_player/en/"
"name" : "19358", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19358" "name": "realnetworks-mbc-bo(25411)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25411"
"name" : "realnetworks-mbc-bo(25411)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25411" "name": "19358",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/19358"
} },
} {
"name": "ADV-2006-1057",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1057"
},
{
"name": "17202",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17202"
},
{
"name": "VU#451556",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/451556"
},
{
"name": "1015810",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015810"
}
]
}
}

170
2006/1xxx/CVE-2006-1567.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1567", "ID": "CVE-2006-1567",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in searchresults.asp in SiteSearch Indexer 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchField parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels0.blogspot.com/2006/03/sitesearch-indexer-35-xss-vuln.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels0.blogspot.com/2006/03/sitesearch-indexer-35-xss-vuln.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in searchresults.asp in SiteSearch Indexer 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchField parameter."
{ }
"name" : "17332", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/17332" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-1185", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1185" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "24289", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/24289" ]
}, },
{ "references": {
"name" : "19467", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19467" "name": "17332",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/17332"
"name" : "sitesearch-indexer-searchfield-xss(25564)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25564" "name": "19467",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/19467"
} },
} {
"name": "sitesearch-indexer-searchfield-xss(25564)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25564"
},
{
"name": "24289",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24289"
},
{
"name": "http://pridels0.blogspot.com/2006/03/sitesearch-indexer-35-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/03/sitesearch-indexer-35-xss-vuln.html"
},
{
"name": "ADV-2006-1185",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1185"
}
]
}
}

160
2006/3xxx/CVE-2006-3753.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3753", "ID": "CVE-2006-3753",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "setcookie.php for the administration login in Professional Home Page Tools Guestbook records the hash of the administrator password in a cookie, which allows attackers to conduct brute force password guessing attacks after obtaining the hash."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060717 Professional PHP Tools Guestbook Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/440421/100/0/threaded" "lang": "eng",
}, "value": "setcookie.php for the administration login in Professional Home Page Tools Guestbook records the hash of the administrator password in a cookie, which allows attackers to conduct brute force password guessing attacks after obtaining the hash."
{ }
"name" : "http://artemis.abenteuer-mittelerde.de/pub/adv02-phptgb.txt", ]
"refsource" : "MISC", },
"url" : "http://artemis.abenteuer-mittelerde.de/pub/adv02-phptgb.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1016550", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016550" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "21102", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/21102" ]
}, },
{ "references": {
"name" : "phptguestbook-setcookie-insecure-cookie(27775)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27775" "name": "http://artemis.abenteuer-mittelerde.de/pub/adv02-phptgb.txt",
} "refsource": "MISC",
] "url": "http://artemis.abenteuer-mittelerde.de/pub/adv02-phptgb.txt"
} },
} {
"name": "20060717 Professional PHP Tools Guestbook Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440421/100/0/threaded"
},
{
"name": "phptguestbook-setcookie-insecure-cookie(27775)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27775"
},
{
"name": "21102",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21102"
},
{
"name": "1016550",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016550"
}
]
}
}

170
2006/3xxx/CVE-2006-3836.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3836", "ID": "CVE-2006-3836",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in UNIDOmedia Chameleon LE 1.203 and earlier, and possibly Chameleon PRO, allows remote attackers to read arbitrary files via the rmid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060720 Unidomedia Chameleon LE/Pro Directory Traversal", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/440765/100/0/threaded" "lang": "eng",
}, "value": "Directory traversal vulnerability in index.php in UNIDOmedia Chameleon LE 1.203 and earlier, and possibly Chameleon PRO, allows remote attackers to read arbitrary files via the rmid parameter."
{ }
"name" : "19107", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/19107" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-2948", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2948" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "21156", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/21156" ]
}, },
{ "references": {
"name" : "1280", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1280" "name": "20060720 Unidomedia Chameleon LE/Pro Directory Traversal",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/440765/100/0/threaded"
"name" : "chameleon-index-directory-traversal(27898)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27898" "name": "chameleon-index-directory-traversal(27898)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27898"
} },
} {
"name": "ADV-2006-2948",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2948"
},
{
"name": "19107",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19107"
},
{
"name": "1280",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1280"
},
{
"name": "21156",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21156"
}
]
}
}

150
2006/4xxx/CVE-2006-4280.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4280", "ID": "CVE-2006-4280",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** PHP remote file inclusion vulnerability in anjel.index.php in ANJEL (formerly MaMML) Component (com_anjel) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by a third party, who says that $mosConfig_absolute_path is set in a configuration file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060817 anjel Mambo Component Remote File Include", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/443627/100/0/threaded" "lang": "eng",
}, "value": "** DISPUTED ** PHP remote file inclusion vulnerability in anjel.index.php in ANJEL (formerly MaMML) Component (com_anjel) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by a third party, who says that $mosConfig_absolute_path is set in a configuration file."
{ }
"name" : "20060818 Re: anjel Mambo Component Remote File Include", ]
"refsource" : "BUGTRAQ", },
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-08/0441.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "28084", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/28084" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "anjel-index-file-include(28449)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28449" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20060818 Re: anjel Mambo Component Remote File Include",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-08/0441.html"
},
{
"name": "20060817 anjel Mambo Component Remote File Include",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443627/100/0/threaded"
},
{
"name": "28084",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28084"
},
{
"name": "anjel-index-file-include(28449)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28449"
}
]
}
}

140
2006/4xxx/CVE-2006-4746.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4746", "ID": "CVE-2006-4746",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in news/include/customize.php in Web Server Creator 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060908 Web Server Creator v0.1 (l) Remote Include Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/445725/100/0/threaded" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in news/include/customize.php in Web Server Creator 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter."
{ }
"name" : "2318", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/2318" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1568", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1568" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20060908 Web Server Creator v0.1 (l) Remote Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445725/100/0/threaded"
},
{
"name": "1568",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1568"
},
{
"name": "2318",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2318"
}
]
}
}

160
2006/4xxx/CVE-2006-4904.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4904", "ID": "CVE-2006-4904",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-Cart 4.1.3 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code, as demonstrated by PHP remote file inclusion via the xcart_dir parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.gulftech.org/?node=research&article_id=00113-09182006&", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.gulftech.org/?node=research&article_id=00113-09182006&" "lang": "eng",
}, "value": "Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-Cart 4.1.3 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code, as demonstrated by PHP remote file inclusion via the xcart_dir parameter."
{ }
"name" : "20108", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/20108" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-3692", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3692" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "22005", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/22005" ]
}, },
{ "references": {
"name" : "xcart-cmpi-code-execution(29005)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29005" "name": "22005",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/22005"
} },
} {
"name": "http://www.gulftech.org/?node=research&article_id=00113-09182006&",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research&article_id=00113-09182006&"
},
{
"name": "20108",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20108"
},
{
"name": "xcart-cmpi-code-execution(29005)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29005"
},
{
"name": "ADV-2006-3692",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3692"
}
]
}
}

140
2010/2xxx/CVE-2010-2105.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2105", "ID": "CVE-2010-2105",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 5.0.375.55 does not properly follow the Safe Browsing specification's requirements for canonicalization of URLs, which has unspecified impact and remote attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=7713", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=7713" "lang": "eng",
}, "value": "Google Chrome before 5.0.375.55 does not properly follow the Safe Browsing specification's requirements for canonicalization of URLs, which has unspecified impact and remote attack vectors."
{ }
"name" : "http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:12113", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12113" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/05/stable-channel-update.html"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=7713",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=7713"
},
{
"name": "oval:org.mitre.oval:def:12113",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12113"
}
]
}
}

130
2010/2xxx/CVE-2010-2509.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2509", "ID": "CVE-2010-2509",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz Web Template Software allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to category.php and the (2) password parameter to memberlogin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "14020", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/14020" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz Web Template Software allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to category.php and the (2) password parameter to memberlogin.php."
{ }
"name" : "40348", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/40348" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40348",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40348"
},
{
"name": "14020",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14020"
}
]
}
}

310
2010/2xxx/CVE-2010-2531.json
View File

@ -1,157 +1,157 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-2531", "ID": "CVE-2010-2531",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20100713 CVE request, php var_export", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2010/07/13/1" "lang": "eng",
}, "value": "The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion."
{ }
"name" : "[oss-security] 20100716 Re: Re: CVE request, php var_export", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2010/07/16/3" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://svn.php.net/viewvc/php/php-src/trunk/ext/standard/tests/general_functions/var_export_error2.phpt?view=log&pathrev=301143", "description": [
"refsource" : "CONFIRM", {
"url" : "http://svn.php.net/viewvc/php/php-src/trunk/ext/standard/tests/general_functions/var_export_error2.phpt?view=log&pathrev=301143" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.php.net/archive/2010.php#id2010-07-22-1", ]
"refsource" : "CONFIRM", }
"url" : "http://www.php.net/archive/2010.php#id2010-07-22-1" ]
}, },
{ "references": {
"name" : "http://www.php.net/archive/2010.php#id2010-07-22-2", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.php.net/archive/2010.php#id2010-07-22-2" "name": "http://support.apple.com/kb/HT4435",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4435"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=617673", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=617673" "name": "HPSBOV02763",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2"
"name" : "http://support.apple.com/kb/HT4312", },
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4312" "name": "HPSBMA02662",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=130331363227777&w=2"
"name" : "http://support.apple.com/kb/HT4435", },
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4435" "name": "[oss-security] 20100716 Re: Re: CVE request, php var_export",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2010/07/16/3"
"name" : "APPLE-SA-2010-08-24-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html" "name": "http://svn.php.net/viewvc/php/php-src/trunk/ext/standard/tests/general_functions/var_export_error2.phpt?view=log&pathrev=301143",
}, "refsource": "CONFIRM",
{ "url": "http://svn.php.net/viewvc/php/php-src/trunk/ext/standard/tests/general_functions/var_export_error2.phpt?view=log&pathrev=301143"
"name" : "APPLE-SA-2010-11-10-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=617673",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=617673"
"name" : "DSA-2266", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2266" "name": "DSA-2266",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2011/dsa-2266"
"name" : "HPSBMA02662", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=130331363227777&w=2" "name": "APPLE-SA-2010-11-10-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
"name" : "SSRT100409", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=130331363227777&w=2" "name": "RHSA-2010:0919",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0919.html"
"name" : "HPSBOV02763", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=133469208622507&w=2" "name": "APPLE-SA-2010-08-24-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html"
"name" : "SSRT100826", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=133469208622507&w=2" "name": "[oss-security] 20100713 CVE request, php var_export",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2010/07/13/1"
"name" : "RHSA-2010:0919", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0919.html" "name": "http://www.php.net/archive/2010.php#id2010-07-22-2",
}, "refsource": "CONFIRM",
{ "url": "http://www.php.net/archive/2010.php#id2010-07-22-2"
"name" : "SUSE-SR:2010:017", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" "name": "SSRT100826",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=133469208622507&w=2"
"name" : "SUSE-SR:2010:018", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html" "name": "http://support.apple.com/kb/HT4312",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4312"
"name" : "42410", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42410" "name": "42410",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42410"
"name" : "ADV-2010-3081", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/3081" "name": "SUSE-SR:2010:017",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
} },
} {
"name": "SSRT100409",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130331363227777&w=2"
},
{
"name": "http://www.php.net/archive/2010.php#id2010-07-22-1",
"refsource": "CONFIRM",
"url": "http://www.php.net/archive/2010.php#id2010-07-22-1"
},
{
"name": "SUSE-SR:2010:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
},
{
"name": "ADV-2010-3081",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3081"
}
]
}
}

330
2010/2xxx/CVE-2010-2956.json
View File

@ -1,167 +1,167 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-2956", "ID": "CVE-2010-2956",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a \"-u root\" sequence."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/515545/100/0/threaded" "lang": "eng",
}, "value": "Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a \"-u root\" sequence."
{ }
"name" : "20101027 rPSA-2010-0075-1 sudo", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/514489/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.sudo.ws/sudo/alerts/runas_group.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.sudo.ws/sudo/alerts/runas_group.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=628628", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=628628" ]
}, },
{ "references": {
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0001.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0001.html" "name": "ADV-2010-2312",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/2312"
"name" : "http://wiki.rpath.com/Advisories:rPSA-2010-0075", },
"refsource" : "CONFIRM", {
"url" : "http://wiki.rpath.com/Advisories:rPSA-2010-0075" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=628628",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=628628"
"name" : "FEDORA-2010-14355", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047516.html" "name": "ADV-2010-2318",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/2318"
"name" : "GLSA-201009-03", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201009-03.xml" "name": "http://www.vmware.com/security/advisories/VMSA-2011-0001.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/security/advisories/VMSA-2011-0001.html"
"name" : "MDVSA-2010:175", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:175" "name": "MDVSA-2010:175",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:175"
"name" : "RHSA-2010:0675", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0675.html" "name": "ADV-2010-2320",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/2320"
"name" : "SUSE-SR:2010:017", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" "name": "20101027 rPSA-2010-0075-1 sudo",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/514489/100/0/threaded"
"name" : "USN-983-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-983-1" "name": "ADV-2010-2358",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/2358"
"name" : "43019", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/43019" "name": "http://www.sudo.ws/sudo/alerts/runas_group.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.sudo.ws/sudo/alerts/runas_group.html"
"name" : "1024392", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024392" "name": "http://wiki.rpath.com/Advisories:rPSA-2010-0075",
}, "refsource": "CONFIRM",
{ "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0075"
"name" : "40508", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40508" "name": "FEDORA-2010-14355",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047516.html"
"name" : "41316", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41316" "name": "GLSA-201009-03",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201009-03.xml"
"name" : "42787", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42787" "name": "20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/515545/100/0/threaded"
"name" : "ADV-2010-2312", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2312" "name": "SUSE-SR:2010:017",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
"name" : "ADV-2010-2318", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2318" "name": "43019",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/43019"
"name" : "ADV-2010-2320", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2320" "name": "RHSA-2010:0675",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0675.html"
"name" : "ADV-2010-2358", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2358" "name": "40508",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/40508"
"name" : "ADV-2011-0025", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0025" "name": "1024392",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1024392"
} },
} {
"name": "42787",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42787"
},
{
"name": "ADV-2011-0025",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0025"
},
{
"name": "USN-983-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-983-1"
},
{
"name": "41316",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41316"
}
]
}
}

170
2010/3xxx/CVE-2010-3062.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3062", "ID": "CVE-2010-3062",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function; or (2) trigger a heap-based buffer overflow via a modified length value, which is not properly handled by the php_mysqlnd_rset_header_read function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://php-security.org/2010/05/31/mops-2010-056-php-php_mysqlnd_ok_read-information-leak-vulnerability/index.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://php-security.org/2010/05/31/mops-2010-056-php-php_mysqlnd_ok_read-information-leak-vulnerability/index.html" "lang": "eng",
}, "value": "mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function; or (2) trigger a heap-based buffer overflow via a modified length value, which is not properly handled by the php_mysqlnd_rset_header_read function."
{ }
"name" : "http://php-security.org/2010/05/31/mops-2010-057-php-php_mysqlnd_rset_header_read-buffer-overflow-vulnerability/index.html", ]
"refsource" : "MISC", },
"url" : "http://php-security.org/2010/05/31/mops-2010-057-php-php_mysqlnd_rset_header_read-buffer-overflow-vulnerability/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/NEWS?r1=298701&r2=298703&pathrev=298703", "description": [
"refsource" : "CONFIRM", {
"url" : "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/NEWS?r1=298701&r2=298703&pathrev=298703" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://svn.php.net/viewvc?view=revision&revision=298703", ]
"refsource" : "CONFIRM", }
"url" : "http://svn.php.net/viewvc?view=revision&revision=298703" ]
}, },
{ "references": {
"name" : "SUSE-SR:2010:017", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" "name": "http://php-security.org/2010/05/31/mops-2010-056-php-php_mysqlnd_ok_read-information-leak-vulnerability/index.html",
}, "refsource": "MISC",
{ "url": "http://php-security.org/2010/05/31/mops-2010-056-php-php_mysqlnd_ok_read-information-leak-vulnerability/index.html"
"name" : "SUSE-SR:2010:018", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html" "name": "http://php-security.org/2010/05/31/mops-2010-057-php-php_mysqlnd_rset_header_read-buffer-overflow-vulnerability/index.html",
} "refsource": "MISC",
] "url": "http://php-security.org/2010/05/31/mops-2010-057-php-php_mysqlnd_rset_header_read-buffer-overflow-vulnerability/index.html"
} },
} {
"name": "SUSE-SR:2010:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
},
{
"name": "http://svn.php.net/viewvc?view=revision&revision=298703",
"refsource": "CONFIRM",
"url": "http://svn.php.net/viewvc?view=revision&revision=298703"
},
{
"name": "SUSE-SR:2010:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
},
{
"name": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/NEWS?r1=298701&r2=298703&pathrev=298703",
"refsource": "CONFIRM",
"url": "http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/NEWS?r1=298701&r2=298703&pathrev=298703"
}
]
}
}

170
2010/3xxx/CVE-2010-3270.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3270", "ID": "CVE-2010-3270",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB before SP21 EP3 and T27LC before SP22 allows user-assisted remote authenticated users to execute arbitrary code by providing a crafted .atp file and then disconnecting from a meeting. NOTE: since this is a site-specific issue with no expected action for consumers, it might be REJECTed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110131 [CORE-2010-1001] Cisco WebEx .atp and .wrf Overflow Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/516095/100/0/threaded" "lang": "eng",
}, "value": "Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB before SP21 EP3 and T27LC before SP22 allows user-assisted remote authenticated users to execute arbitrary code by providing a crafted .atp file and then disconnecting from a meeting. NOTE: since this is a site-specific issue with no expected action for consumers, it might be REJECTed."
{ }
"name" : "http://www.coresecurity.com/content/webex-atp-and-wrf-overflow-vulnerabilities", ]
"refsource" : "MISC", },
"url" : "http://www.coresecurity.com/content/webex-atp-and-wrf-overflow-vulnerabilities" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=22355", "description": [
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=22355" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "46078", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/46078" ]
}, },
{ "references": {
"name" : "1025015", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1025015" "name": "1025015",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1025015"
"name" : "ADV-2011-0260", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0260" "name": "http://www.coresecurity.com/content/webex-atp-and-wrf-overflow-vulnerabilities",
} "refsource": "MISC",
] "url": "http://www.coresecurity.com/content/webex-atp-and-wrf-overflow-vulnerabilities"
} },
} {
"name": "46078",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46078"
},
{
"name": "20110131 [CORE-2010-1001] Cisco WebEx .atp and .wrf Overflow Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516095/100/0/threaded"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22355",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=22355"
},
{
"name": "ADV-2011-0260",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0260"
}
]
}
}

140
2010/3xxx/CVE-2010-3413.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3413", "ID": "CVE-2010-3413",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the pop-up blocking functionality in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service (application crash) via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=53176", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=53176" "lang": "eng",
}, "value": "Unspecified vulnerability in the pop-up blocking functionality in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service (application crash) via unknown vectors."
{ }
"name" : "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:6937", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6937" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html"
},
{
"name": "oval:org.mitre.oval:def:6937",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6937"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=53176",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=53176"
}
]
}
}

270
2010/3xxx/CVE-2010-3431.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-3431", "ID": "CVE-2010-3431",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unintended uid, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20100921 Re: Minor security flaw with pam_xauth", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2010/09/21/3" "lang": "eng",
}, "value": "The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unintended uid, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435."
{ }
"name" : "[oss-security] 20100921 Re: Minor security flaw with pam_xauth", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2010/09/21/11" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20100921 Re: Minor security flaw with pam_xauth", "description": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2010/09/21/8" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20100921 Re: Minor security flaw with pam_xauth", ]
"refsource" : "MLIST", }
"url" : "http://openwall.com/lists/oss-security/2010/09/21/9" ]
}, },
{ "references": {
"name" : "[oss-security] 20100921 Re: Minor security flaw with pam_xauth", "reference_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2010/09/21/10" "name": "[oss-security] 20100927 Re: Minor security flaw with pam_xauth",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2010/09/27/5"
"name" : "[oss-security] 20100924 Re: Minor security flaw with pam_xauth", },
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2010/09/24/2" "name": "[oss-security] 20100921 Re: Minor security flaw with pam_xauth",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2010/09/21/3"
"name" : "[oss-security] 20100927 Re: Minor security flaw with pam_xauth", },
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2010/09/27/4" "name": "GLSA-201206-31",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201206-31.xml"
"name" : "[oss-security] 20100927 Re: Minor security flaw with pam_xauth", },
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2010/09/27/5" "name": "[oss-security] 20101004 Re: Minor security flaw with pam_xauth",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2010/10/03/1"
"name" : "[oss-security] 20100928 Re: Minor security flaw with pam_xauth", },
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2010/09/27/7" "name": "[oss-security] 20100924 Re: Minor security flaw with pam_xauth",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2010/09/24/2"
"name" : "[oss-security] 20100928 Re: Minor security flaw with pam_xauth", },
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2010/09/27/10" "name": "[oss-security] 20100921 Re: Minor security flaw with pam_xauth",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2010/09/21/9"
"name" : "[oss-security] 20101004 Re: Minor security flaw with pam_xauth", },
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2010/10/03/1" "name": "[oss-security] 20100921 Re: Minor security flaw with pam_xauth",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2010/09/21/8"
"name" : "[oss-security] 20101025 Re: Minor security flaw with pam_xauth", },
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2010/10/25/2" "name": "[oss-security] 20100928 Re: Minor security flaw with pam_xauth",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2010/09/27/10"
"name" : "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=843807a3a90f52e7538be756616510730a24739a", },
"refsource" : "CONFIRM", {
"url" : "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=843807a3a90f52e7538be756616510730a24739a" "name": "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=843807a3a90f52e7538be756616510730a24739a",
}, "refsource": "CONFIRM",
{ "url": "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=843807a3a90f52e7538be756616510730a24739a"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=641361", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=641361" "name": "[oss-security] 20100927 Re: Minor security flaw with pam_xauth",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2010/09/27/4"
"name" : "GLSA-201206-31", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201206-31.xml" "name": "[oss-security] 20100921 Re: Minor security flaw with pam_xauth",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2010/09/21/10"
"name" : "49711", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49711" "name": "49711",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/49711"
} },
} {
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=641361",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=641361"
},
{
"name": "[oss-security] 20100928 Re: Minor security flaw with pam_xauth",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/09/27/7"
},
{
"name": "[oss-security] 20101025 Re: Minor security flaw with pam_xauth",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/10/25/2"
},
{
"name": "[oss-security] 20100921 Re: Minor security flaw with pam_xauth",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/21/11"
}
]
}
}

290
2010/3xxx/CVE-2010-3880.json
View File

@ -1,147 +1,147 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-3880", "ID": "CVE-2010-3880",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message that contains multiple attribute elements, as demonstrated by INET_DIAG_BC_JMP instructions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded" "lang": "eng",
}, "value": "net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message that contains multiple attribute elements, as demonstrated by INET_DIAG_BC_JMP instructions."
{ }
"name" : "[netdev] 20101103 [PATCH 2/2] inet_diag: Make sure we actually run the same bytecode we audited.", ]
"refsource" : "MLIST", },
"url" : "http://www.spinics.net/lists/netdev/msg145899.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20101104 CVE request: kernel: logic error in INET_DIAG bytecode auditing", "description": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2010/11/04/9" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20101105 Re: CVE request: kernel: logic error in INET_DIAG bytecode auditing", ]
"refsource" : "MLIST", }
"url" : "http://openwall.com/lists/oss-security/2010/11/05/3" ]
}, },
{ "references": {
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=22e76c849d505d87c5ecf3d3e6742a65f0ff4860", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=22e76c849d505d87c5ecf3d3e6742a65f0ff4860" "name": "42789",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42789"
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2", },
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2" "name": "ADV-2011-0024",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0024"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=651264", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=651264" "name": "RHSA-2011:0004",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0004.html"
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
"name" : "DSA-2126", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2010/dsa-2126" "name": "46397",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/46397"
"name" : "RHSA-2010:0958", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0958.html" "name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2",
}, "refsource": "CONFIRM",
{ "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2"
"name" : "RHSA-2011:0004", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0004.html" "name": "44665",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/44665"
"name" : "RHSA-2011:0007", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0007.html" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=651264",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=651264"
"name" : "44665", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/44665" "name": "RHSA-2011:0007",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html"
"name" : "42126", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42126" "name": "RHSA-2010:0958",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0958.html"
"name" : "42789", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42789" "name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
"name" : "42890", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42890" "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=22e76c849d505d87c5ecf3d3e6742a65f0ff4860",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=22e76c849d505d87c5ecf3d3e6742a65f0ff4860"
"name" : "46397", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/46397" "name": "42890",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42890"
"name" : "ADV-2011-0024", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0024" "name": "[oss-security] 20101105 Re: CVE request: kernel: logic error in INET_DIAG bytecode auditing",
} "refsource": "MLIST",
] "url": "http://openwall.com/lists/oss-security/2010/11/05/3"
} },
} {
"name": "42126",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42126"
},
{
"name": "[netdev] 20101103 [PATCH 2/2] inet_diag: Make sure we actually run the same bytecode we audited.",
"refsource": "MLIST",
"url": "http://www.spinics.net/lists/netdev/msg145899.html"
},
{
"name": "[oss-security] 20101104 CVE request: kernel: logic error in INET_DIAG bytecode auditing",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/11/04/9"
},
{
"name": "DSA-2126",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2126"
}
]
}
}

130
2010/4xxx/CVE-2010-4746.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-4746", "ID": "CVE-2010-4746",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service (memory consumption) via \"badly behaved applications,\" related to (1) Slapi_Attr mishandling in the DN normalization code and (2) pointer mishandling in the syntax normalization code, a different issue than CVE-2011-0019."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://directory.fedoraproject.org/wiki/Release_Notes", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://directory.fedoraproject.org/wiki/Release_Notes" "lang": "eng",
}, "value": "Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service (memory consumption) via \"badly behaved applications,\" related to (1) Slapi_Attr mishandling in the DN normalization code and (2) pointer mishandling in the syntax normalization code, a different issue than CVE-2011-0019."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=663597", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=663597" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://directory.fedoraproject.org/wiki/Release_Notes",
"refsource": "CONFIRM",
"url": "http://directory.fedoraproject.org/wiki/Release_Notes"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=663597",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=663597"
}
]
}
}

330
2011/0xxx/CVE-2011-0281.json
View File

@ -1,167 +1,167 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-0281", "ID": "CVE-2011-0281",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \\n sequence."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110208 MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/516299/100/0/threaded" "lang": "eng",
}, "value": "The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \\n sequence."
{ }
"name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[kerberos] 20101222 LDAP handle unavailable: Can't contact LDAP server", "description": [
"refsource" : "MLIST", {
"url" : "http://mailman.mit.edu/pipermail/kerberos/2010-December/016800.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt", ]
"refsource" : "CONFIRM", }
"url" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt" ]
}, },
{ "references": {
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" "name": "MDVSA-2011:025",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:025"
"name" : "MDVSA-2011:024", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:024" "name": "46265",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/46265"
"name" : "MDVSA-2011:025", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:025" "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
"name" : "RHSA-2011:0199", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0199.html" "name": "46397",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/46397"
"name" : "RHSA-2011:0200", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0200.html" "name": "ADV-2011-0347",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0347"
"name" : "SUSE-SR:2011:004", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html" "name": "43260",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43260"
"name" : "46265", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/46265" "name": "ADV-2011-0333",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0333"
"name" : "1025037", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1025037" "name": "RHSA-2011:0199",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0199.html"
"name" : "43260", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43260" "name": "43273",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43273"
"name" : "43273", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43273" "name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt",
}, "refsource": "CONFIRM",
{ "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt"
"name" : "43275", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43275" "name": "20110208 MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/516299/100/0/threaded"
"name" : "46397", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/46397" "name": "1025037",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1025037"
"name" : "8073", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/8073" "name": "SUSE-SR:2011:004",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html"
"name" : "ADV-2011-0330", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0330" "name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
"name" : "ADV-2011-0333", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0333" "name": "MDVSA-2011:024",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:024"
"name" : "ADV-2011-0347", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0347" "name": "ADV-2011-0464",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0464"
"name" : "ADV-2011-0464", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0464" "name": "8073",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/8073"
"name" : "kerberos-ldap-descriptor-dos(65324)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65324" "name": "kerberos-ldap-descriptor-dos(65324)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65324"
} },
} {
"name": "ADV-2011-0330",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0330"
},
{
"name": "[kerberos] 20101222 LDAP handle unavailable: Can't contact LDAP server",
"refsource": "MLIST",
"url": "http://mailman.mit.edu/pipermail/kerberos/2010-December/016800.html"
},
{
"name": "43275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43275"
},
{
"name": "RHSA-2011:0200",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0200.html"
}
]
}
}

130
2011/0xxx/CVE-2011-0629.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2011-0629", "ID": "CVE-2011-0629",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-14.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-14.html" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
{ }
"name" : "coldfusion-unspec-csrf(68027)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68027" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "coldfusion-unspec-csrf(68027)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68027"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-14.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-14.html"
}
]
}
}

160
2011/1xxx/CVE-2011-1125.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1125", "ID": "CVE-2011-1125",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 9.0.597.107 does not properly perform layout, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=73235", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=73235" "lang": "eng",
}, "value": "Google Chrome before 9.0.597.107 does not properly perform layout, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\""
{ }
"name" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "46614", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/46614" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:14368", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14368" ]
}, },
{ "references": {
"name" : "google-chrome-layouts-dos(65743)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65743" "name": "oval:org.mitre.oval:def:14368",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14368"
} },
} {
"name": "google-chrome-layouts-dos(65743)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65743"
},
{
"name": "46614",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46614"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=73235",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=73235"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html"
}
]
}
}

250
2011/1xxx/CVE-2011-1412.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1412", "ID": "CVE-2011-1412",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in World of Padman 1.5.x before 1.5.1.1 and OpenArena 0.8.x-15 and 0.8.x-16, allows remote game servers to execute arbitrary commands via shell metacharacters in a long fs_game variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110728 Two security issues fixed in ioQuake3 engine", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/519051/100/0/threaded" "lang": "eng",
}, "value": "sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in World of Padman 1.5.x before 1.5.1.1 and OpenArena 0.8.x-15 and 0.8.x-16, allows remote game servers to execute arbitrary commands via shell metacharacters in a long fs_game variable."
{ }
"name" : "20110728 Two security issues fixed in ioQuake3 engine", ]
"refsource" : "FULLDISC", },
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-07/0338.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://svn.icculus.org/quake3?view=rev&revision=2097", "description": [
"refsource" : "CONFIRM", {
"url" : "http://svn.icculus.org/quake3?view=rev&revision=2097" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://thilo.tjps.eu/download/patches/ioq3-svn-r2097.diff", ]
"refsource" : "CONFIRM", }
"url" : "http://thilo.tjps.eu/download/patches/ioq3-svn-r2097.diff" ]
}, },
{ "references": {
"name" : "http://worldofpadman.com/website/news/en/article/266/wop-1-5-1-1-hotfix-released-for-linux.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://worldofpadman.com/website/news/en/article/266/wop-1-5-1-1-hotfix-released-for-linux.html" "name": "20110728 Two security issues fixed in ioQuake3 engine",
}, "refsource": "FULLDISC",
{ "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-07/0338.html"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=725951", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=725951" "name": "http://svn.icculus.org/quake3?view=rev&revision=2097",
}, "refsource": "CONFIRM",
{ "url": "http://svn.icculus.org/quake3?view=rev&revision=2097"
"name" : "FEDORA-2011-9898", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063460.html" "name": "http://thilo.tjps.eu/download/patches/ioq3-svn-r2097.diff",
}, "refsource": "CONFIRM",
{ "url": "http://thilo.tjps.eu/download/patches/ioq3-svn-r2097.diff"
"name" : "GLSA-201706-23", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201706-23" "name": "45468",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/45468"
"name" : "48915", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/48915" "name": "http://worldofpadman.com/website/news/en/article/266/wop-1-5-1-1-hotfix-released-for-linux.html",
}, "refsource": "CONFIRM",
{ "url": "http://worldofpadman.com/website/news/en/article/266/wop-1-5-1-1-hotfix-released-for-linux.html"
"name" : "74137", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/74137" "name": "ioquake-idtech-command-execution(68869)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68869"
"name" : "45417", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/45417" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=725951",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=725951"
"name" : "45468", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/45468" "name": "74137",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/74137"
"name" : "8324", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/8324" "name": "48915",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/48915"
"name" : "ioquake-idtech-command-execution(68869)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68869" "name": "20110728 Two security issues fixed in ioQuake3 engine",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/519051/100/0/threaded"
} },
} {
"name": "8324",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8324"
},
{
"name": "GLSA-201706-23",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-23"
},
{
"name": "45417",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45417"
},
{
"name": "FEDORA-2011-9898",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063460.html"
}
]
}
}

210
2011/1xxx/CVE-2011-1525.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1525", "ID": "CVE-2011-1525",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in rvrender.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted frame in an Internet Video Recording (IVR) file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110321 Heap overflow in RealPlayer 14.0.1.633", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/517083/100/0/threaded" "lang": "eng",
}, "value": "Heap-based buffer overflow in rvrender.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted frame in an Internet Video Recording (IVR) file."
{ }
"name" : "17019", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/17019" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://aluigi.org/adv/real_5-adv.txt", "description": [
"refsource" : "MISC", {
"url" : "http://aluigi.org/adv/real_5-adv.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://service.real.com/realplayer/security/04122011_player/en/", ]
"refsource" : "CONFIRM", }
"url" : "http://service.real.com/realplayer/security/04122011_player/en/" ]
}, },
{ "references": {
"name" : "46946", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/46946" "name": "43847",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43847"
"name" : "71260", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/71260" "name": "http://service.real.com/realplayer/security/04122011_player/en/",
}, "refsource": "CONFIRM",
{ "url": "http://service.real.com/realplayer/security/04122011_player/en/"
"name" : "1025245", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1025245" "name": "71260",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/71260"
"name" : "43847", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43847" "name": "realplayer-ivr-bo(66209)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66209"
"name" : "8181", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/8181" "name": "http://aluigi.org/adv/real_5-adv.txt",
}, "refsource": "MISC",
{ "url": "http://aluigi.org/adv/real_5-adv.txt"
"name" : "realplayer-ivr-bo(66209)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66209" "name": "46946",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/46946"
} },
} {
"name": "1025245",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025245"
},
{
"name": "20110321 Heap overflow in RealPlayer 14.0.1.633",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517083/100/0/threaded"
},
{
"name": "8181",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8181"
},
{
"name": "17019",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17019"
}
]
}
}

310
2011/1xxx/CVE-2011-1921.json
View File

@ -1,157 +1,157 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-1921", "ID": "CVE-2011-1921",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://subversion.apache.org/security/CVE-2011-1921-advisory.txt", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://subversion.apache.org/security/CVE-2011-1921-advisory.txt" "lang": "eng",
}, "value": "The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation."
{ }
"name" : "http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES", ]
"refsource" : "CONFIRM", },
"url" : "http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=709114", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=709114" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.apple.com/kb/HT5130", ]
"refsource" : "CONFIRM", }
"url" : "http://support.apple.com/kb/HT5130" ]
}, },
{ "references": {
"name" : "APPLE-SA-2012-02-01-1", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" "name": "DSA-2251",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2011/dsa-2251"
"name" : "DSA-2251", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2251" "name": "USN-1144-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1144-1"
"name" : "FEDORA-2011-8341", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062211.html" "name": "http://support.apple.com/kb/HT5130",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT5130"
"name" : "FEDORA-2011-8352", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061913.html" "name": "MDVSA-2011:106",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:106"
"name" : "MDVSA-2011:106", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:106" "name": "44849",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/44849"
"name" : "RHSA-2011:0862", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0862.html" "name": "RHSA-2011:0862",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0862.html"
"name" : "USN-1144-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1144-1" "name": "FEDORA-2011-8341",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062211.html"
"name" : "48091", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/48091" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=709114",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709114"
"name" : "oval:org.mitre.oval:def:18999", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18999" "name": "44888",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/44888"
"name" : "1025619", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1025619" "name": "http://subversion.apache.org/security/CVE-2011-1921-advisory.txt",
}, "refsource": "CONFIRM",
{ "url": "http://subversion.apache.org/security/CVE-2011-1921-advisory.txt"
"name" : "44633", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/44633" "name": "1025619",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1025619"
"name" : "44681", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/44681" "name": "oval:org.mitre.oval:def:18999",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18999"
"name" : "45162", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/45162" "name": "APPLE-SA-2012-02-01-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
"name" : "44849", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/44849" "name": "45162",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/45162"
"name" : "44888", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/44888" "name": "subversion-control-rules-info-disc(67804)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67804"
"name" : "subversion-control-rules-info-disc(67804)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67804" "name": "44681",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/44681"
} },
} {
"name": "48091",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48091"
},
{
"name": "FEDORA-2011-8352",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061913.html"
},
{
"name": "44633",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44633"
},
{
"name": "http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/repos/asf/subversion/tags/1.6.17/CHANGES"
}
]
}
}

120
2011/5xxx/CVE-2011-5127.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-5127", "ID": "CVE-2011-5127",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2.4.13, 9.2.5.x before 9.2.5.1, and 9.3 before 9.3.1.2 on Windows allows remote attackers to read arbitrary files, and consequently execute arbitrary code, via an unspecified HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://kb.bluecoat.com/index?page=content&id=SA60", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://kb.bluecoat.com/index?page=content&id=SA60" "lang": "eng",
} "value": "Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2.4.13, 9.2.5.x before 9.2.5.1, and 9.3 before 9.3.1.2 on Windows allows remote attackers to read arbitrary files, and consequently execute arbitrary code, via an unspecified HTTP request."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.bluecoat.com/index?page=content&id=SA60",
"refsource": "CONFIRM",
"url": "https://kb.bluecoat.com/index?page=content&id=SA60"
}
]
}
}

190
2014/3xxx/CVE-2014-3020.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2014-3020", "ID": "CVE-2014-3020",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21679952", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21679952" "lang": "eng",
}, "value": "install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program."
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680841", ]
"refsource" : "CONFIRM", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680841" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680254", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21680254" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "69034", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/69034" ]
}, },
{ "references": {
"name" : "59687", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/59687" "name": "59687",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/59687"
"name" : "60552", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/60552" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680841",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680841"
"name" : "59795", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/59795" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21679952",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679952"
"name" : "ibm-tip-ewas-cve20143020-install(93056)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93056" "name": "69034",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/69034"
} },
} {
"name": "ibm-tip-ewas-cve20143020-install(93056)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93056"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680254",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680254"
},
{
"name": "60552",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60552"
},
{
"name": "59795",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59795"
}
]
}
}

250
2014/3xxx/CVE-2014-3609.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-3609", "ID": "CVE-2014-3609",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted \"Range headers with unidentifiable byte-range values.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.squid-cache.org/Advisories/SQUID-2014_2.txt", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.squid-cache.org/Advisories/SQUID-2014_2.txt" "lang": "eng",
}, "value": "HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted \"Range headers with unidentifiable byte-range values.\""
{ }
"name" : "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9201.patch", ]
"refsource" : "CONFIRM", },
"url" : "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9201.patch" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-3014", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2014/dsa-3014" ]
}, },
{ "references": {
"name" : "DSA-3139", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2015/dsa-3139" "name": "61320",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/61320"
"name" : "RHSA-2014:1147", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1147.html" "name": "60179",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/60179"
"name" : "SUSE-SU-2014:1140", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00025.html" "name": "SUSE-SU-2014:1140",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00025.html"
"name" : "openSUSE-SU-2014:1144", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00029.html" "name": "USN-2327-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2327-1"
"name" : "USN-2327-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2327-1" "name": "DSA-3139",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2015/dsa-3139"
"name" : "69453", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/69453" "name": "openSUSE-SU-2014:1144",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00029.html"
"name" : "60179", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/60179" "name": "DSA-3014",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2014/dsa-3014"
"name" : "60334", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/60334" "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
"name" : "61320", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/61320" "name": "http://www.squid-cache.org/Advisories/SQUID-2014_2.txt",
}, "refsource": "CONFIRM",
{ "url": "http://www.squid-cache.org/Advisories/SQUID-2014_2.txt"
"name" : "61412", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/61412" "name": "RHSA-2014:1147",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2014-1147.html"
} },
} {
"name": "60334",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60334"
},
{
"name": "69453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69453"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9201.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9201.patch"
},
{
"name": "61412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61412"
}
]
}
}

150
2014/3xxx/CVE-2014-3772.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3772", "ID": "CVE-2014-3772",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the session_start function before checking the CPM key, as demonstrated by a request to sources/upload/upload.files.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20140518 CVE requests / advisory: TeamPass <= 2.1.19", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2014/05/18/2" "lang": "eng",
}, "value": "TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the session_start function before checking the CPM key, as demonstrated by a request to sources/upload/upload.files.php."
{ }
"name" : "[oss-security] 20140519 Re: CVE requests / advisory: TeamPass <= 2.1.19", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2014/05/19/5" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://teampass.net/installation/2.1.20-released.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://teampass.net/installation/2.1.20-released.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f" ]
} },
] "references": {
} "reference_data": [
} {
"name": "[oss-security] 20140518 CVE requests / advisory: TeamPass <= 2.1.19",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/18/2"
},
{
"name": "https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f",
"refsource": "CONFIRM",
"url": "https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f"
},
{
"name": "http://teampass.net/installation/2.1.20-released.html",
"refsource": "CONFIRM",
"url": "http://teampass.net/installation/2.1.20-released.html"
},
{
"name": "[oss-security] 20140519 Re: CVE requests / advisory: TeamPass <= 2.1.19",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/19/5"
}
]
}
}

130
2014/3xxx/CVE-2014-3814.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-3814", "ID": "CVE-2014-3814",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Juniper Networks NetScreen Firewall devices with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via a sequence of malformed packets to the device IP."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10632", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10632" "lang": "eng",
}, "value": "The Juniper Networks NetScreen Firewall devices with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via a sequence of malformed packets to the device IP."
{ }
"name" : "59026", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/59026" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10632",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10632"
},
{
"name": "59026",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59026"
}
]
}
}

150
2014/6xxx/CVE-2014-6530.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2014-6530", "ID": "CVE-2014-6530",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP."
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SU-2015:0743", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "70486", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/70486" ]
} },
] "references": {
} "reference_data": [
} {
"name": "70486",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70486"
},
{
"name": "SUSE-SU-2015:0743",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
]
}
}

140
2014/7xxx/CVE-2014-7098.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7098", "ID": "CVE-2014-7098",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Fylet Secure Large File Sender (aka com.application.fyletFileSender) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Fylet Secure Large File Sender (aka com.application.fyletFileSender) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#388897", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/388897" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#582497", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/582497" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#388897",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/388897"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

34
2014/7xxx/CVE-2014-7227.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-7227", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-7227",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187. Reason: This candidate is a duplicate of CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187. Notes: All CVE users should reference CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187. Reason: This candidate is a duplicate of CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187. Notes: All CVE users should reference CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

150
2014/7xxx/CVE-2014-7838.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-7838", "ID": "CVE-2014-7838",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for requests that set a tracking preference within (1) mod/forum/deprecatedlib.php, (2) mod/forum/forum.js, (3) mod/forum/index.php, or (4) mod/forum/lib.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20141117 Moodle security issues are now public", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2014/11/17/11" "lang": "eng",
}, "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for requests that set a tracking preference within (1) mod/forum/deprecatedlib.php, (2) mod/forum/forum.js, (3) mod/forum/index.php, or (4) mod/forum/lib.php."
{ }
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48019", ]
"refsource" : "CONFIRM", },
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48019" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://moodle.org/mod/forum/discuss.php?d=275164", "description": [
"refsource" : "CONFIRM", {
"url" : "https://moodle.org/mod/forum/discuss.php?d=275164" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1031215", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1031215" ]
} },
] "references": {
} "reference_data": [
} {
"name": "1031215",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031215"
},
{
"name": "[oss-security] 20141117 Moodle security issues are now public",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/11/17/11"
},
{
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48019",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48019"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=275164",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=275164"
}
]
}
}

160
2014/8xxx/CVE-2014-8469.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8469", "ID": "CVE-2014-8469",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox before 4 Beta allows remote attackers to inject arbitrary web script or HTML via the User-Agent header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "35274", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/35274" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox before 4 Beta allows remote attackers to inject arbitrary web script or HTML via the User-Agent header."
{ }
"name" : "20141118 PHPFox XSS AdminCP", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2014/Nov/50" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://packetstormsecurity.com/files/129153/PHPFox-Cross-Site-Scripting.html", "description": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/129153/PHPFox-Cross-Site-Scripting.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "71180", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/71180" ]
}, },
{ "references": {
"name" : "phpfox-cve20148469-xss(98727)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98727" "name": "20141118 PHPFox XSS AdminCP",
} "refsource": "FULLDISC",
] "url": "http://seclists.org/fulldisclosure/2014/Nov/50"
} },
} {
"name": "phpfox-cve20148469-xss(98727)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98727"
},
{
"name": "http://packetstormsecurity.com/files/129153/PHPFox-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129153/PHPFox-Cross-Site-Scripting.html"
},
{
"name": "71180",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71180"
},
{
"name": "35274",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35274"
}
]
}
}

190
2014/8xxx/CVE-2014-8793.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8793", "ID": "CVE-2014-8793",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via the refresh_page parameter to www/admin/report-generate.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20141217 Cross-Site Scripting (XSS) in Revive Adserver", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/534269/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via the refresh_page parameter to www/admin/report-generate.php."
{ }
"name" : "20141217 [REVIVE-SA-2014-002] Revive Adserver 3.0.6 and 3.1.0 fix multiple vulnerabilities", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/534264/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://packetstormsecurity.com/files/129621/Revive-Adserver-3.0.5-Cross-Site-Scripting-Denial-Of-Service.html", "description": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/129621/Revive-Adserver-3.0.5-Cross-Site-Scripting-Denial-Of-Service.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.com/files/129622/Revive-Adserver-3.0.5-Cross-Site-Scripting.html", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.com/files/129622/Revive-Adserver-3.0.5-Cross-Site-Scripting.html" ]
}, },
{ "references": {
"name" : "https://www.htbridge.com/advisory/HTB23242", "reference_data": [
"refsource" : "MISC", {
"url" : "https://www.htbridge.com/advisory/HTB23242" "name": "http://packetstormsecurity.com/files/129621/Revive-Adserver-3.0.5-Cross-Site-Scripting-Denial-Of-Service.html",
}, "refsource": "MISC",
{ "url": "http://packetstormsecurity.com/files/129621/Revive-Adserver-3.0.5-Cross-Site-Scripting-Denial-Of-Service.html"
"name" : "http://www.revive-adserver.com/security/revive-sa-2014-002/", },
"refsource" : "CONFIRM", {
"url" : "http://www.revive-adserver.com/security/revive-sa-2014-002/" "name": "20141217 [REVIVE-SA-2014-002] Revive Adserver 3.0.6 and 3.1.0 fix multiple vulnerabilities",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/534264/100/0/threaded"
"name" : "https://github.com/revive-adserver/revive-adserver/commit/2be73f9", },
"refsource" : "CONFIRM", {
"url" : "https://github.com/revive-adserver/revive-adserver/commit/2be73f9" "name": "https://github.com/revive-adserver/revive-adserver/commit/2be73f9",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/revive-adserver/revive-adserver/commit/2be73f9"
"name" : "71718", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/71718" "name": "http://packetstormsecurity.com/files/129622/Revive-Adserver-3.0.5-Cross-Site-Scripting.html",
} "refsource": "MISC",
] "url": "http://packetstormsecurity.com/files/129622/Revive-Adserver-3.0.5-Cross-Site-Scripting.html"
} },
} {
"name": "20141217 Cross-Site Scripting (XSS) in Revive Adserver",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534269/100/0/threaded"
},
{
"name": "71718",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71718"
},
{
"name": "http://www.revive-adserver.com/security/revive-sa-2014-002/",
"refsource": "CONFIRM",
"url": "http://www.revive-adserver.com/security/revive-sa-2014-002/"
},
{
"name": "https://www.htbridge.com/advisory/HTB23242",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23242"
}
]
}
}

170
2014/8xxx/CVE-2014-8960.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8960", "ID": "CVE-2014-8960",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename."
{ }
"name" : "https://github.com/phpmyadmin/phpmyadmin/commit/9364e2eee5681681caf7205c0933bc18af11e233", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/phpmyadmin/phpmyadmin/commit/9364e2eee5681681caf7205c0933bc18af11e233" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-201505-03", "description": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201505-03" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MDVSA-2014:228", ]
"refsource" : "MANDRIVA", }
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:228" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2014:1561", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2014-12/msg00017.html" "name": "GLSA-201505-03",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201505-03"
"name" : "71244", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/71244" "name": "openSUSE-SU-2014:1561",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-updates/2014-12/msg00017.html"
} },
} {
"name": "https://github.com/phpmyadmin/phpmyadmin/commit/9364e2eee5681681caf7205c0933bc18af11e233",
"refsource": "CONFIRM",
"url": "https://github.com/phpmyadmin/phpmyadmin/commit/9364e2eee5681681caf7205c0933bc18af11e233"
},
{
"name": "71244",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71244"
},
{
"name": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php"
},
{
"name": "MDVSA-2014:228",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:228"
}
]
}
}

34
2014/9xxx/CVE-2014-9327.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9327", "ID": "CVE-2014-9327",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2016/2xxx/CVE-2016-2251.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-2251", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-2251",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

34
2016/2xxx/CVE-2016-2899.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-2899", "ID": "CVE-2016-2899",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2016/6xxx/CVE-2016-6035.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2016-6035", "ID": "CVE-2016-6035",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Rational Collaborative Lifecycle Management", "product_name": "Rational Collaborative Lifecycle Management",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "4.0.7, 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3" "version_value": "4.0.7, 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM Corporation" "vendor_name": "IBM Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Rational Quality Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116896."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22002429", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22002429" "lang": "eng",
} "value": "IBM Rational Quality Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116896."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22002429",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22002429"
}
]
}
}

150
2016/6xxx/CVE-2016-6273.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6273", "ID": "CVE-2016-6273",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License Server VPX before 11.14.0.1, allows remote attackers to cause a denial of service (crash) via a type 2F packet with a '01 19' opcode."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.tenable.com/security/research/tra-2016-29", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.tenable.com/security/research/tra-2016-29" "lang": "eng",
}, "value": "The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License Server VPX before 11.14.0.1, allows remote attackers to cause a denial of service (crash) via a type 2F packet with a '01 19' opcode."
{ }
"name" : "http://support.citrix.com/article/CTX217430", ]
"refsource" : "CONFIRM", },
"url" : "http://support.citrix.com/article/CTX217430" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "93450", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/93450" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1037008", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1037008" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://www.tenable.com/security/research/tra-2016-29",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2016-29"
},
{
"name": "1037008",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037008"
},
{
"name": "http://support.citrix.com/article/CTX217430",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX217430"
},
{
"name": "93450",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93450"
}
]
}
}

160
2016/6xxx/CVE-2016-6317.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2016-6317", "ID": "CVE-2016-6317",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160811 [CVE-2016-6317] Unsafe Query Generation Risk in Active Record", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/08/11/4" "lang": "eng",
}, "value": "Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155."
{ }
"name" : "[ruby-security-ann] 20160811 [CVE-2016-6317] Unsafe Query Generation Risk in Active Record", ]
"refsource" : "MLIST", },
"url" : "https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2016:1855", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1855.html" ]
}, },
{ "references": {
"name" : "92434", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/92434" "name": "92434",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/92434"
} },
} {
"name": "[oss-security] 20160811 [CVE-2016-6317] Unsafe Query Generation Risk in Active Record",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/08/11/4"
},
{
"name": "RHSA-2016:1855",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1855.html"
},
{
"name": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/",
"refsource": "CONFIRM",
"url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/"
},
{
"name": "[ruby-security-ann] 20160811 [CVE-2016-6317] Unsafe Query Generation Risk in Active Record",
"refsource": "MLIST",
"url": "https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA"
}
]
}
}

160
2016/6xxx/CVE-2016-6764.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-6764", "ID": "CVE-2016-6764",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android-4.4.4" "version_value": "Android-4.4.4"
}, },
{ {
"version_value" : "Android-5.0.2" "version_value": "Android-5.0.2"
}, },
{ {
"version_value" : "Android-5.1.1" "version_value": "Android-5.1.1"
}, },
{ {
"version_value" : "Android-6.0" "version_value": "Android-6.0"
}, },
{ {
"version_value" : "Android-6.0.1" "version_value": "Android-6.0.1"
}, },
{ {
"version_value" : "Android-7.0" "version_value": "Android-7.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31681434."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of service"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2016-12-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2016-12-01.html" "lang": "eng",
}, "value": "A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31681434."
{ }
"name" : "94688", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/94688" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94688",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94688"
},
{
"name": "https://source.android.com/security/bulletin/2016-12-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-12-01.html"
}
]
}
}

140
2016/6xxx/CVE-2016-6871.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6871", "ID": "CVE-2016-6871",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160811 CVE Requests Facebook HHVM", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/08/11/1" "lang": "eng",
}, "value": "Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow."
{ }
"name" : "[oss-security] 20160818 Re: CVE Requests Facebook HHVM", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2016/08/19/1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160811 CVE Requests Facebook HHVM",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/08/11/1"
},
{
"name": "https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475",
"refsource": "CONFIRM",
"url": "https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475"
},
{
"name": "[oss-security] 20160818 Re: CVE Requests Facebook HHVM",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/08/19/1"
}
]
}
}

132
2017/18xxx/CVE-2017-18126.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00", "DATE_PUBLIC": "2018-04-02T00:00:00",
"ID" : "CVE-2017-18126", "ID": "CVE-2017-18126",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Snapdragon Mobile, Snapdragon Wear", "product_name": "Snapdragon Mobile, Snapdragon Wear",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "MDM9206, MDM9607, MDM9640, MDM9650, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016" "version_value": "MDM9206, MDM9607, MDM9640, MDM9650, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016, the original mac spoofing feature does not use the following in probe request frames: (a) randomized sequence numbers and (b) randomized source address for cfg80211 scan, vendor scan and pno scan which may affect user privacy."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use of Insufficiently Random Values in WLAN."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2018-04-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2018-04-01" "lang": "eng",
}, "value": "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016, the original mac spoofing feature does not use the following in probe request frames: (a) randomized sequence numbers and (b) randomized source address for cfg80211 scan, vendor scan and pno scan which may affect user privacy."
{ }
"name" : "103671", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103671" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Use of Insufficiently Random Values in WLAN."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
}

160
2017/18xxx/CVE-2017-18265.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-18265", "ID": "CVE-2017-18265",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Prosody before 0.10.0 allows remote attackers to cause a denial of service (application crash), related to an incompatibility with certain versions of the LuaSocket library, such as the lua-socket package from Debian stretch. The attacker needs to trigger a stream error. A crash can be observed in, for example, the c2s module."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugs.debian.org/875829", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugs.debian.org/875829" "lang": "eng",
}, "value": "Prosody before 0.10.0 allows remote attackers to cause a denial of service (application crash), related to an incompatibility with certain versions of the LuaSocket library, such as the lua-socket package from Debian stretch. The attacker needs to trigger a stream error. A crash can be observed in, for example, the c2s module."
{ }
"name" : "https://hg.prosody.im/0.9/rev/176b7f4e4ac9", ]
"refsource" : "MISC", },
"url" : "https://hg.prosody.im/0.9/rev/176b7f4e4ac9" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://hg.prosody.im/0.9/rev/adfffc5b4e2a", "description": [
"refsource" : "MISC", {
"url" : "https://hg.prosody.im/0.9/rev/adfffc5b4e2a" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://prosody.im/issues/issue/987", ]
"refsource" : "MISC", }
"url" : "https://prosody.im/issues/issue/987" ]
}, },
{ "references": {
"name" : "DSA-4198", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4198" "name": "DSA-4198",
} "refsource": "DEBIAN",
] "url": "https://www.debian.org/security/2018/dsa-4198"
} },
} {
"name": "https://hg.prosody.im/0.9/rev/176b7f4e4ac9",
"refsource": "MISC",
"url": "https://hg.prosody.im/0.9/rev/176b7f4e4ac9"
},
{
"name": "https://hg.prosody.im/0.9/rev/adfffc5b4e2a",
"refsource": "MISC",
"url": "https://hg.prosody.im/0.9/rev/adfffc5b4e2a"
},
{
"name": "https://prosody.im/issues/issue/987",
"refsource": "MISC",
"url": "https://prosody.im/issues/issue/987"
},
{
"name": "https://bugs.debian.org/875829",
"refsource": "MISC",
"url": "https://bugs.debian.org/875829"
}
]
}
}

180
2017/5xxx/CVE-2017-5015.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@google.com",
"ID" : "CVE-2017-5015", "ID": "CVE-2017-5015",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android", "product_name": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android" "version_value": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "insufficient policy enforcement"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html" "lang": "eng",
}, "value": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name."
{ }
"name" : "https://crbug.com/673971", ]
"refsource" : "CONFIRM", },
"url" : "https://crbug.com/673971" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-3776", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3776" "lang": "eng",
}, "value": "insufficient policy enforcement"
{ }
"name" : "GLSA-201701-66", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201701-66" ]
}, },
{ "references": {
"name" : "RHSA-2017:0206", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0206.html" "name": "95792",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/95792"
"name" : "95792", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/95792" "name": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html",
}, "refsource": "CONFIRM",
{ "url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html"
"name" : "1037718", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037718" "name": "GLSA-201701-66",
} "refsource": "GENTOO",
] "url": "https://security.gentoo.org/glsa/201701-66"
} },
} {
"name": "RHSA-2017:0206",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0206.html"
},
{
"name": "https://crbug.com/673971",
"refsource": "CONFIRM",
"url": "https://crbug.com/673971"
},
{
"name": "1037718",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037718"
},
{
"name": "DSA-3776",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3776"
}
]
}
}

150
2017/5xxx/CVE-2017-5670.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5670", "ID": "CVE-2017-5670",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Riverbed RiOS through 9.6.0 deletes the secure vault with the rm program (not shred or srm), which makes it easier for physically proximate attackers to obtain sensitive information by reading raw disk blocks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://seclists.org/fulldisclosure/2017/Feb/25", "description_data": [
"refsource" : "MISC", {
"url" : "http://seclists.org/fulldisclosure/2017/Feb/25" "lang": "eng",
}, "value": "Riverbed RiOS through 9.6.0 deletes the secure vault with the rm program (not shred or srm), which makes it easier for physically proximate attackers to obtain sensitive information by reading raw disk blocks."
{ }
"name" : "https://supportkb.riverbed.com/support/index?page=content&id=S30065", ]
"refsource" : "MISC", },
"url" : "https://supportkb.riverbed.com/support/index?page=content&id=S30065" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://sysdream.com/news/lab/2017-02-15-riverbed-rios-insecure-cryptographic-storage-cve-2017-5670/", "description": [
"refsource" : "MISC", {
"url" : "https://sysdream.com/news/lab/2017-02-15-riverbed-rios-insecure-cryptographic-storage-cve-2017-5670/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "96175", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/96175" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://seclists.org/fulldisclosure/2017/Feb/25",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Feb/25"
},
{
"name": "https://sysdream.com/news/lab/2017-02-15-riverbed-rios-insecure-cryptographic-storage-cve-2017-5670/",
"refsource": "MISC",
"url": "https://sysdream.com/news/lab/2017-02-15-riverbed-rios-insecure-cryptographic-storage-cve-2017-5670/"
},
{
"name": "96175",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96175"
},
{
"name": "https://supportkb.riverbed.com/support/index?page=content&id=S30065",
"refsource": "MISC",
"url": "https://supportkb.riverbed.com/support/index?page=content&id=S30065"
}
]
}
}

34
2017/5xxx/CVE-2017-5702.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5702", "ID": "CVE-2017-5702",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/5xxx/CVE-2017-5751.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5751", "ID": "CVE-2017-5751",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2017/5xxx/CVE-2017-5926.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5926", "ID": "CVE-2017-5926",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf" "lang": "eng",
}, "value": "Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR."
{ }
"name" : "https://www.vusec.net/projects/anc", ]
"refsource" : "MISC", },
"url" : "https://www.vusec.net/projects/anc" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "96457", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96457" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf",
"refsource": "MISC",
"url": "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf"
},
{
"name": "96457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96457"
},
{
"name": "https://www.vusec.net/projects/anc",
"refsource": "MISC",
"url": "https://www.vusec.net/projects/anc"
}
]
}
}