admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 21:32:34 +00:00
parent ca5333b894
commit 78984c676e
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
48 changed files with 3301 additions and 3301 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
2006/5xxx/CVE-2006-5219.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5219", "ID": "CVE-2006-5219",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in blog/index.php in the blog module in Moodle 1.6.2 allows remote attackers to execute arbitrary SQL commands via a double-encoded tag parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061008 SQL injection - moodle", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/448023/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in blog/index.php in the blog module in Moodle 1.6.2 allows remote attackers to execute arbitrary SQL commands via a double-encoded tag parameter."
{ }
"name" : "20061009 Re: [Full-disclosure] SQL injection - moodle", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/448018/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20061008 SQL injection - moodle", "description": [
"refsource" : "FULLDISC", {
"url" : "http://marc.info/?l=full-disclosure&m=116034301209228&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://cvs.moodle.com/blog/index.php?r1=1.18.2.2&r2=1.18.2.3", ]
"refsource" : "MISC", }
"url" : "http://cvs.moodle.com/blog/index.php?r1=1.18.2.2&r2=1.18.2.3" ]
}, },
{ "references": {
"name" : "20395", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/20395" "name": "20061009 Re: [Full-disclosure] SQL injection - moodle",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/448018/100/0/threaded"
"name" : "ADV-2006-3957", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3957" "name": "http://cvs.moodle.com/blog/index.php?r1=1.18.2.2&r2=1.18.2.3",
}, "refsource": "MISC",
{ "url": "http://cvs.moodle.com/blog/index.php?r1=1.18.2.2&r2=1.18.2.3"
"name" : "22309", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22309" "name": "moodle-index-sql-injection(29377)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29377"
"name" : "1699", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1699" "name": "22309",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22309"
"name" : "moodle-index-sql-injection(29377)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29377" "name": "ADV-2006-3957",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/3957"
} },
} {
"name": "20061008 SQL injection - moodle",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=116034301209228&w=2"
},
{
"name": "20395",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20395"
},
{
"name": "1699",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1699"
},
{
"name": "20061008 SQL injection - moodle",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448023/100/0/threaded"
}
]
}
}

170
2006/5xxx/CVE-2006-5957.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-5957", "ID": "CVE-2006-5957",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Multiple SQL injection vulnerabilities in INFINICART allow remote attackers to execute arbitrary SQL commands via the (1) groupid parameter in (a) browse_group.asp, (2) productid parameter in (b) added_to_cart.asp, and (3) catid and (4) subid parameter in (c) browsesubcat.asp. NOTE: the vendor has disputed this report, saying \"The vulnerabilities mentioned were never present in our official released products but only in the unofficial demo version. However we do appreciate the information. We have update our demo version and made sure all those vulnerabilities are fixed.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061112 infinicart [ multiples injection sql & xss (post) ]", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/451322/100/0/threaded" "lang": "eng",
}, "value": "** DISPUTED ** Multiple SQL injection vulnerabilities in INFINICART allow remote attackers to execute arbitrary SQL commands via the (1) groupid parameter in (a) browse_group.asp, (2) productid parameter in (b) added_to_cart.asp, and (3) catid and (4) subid parameter in (c) browsesubcat.asp. NOTE: the vendor has disputed this report, saying \"The vulnerabilities mentioned were never present in our official released products but only in the unofficial demo version. However we do appreciate the information. We have update our demo version and made sure all those vulnerabilities are fixed.\""
{ }
"name" : "20061206 Vendor dispute: infinicart (CVE-2006-5957)", ]
"refsource" : "VIM", },
"url" : "http://www.attrition.org/pipermail/vim/2006-December/001162.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "21043", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/21043" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-4501", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/4501" ]
}, },
{ "references": {
"name" : "22865", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22865" "name": "21043",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/21043"
"name" : "1881", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1881" "name": "20061112 infinicart [ multiples injection sql & xss (post) ]",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/451322/100/0/threaded"
} },
} {
"name": "ADV-2006-4501",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4501"
},
{
"name": "22865",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22865"
},
{
"name": "20061206 Vendor dispute: infinicart (CVE-2006-5957)",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-December/001162.html"
},
{
"name": "1881",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1881"
}
]
}
}

34
2007/2xxx/CVE-2007-2515.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2515", "ID": "CVE-2007-2515",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

270
2007/2xxx/CVE-2007-2829.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-2829", "ID": "CVE-2007-2829",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The 802.11 network stack in net80211/ieee80211_input.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system hang) via a crafted length field in nested 802.3 Ethernet frames in Fast Frame packets, which results in a NULL pointer dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070606 FLEA-2007-0021-2: madwifi", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/470674/100/100/threaded" "lang": "eng",
}, "value": "The 802.11 network stack in net80211/ieee80211_input.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system hang) via a crafted length field in nested 802.3 Ethernet frames in Fast Frame packets, which results in a NULL pointer dereference."
{ }
"name" : "http://madwifi.org/ticket/1335", ]
"refsource" : "CONFIRM", },
"url" : "http://madwifi.org/ticket/1335" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://madwifi.org/wiki/Security", "description": [
"refsource" : "CONFIRM", {
"url" : "http://madwifi.org/wiki/Security" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-200706-04", ]
"refsource" : "GENTOO", }
"url" : "http://security.gentoo.org/glsa/glsa-200706-04.xml" ]
}, },
{ "references": {
"name" : "MDKSA-2007:132", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:132" "name": "USN-479-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-479-1"
"name" : "SUSE-SR:2007:014", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2007_14_sr.html" "name": "GLSA-200706-04",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200706-04.xml"
"name" : "USN-479-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-479-1" "name": "25339",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/25339"
"name" : "24114", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/24114" "name": "24114",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/24114"
"name" : "36635", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/36635" "name": "26083",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/26083"
"name" : "ADV-2007-1919", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/1919" "name": "25622",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/25622"
"name" : "25339", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25339" "name": "SUSE-SR:2007:014",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2007_14_sr.html"
"name" : "25622", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25622" "name": "25763",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/25763"
"name" : "25763", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25763" "name": "MDKSA-2007:132",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:132"
"name" : "25861", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25861" "name": "http://madwifi.org/wiki/Security",
}, "refsource": "CONFIRM",
{ "url": "http://madwifi.org/wiki/Security"
"name" : "26083", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26083" "name": "36635",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/36635"
"name" : "madwifi-fastframe-dos(34455)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34455" "name": "25861",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/25861"
} },
} {
"name": "ADV-2007-1919",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1919"
},
{
"name": "20070606 FLEA-2007-0021-2: madwifi",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470674/100/100/threaded"
},
{
"name": "madwifi-fastframe-dos(34455)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34455"
},
{
"name": "http://madwifi.org/ticket/1335",
"refsource": "CONFIRM",
"url": "http://madwifi.org/ticket/1335"
}
]
}
}

160
2007/3xxx/CVE-2007-3309.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3309", "ID": "CVE-2007-3309",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.2 allows remote attackers to execute arbitrary PHP code during (1) creation or (2) editing of a message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070618 ShAnKaR: Simle machines forum CAPTCHA bypass and PHP injection", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/471641/100/0/threaded" "lang": "eng",
}, "value": "Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.2 allows remote attackers to execute arbitrary PHP code during (1) creation or (2) editing of a message."
{ }
"name" : "http://securityvulns.ru/Rdocument271.html", ]
"refsource" : "MISC", },
"url" : "http://securityvulns.ru/Rdocument271.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "40433", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/40433" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1018260", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1018260" ]
}, },
{ "references": {
"name" : "smf-forummessage-code-execution(34908)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34908" "name": "1018260",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1018260"
} },
} {
"name": "20070618 ShAnKaR: Simle machines forum CAPTCHA bypass and PHP injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471641/100/0/threaded"
},
{
"name": "smf-forummessage-code-execution(34908)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34908"
},
{
"name": "http://securityvulns.ru/Rdocument271.html",
"refsource": "MISC",
"url": "http://securityvulns.ru/Rdocument271.html"
},
{
"name": "40433",
"refsource": "OSVDB",
"url": "http://osvdb.org/40433"
}
]
}
}

170
2007/3xxx/CVE-2007-3468.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3468", "ID": "CVE-2007-3468",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that causes an uninitialized i_nb_resamplers variable to be used."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070621 VLC 0.8.6b format string vulnerability & integer overflow", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/471933/100/0/threaded" "lang": "eng",
}, "value": "input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that causes an uninitialized i_nb_resamplers variable to be used."
{ }
"name" : "http://www.isecpartners.com/advisories/2007-001-vlc.txt", ]
"refsource" : "MISC", },
"url" : "http://www.isecpartners.com/advisories/2007-001-vlc.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-1332", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2007/dsa-1332" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "38992", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/38992" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:14744", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14744" "name": "20070621 VLC 0.8.6b format string vulnerability & integer overflow",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/471933/100/0/threaded"
"name" : "25980", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25980" "name": "oval:org.mitre.oval:def:14744",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14744"
} },
} {
"name": "38992",
"refsource": "OSVDB",
"url": "http://osvdb.org/38992"
},
{
"name": "http://www.isecpartners.com/advisories/2007-001-vlc.txt",
"refsource": "MISC",
"url": "http://www.isecpartners.com/advisories/2007-001-vlc.txt"
},
{
"name": "DSA-1332",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1332"
},
{
"name": "25980",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25980"
}
]
}
}

190
2007/3xxx/CVE-2007-3835.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-3835", "ID": "CVE-2007-3835",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Ex Libris MetaLib 3.13 and 4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a resource id that can be discovered through a search."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070716 ExLibris Aleph and Metalib Cross Site Scripting Attack", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/473785/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Ex Libris MetaLib 3.13 and 4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a resource id that can be discovered through a search."
{ }
"name" : "20070716 ExLibris Aleph and Metalib Cross Site Scripting Attack", ]
"refsource" : "FULLDISC", },
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064666.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://escarpment.net/exlibris.txt", "description": [
"refsource" : "MISC", {
"url" : "http://escarpment.net/exlibris.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "24978", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/24978" ]
}, },
{ "references": {
"name" : "36877", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/36877" "name": "36877",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/36877"
"name" : "26162", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26162" "name": "2889",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/2889"
"name" : "2889", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/2889" "name": "metalib-keywordsearch-xss(35431)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35431"
"name" : "metalib-keywordsearch-xss(35431)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35431" "name": "20070716 ExLibris Aleph and Metalib Cross Site Scripting Attack",
} "refsource": "FULLDISC",
] "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064666.html"
} },
} {
"name": "26162",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26162"
},
{
"name": "24978",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24978"
},
{
"name": "20070716 ExLibris Aleph and Metalib Cross Site Scripting Attack",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/473785/100/0/threaded"
},
{
"name": "http://escarpment.net/exlibris.txt",
"refsource": "MISC",
"url": "http://escarpment.net/exlibris.txt"
}
]
}
}

190
2007/6xxx/CVE-2007-6218.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6218", "ID": "CVE-2007-6218",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 pre1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) level parameter to (a) install_module.php and (b) uninstall_module.php in upload/xax/admin/modules/, (c) upload/xax/admin/patch/index.php, and (d) install_module.php and (e) uninstall_module.php in upload/xax/ossigeno/admin/; and the (2) ossigeno parameter to (f) ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php, different vectors than CVE-2007-5234."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.packetstormsecurity.org/0711-exploits/ossigeno22-rfi.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.packetstormsecurity.org/0711-exploits/ossigeno22-rfi.txt" "lang": "eng",
}, "value": "Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 pre1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) level parameter to (a) install_module.php and (b) uninstall_module.php in upload/xax/admin/modules/, (c) upload/xax/admin/patch/index.php, and (d) install_module.php and (e) uninstall_module.php in upload/xax/ossigeno/admin/; and the (2) ossigeno parameter to (f) ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php, different vectors than CVE-2007-5234."
{ }
"name" : "26654", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/26654" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "44312", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/44312" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "44313", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/44313" ]
}, },
{ "references": {
"name" : "44314", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/44314" "name": "26654",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/26654"
"name" : "44315", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/44315" "name": "http://www.packetstormsecurity.org/0711-exploits/ossigeno22-rfi.txt",
}, "refsource": "MISC",
{ "url": "http://www.packetstormsecurity.org/0711-exploits/ossigeno22-rfi.txt"
"name" : "44316", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/44316" "name": "44315",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/44315"
"name" : "44317", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/44317" "name": "44316",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/44316"
} },
} {
"name": "44314",
"refsource": "OSVDB",
"url": "http://osvdb.org/44314"
},
{
"name": "44317",
"refsource": "OSVDB",
"url": "http://osvdb.org/44317"
},
{
"name": "44313",
"refsource": "OSVDB",
"url": "http://osvdb.org/44313"
},
{
"name": "44312",
"refsource": "OSVDB",
"url": "http://osvdb.org/44312"
}
]
}
}

180
2007/6xxx/CVE-2007-6339.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6339", "ID": "CVE-2007-6339",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (DownloadManagerV2.ocx) before 2.2.3.5 allows remote attackers to force the download and execution of arbitrary code via unspecified \"undocumented object parameters.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080430 Akamai Download Manager Arbitrary Program Execution Vulnerability", "description_data": [
"refsource" : "IDEFENSE", {
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=695" "lang": "eng",
}, "value": "The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (DownloadManagerV2.ocx) before 2.2.3.5 allows remote attackers to force the download and execution of arbitrary code via unspecified \"undocumented object parameters.\""
{ }
"name" : "20080430 Akamai Technologies Security Advisory 2008-0001 (Download Manager)", ]
"refsource" : "FULLDISC", },
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061923.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "28993", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/28993" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2008-1408", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2008/1408/references" ]
}, },
{ "references": {
"name" : "1019955", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1019955" "name": "30037",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30037"
"name" : "30037", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30037" "name": "1019955",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1019955"
"name" : "akamai-download-code-execution(42117)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42117" "name": "20080430 Akamai Download Manager Arbitrary Program Execution Vulnerability",
} "refsource": "IDEFENSE",
] "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=695"
} },
} {
"name": "20080430 Akamai Technologies Security Advisory 2008-0001 (Download Manager)",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061923.html"
},
{
"name": "ADV-2008-1408",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1408/references"
},
{
"name": "28993",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28993"
},
{
"name": "akamai-download-code-execution(42117)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42117"
}
]
}
}

200
2007/6xxx/CVE-2007-6433.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6433", "ID": "CVE-2007-6433",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://jira.jboss.com/jira/browse/JBSEAM-2084", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://jira.jboss.com/jira/browse/JBSEAM-2084" "lang": "eng",
}, "value": "The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter."
{ }
"name" : "http://sourceforge.net/project/shownotes.php?release_id=549490&group_id=22866", ]
"refsource" : "CONFIRM", },
"url" : "http://sourceforge.net/project/shownotes.php?release_id=549490&group_id=22866" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2008:0158", "description": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0158.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2008:0151", ]
"refsource" : "REDHAT", }
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0151.html" ]
}, },
{ "references": {
"name" : "RHSA-2008:0213", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0213.html" "name": "http://sourceforge.net/project/shownotes.php?release_id=549490&group_id=22866",
}, "refsource": "CONFIRM",
{ "url": "http://sourceforge.net/project/shownotes.php?release_id=549490&group_id=22866"
"name" : "26850", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/26850" "name": "RHSA-2008:0213",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0213.html"
"name" : "ADV-2007-4215", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/4215" "name": "RHSA-2008:0151",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0151.html"
"name" : "42631", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/42631" "name": "http://jira.jboss.com/jira/browse/JBSEAM-2084",
}, "refsource": "CONFIRM",
{ "url": "http://jira.jboss.com/jira/browse/JBSEAM-2084"
"name" : "28077", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28077" "name": "26850",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/26850"
} },
} {
"name": "42631",
"refsource": "OSVDB",
"url": "http://osvdb.org/42631"
},
{
"name": "ADV-2007-4215",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4215"
},
{
"name": "RHSA-2008:0158",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0158.html"
},
{
"name": "28077",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28077"
}
]
}
}

130
2007/6xxx/CVE-2007-6754.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2007-6754", "ID": "CVE-2007-6754",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD does not properly allocate memory, which makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, related to \"integer rounding and overflow\" errors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/", "description_data": [
"refsource" : "MISC", {
"url" : "http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/" "lang": "eng",
}, "value": "The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD does not properly allocate memory, which makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, related to \"integer rounding and overflow\" errors."
{ }
"name" : "http://svnweb.freebsd.org/base?view=revision&revision=167872", ]
"refsource" : "CONFIRM", },
"url" : "http://svnweb.freebsd.org/base?view=revision&revision=167872" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://svnweb.freebsd.org/base?view=revision&revision=167872",
"refsource": "CONFIRM",
"url": "http://svnweb.freebsd.org/base?view=revision&revision=167872"
},
{
"name": "http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/",
"refsource": "MISC",
"url": "http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/"
}
]
}
}

270
2010/0xxx/CVE-2010-0182.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-0182", "ID": "CVE-2010-0182",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-24.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-24.html" "lang": "eng",
}, "value": "The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=490790", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=490790" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.avaya.com/css/P8/documents/100091069", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/css/P8/documents/100091069" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MDVSA-2010:070", ]
"refsource" : "MANDRIVA", }
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:070" ]
}, },
{ "references": {
"name" : "RHSA-2010:0500", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0500.html" "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-24.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-24.html"
"name" : "RHSA-2010:0501", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0501.html" "name": "39397",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/39397"
"name" : "SUSE-SR:2010:013", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" "name": "RHSA-2010:0501",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0501.html"
"name" : "USN-921-1", },
"refsource" : "UBUNTU", {
"url" : "http://ubuntu.com/usn/usn-921-1" "name": "ADV-2010-1557",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1557"
"name" : "39479", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/39479" "name": "39479",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/39479"
"name" : "oval:org.mitre.oval:def:7618", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7618" "name": "USN-921-1",
}, "refsource": "UBUNTU",
{ "url": "http://ubuntu.com/usn/usn-921-1"
"name" : "oval:org.mitre.oval:def:9375", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9375" "name": "oval:org.mitre.oval:def:7618",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7618"
"name" : "39397", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39397" "name": "SUSE-SR:2010:013",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
"name" : "ADV-2010-0748", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0748" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=490790",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=490790"
"name" : "ADV-2010-0849", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0849" "name": "RHSA-2010:0500",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0500.html"
"name" : "ADV-2010-1557", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1557" "name": "MDVSA-2010:070",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:070"
"name" : "firefox-xmldocumentload-weak-security(57396)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57396" "name": "firefox-xmldocumentload-weak-security(57396)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57396"
} },
} {
"name": "ADV-2010-0748",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0748"
},
{
"name": "ADV-2010-0849",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0849"
},
{
"name": "oval:org.mitre.oval:def:9375",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9375"
},
{
"name": "http://support.avaya.com/css/P8/documents/100091069",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100091069"
}
]
}
}

170
2010/0xxx/CVE-2010-0516.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2010-0516", "ID": "CVE-2010-0516",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding, which triggers memory corruption when the length of decompressed data exceeds that of the allocated heap chunk."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100402 ZDI-10-040: Apple QuickTime RLE Bit Depth Remote Code Execution Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/510513/100/0/threaded" "lang": "eng",
}, "value": "Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding, which triggers memory corruption when the length of decompressed data exceeds that of the allocated heap chunk."
{ }
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-040", ]
"refsource" : "MISC", },
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-040" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT4077", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4077" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2010-03-29-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2010-03-30-1", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html" "name": "oval:org.mitre.oval:def:7062",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7062"
"name" : "oval:org.mitre.oval:def:7062", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7062" "name": "20100402 ZDI-10-040: Apple QuickTime RLE Bit Depth Remote Code Execution Vulnerability",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/510513/100/0/threaded"
} },
} {
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "APPLE-SA-2010-03-30-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-040",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-040"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
}
]
}
}

170
2010/1xxx/CVE-2010-1344.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-1344", "ID": "CVE-2010-1344",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the fid parameter in a detail action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/1003-exploits/joomlackforms-lfisql.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/1003-exploits/joomlackforms-lfisql.txt" "lang": "eng",
}, "value": "SQL injection vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the fid parameter in a detail action to index.php."
{ }
"name" : "11785", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/11785" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "38785", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/38785" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "63032", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/63032" ]
}, },
{ "references": {
"name" : "38976", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38976" "name": "38976",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38976"
"name" : "ckforms-index-sql-injection(56988)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56988" "name": "http://packetstormsecurity.org/1003-exploits/joomlackforms-lfisql.txt",
} "refsource": "MISC",
] "url": "http://packetstormsecurity.org/1003-exploits/joomlackforms-lfisql.txt"
} },
} {
"name": "11785",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11785"
},
{
"name": "63032",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/63032"
},
{
"name": "ckforms-index-sql-injection(56988)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56988"
},
{
"name": "38785",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38785"
}
]
}
}

270
2010/1xxx/CVE-2010-1399.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2010-1399", "ID": "CVE-2010-1399",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT4196", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4196" "lang": "eng",
}, "value": "WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document."
{ }
"name" : "http://support.apple.com/kb/HT4220", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT4220" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT4225", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4225" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2010-06-07-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2010-06-16-1", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html" "name": "http://support.apple.com/kb/HT4220",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4220"
"name" : "APPLE-SA-2010-06-21-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" "name": "43068",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43068"
"name" : "SUSE-SR:2011:002", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" "name": "ADV-2011-0212",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0212"
"name" : "40620", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/40620" "name": "http://support.apple.com/kb/HT4225",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4225"
"name" : "oval:org.mitre.oval:def:6709", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6709" "name": "APPLE-SA-2010-06-07-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html"
"name" : "1024067", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1024067" "name": "40196",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/40196"
"name" : "40105", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40105" "name": "40105",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/40105"
"name" : "40196", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40196" "name": "ADV-2010-1373",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1373"
"name" : "43068", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43068" "name": "oval:org.mitre.oval:def:6709",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6709"
"name" : "ADV-2010-1373", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1373" "name": "APPLE-SA-2010-06-16-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html"
"name" : "ADV-2010-1512", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1512" "name": "SUSE-SR:2011:002",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
"name" : "ADV-2011-0212", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0212" "name": "ADV-2010-1512",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2010/1512"
} },
} {
"name": "40620",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40620"
},
{
"name": "1024067",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024067"
},
{
"name": "http://support.apple.com/kb/HT4196",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4196"
},
{
"name": "APPLE-SA-2010-06-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
}
]
}
}

190
2010/1xxx/CVE-2010-1509.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID" : "CVE-2010-1509", "ID": "CVE-2010-1509",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IrfanView before 4.27 does not properly handle an unspecified integer variable during processing of PSD images, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow, related to a \"sign-extension error.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100512 Secunia Research: IrfanView PSD Image Parsing Sign-Extension Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/511274/100/0/threaded" "lang": "eng",
}, "value": "IrfanView before 4.27 does not properly handle an unspecified integer variable during processing of PSD images, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow, related to a \"sign-extension error.\""
{ }
"name" : "http://secunia.com/secunia_research/2010-41", ]
"refsource" : "MISC", },
"url" : "http://secunia.com/secunia_research/2010-41" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://irfanview.com/main_history.htm", "description": [
"refsource" : "CONFIRM", {
"url" : "http://irfanview.com/main_history.htm" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "40104", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/40104" ]
}, },
{ "references": {
"name" : "64627", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/64627" "name": "http://secunia.com/secunia_research/2010-41",
}, "refsource": "MISC",
{ "url": "http://secunia.com/secunia_research/2010-41"
"name" : "oval:org.mitre.oval:def:6705", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6705" "name": "20100512 Secunia Research: IrfanView PSD Image Parsing Sign-Extension Vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/511274/100/0/threaded"
"name" : "39036", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39036" "name": "39036",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/39036"
"name" : "irfanview-psd-bo(58548)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58548" "name": "64627",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/64627"
} },
} {
"name": "oval:org.mitre.oval:def:6705",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6705"
},
{
"name": "40104",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40104"
},
{
"name": "http://irfanview.com/main_history.htm",
"refsource": "CONFIRM",
"url": "http://irfanview.com/main_history.htm"
},
{
"name": "irfanview-psd-bo(58548)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58548"
}
]
}
}

34
2010/1xxx/CVE-2010-1826.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-1826", "ID": "CVE-2010-1826",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

200
2014/0xxx/CVE-2014-0019.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-0019", "ID": "CVE-2014-0019",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20140128 Socat security advisory 5 - PROXY-CONNECT address overflow", "description_data": [
"refsource" : "MLIST", {
"url" : "http://seclists.org/oss-sec/2014/q1/159" "lang": "eng",
}, "value": "Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line."
{ }
"name" : "http://www.dest-unreach.org/socat/contrib/socat-secadv5.txt", ]
"refsource" : "MISC", },
"url" : "http://www.dest-unreach.org/socat/contrib/socat-secadv5.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.dest-unreach.org/socat", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.dest-unreach.org/socat" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2014-1795", ]
"refsource" : "FEDORA", }
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128229.html" ]
}, },
{ "references": {
"name" : "FEDORA-2014-1811", "reference_data": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128190.html" "name": "FEDORA-2014-1795",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128229.html"
"name" : "MDVSA-2014:033", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:033" "name": "MDVSA-2014:033",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:033"
"name" : "openSUSE-SU-2015:0760", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2015-04/msg00043.html" "name": "65201",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/65201"
"name" : "65201", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/65201" "name": "102612",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/102612"
"name" : "102612", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/102612" "name": "[oss-security] 20140128 Socat security advisory 5 - PROXY-CONNECT address overflow",
} "refsource": "MLIST",
] "url": "http://seclists.org/oss-sec/2014/q1/159"
} },
} {
"name": "http://www.dest-unreach.org/socat",
"refsource": "CONFIRM",
"url": "http://www.dest-unreach.org/socat"
},
{
"name": "http://www.dest-unreach.org/socat/contrib/socat-secadv5.txt",
"refsource": "MISC",
"url": "http://www.dest-unreach.org/socat/contrib/socat-secadv5.txt"
},
{
"name": "openSUSE-SU-2015:0760",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00043.html"
},
{
"name": "FEDORA-2014-1811",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128190.html"
}
]
}
}

140
2014/0xxx/CVE-2014-0129.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2014-0129", "ID": "CVE-2014-0129",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6.2 does not properly track the user to whom a badge was issued, which allows remote authenticated users to modify the visibility of an arbitrary badge via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20140317 Moodle security notifications public", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2014/03/17/1" "lang": "eng",
}, "value": "badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6.2 does not properly track the user to whom a badge was issued, which allows remote authenticated users to modify the visibility of an arbitrary badge via unspecified vectors."
{ }
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44140", ]
"refsource" : "CONFIRM", },
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44140" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://moodle.org/mod/forum/discuss.php?d=256424", "description": [
"refsource" : "CONFIRM", {
"url" : "https://moodle.org/mod/forum/discuss.php?d=256424" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140317 Moodle security notifications public",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/03/17/1"
},
{
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44140",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44140"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=256424",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=256424"
}
]
}
}

240
2014/0xxx/CVE-2014-0382.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2014-0382", "ID": "CVE-2014-0382",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect availability via unknown vectors related to JavaFX."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect availability via unknown vectors related to JavaFX."
{ }
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777", ]
"refsource" : "CONFIRM", },
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "HPSBUX02972", "description": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SSRT101454", ]
"refsource" : "HP", }
"url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2" ]
}, },
{ "references": {
"name" : "RHSA-2014:0030", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0030.html" "name": "56484",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/56484"
"name" : "64758", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/64758" "name": "56535",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/56535"
"name" : "64936", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/64936" "name": "RHSA-2014:0030",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2014-0030.html"
"name" : "102026", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/102026" "name": "56485",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/56485"
"name" : "1029608", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1029608" "name": "oracle-cpujan2014-cve20140382(90355)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90355"
"name" : "56484", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56484" "name": "SSRT101454",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2"
"name" : "56485", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56485" "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777",
}, "refsource": "CONFIRM",
{ "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777"
"name" : "56535", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56535" "name": "HPSBUX02972",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2"
"name" : "oracle-cpujan2014-cve20140382(90355)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90355" "name": "1029608",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1029608"
} },
} {
"name": "64758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64758"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name": "64936",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64936"
},
{
"name": "102026",
"refsource": "OSVDB",
"url": "http://osvdb.org/102026"
}
]
}
}

140
2014/0xxx/CVE-2014-0512.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2014-0512", "ID": "CVE-2014-0512",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://twitter.com/thezdi/statuses/443827076580122624", "description_data": [
"refsource" : "MISC", {
"url" : "http://twitter.com/thezdi/statuses/443827076580122624" "lang": "eng",
}, "value": "Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014."
{ }
"name" : "http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/", ]
"refsource" : "MISC", },
"url" : "http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://helpx.adobe.com/security/products/reader/apsb14-15.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://helpx.adobe.com/security/products/reader/apsb14-15.html" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/",
"refsource": "MISC",
"url": "http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/"
},
{
"name": "http://helpx.adobe.com/security/products/reader/apsb14-15.html",
"refsource": "CONFIRM",
"url": "http://helpx.adobe.com/security/products/reader/apsb14-15.html"
},
{
"name": "http://twitter.com/thezdi/statuses/443827076580122624",
"refsource": "MISC",
"url": "http://twitter.com/thezdi/statuses/443827076580122624"
}
]
}
}

170
2014/0xxx/CVE-2014-0682.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2014-0682", "ID": "CVE-2014-0682",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco WebEx Meetings Server allows remote authenticated users to bypass authorization checks and (1) join arbitrary meetings, or (2) terminate a meeting without having a host role, via a crafted URL, aka Bug ID CSCuj42346."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32618", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32618" "lang": "eng",
}, "value": "Cisco WebEx Meetings Server allows remote authenticated users to bypass authorization checks and (1) join arbitrary meetings, or (2) terminate a meeting without having a host role, via a crafted URL, aka Bug ID CSCuj42346."
{ }
"name" : "20140128 Cisco WebEx Meetings Server Unauthorized Meeting Actions Vulnerability", ]
"refsource" : "CISCO", },
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0682" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "65198", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/65198" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "102590", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/102590" ]
}, },
{ "references": {
"name" : "1029700", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1029700" "name": "65198",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/65198"
"name" : "56668", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56668" "name": "1029700",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1029700"
} },
} {
"name": "102590",
"refsource": "OSVDB",
"url": "http://osvdb.org/102590"
},
{
"name": "20140128 Cisco WebEx Meetings Server Unauthorized Meeting Actions Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0682"
},
{
"name": "56668",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56668"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32618",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32618"
}
]
}
}

190
2014/1xxx/CVE-2014-1893.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-1893", "ID": "CVE-2014-1893",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1894."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20140207 Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2014/02/07/4" "lang": "eng",
}, "value": "Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1894."
{ }
"name" : "[oss-security] 20140207 Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2014/02/07/12" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20140210 Xen Security Advisory 84 (CVE-2014-1891,CVE-2014-1892,CVE-2014-1893,CVE-2014-1894) - integer overflow in several XSM/Flask hypercalls", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2014/02/10/8" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://xenbits.xen.org/xsa/advisory-84.html", ]
"refsource" : "CONFIRM", }
"url" : "http://xenbits.xen.org/xsa/advisory-84.html" ]
}, },
{ "references": {
"name" : "GLSA-201407-03", "reference_data": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201407-03.xml" "name": "SUSE-SU-2014:0373",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html"
"name" : "SUSE-SU-2014:0372", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html" "name": "[oss-security] 20140210 Xen Security Advisory 84 (CVE-2014-1891,CVE-2014-1892,CVE-2014-1893,CVE-2014-1894) - integer overflow in several XSM/Flask hypercalls",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2014/02/10/8"
"name" : "SUSE-SU-2014:0373", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html" "name": "http://xenbits.xen.org/xsa/advisory-84.html",
}, "refsource": "CONFIRM",
{ "url": "http://xenbits.xen.org/xsa/advisory-84.html"
"name" : "SUSE-SU-2014:0446", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" "name": "[oss-security] 20140207 Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2014/02/07/4"
} },
} {
"name": "GLSA-201407-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201407-03.xml"
},
{
"name": "SUSE-SU-2014:0372",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html"
},
{
"name": "SUSE-SU-2014:0446",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
},
{
"name": "[oss-security] 20140207 Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/02/07/12"
}
]
}
}

34
2014/4xxx/CVE-2014-4482.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2014-4482", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2014-4482",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
} }
] ]
} }
} }

34
2014/4xxx/CVE-2014-4753.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-4753", "ID": "CVE-2014-4753",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2014/5xxx/CVE-2014-5005.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-5005", "ID": "CVE-2014-5005",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "34594", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/34594" "lang": "eng",
}, "value": "Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate."
{ }
"name" : "20140831 [The ManageOwnage Series, part III]: Multiple vulnerabilities / RCE in ManageEngine Desktop Central", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2014/Aug/88" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_dc9_file_upload.txt", "description": [
"refsource" : "MISC", {
"url" : "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_dc9_file_upload.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "110643", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/show/osvdb/110643" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20140831 [The ManageOwnage Series, part III]: Multiple vulnerabilities / RCE in ManageEngine Desktop Central",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Aug/88"
},
{
"name": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_dc9_file_upload.txt",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_dc9_file_upload.txt"
},
{
"name": "110643",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/110643"
},
{
"name": "34594",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/34594"
}
]
}
}

34
2014/5xxx/CVE-2014-5007.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-5007", "ID": "CVE-2014-5007",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2014/5xxx/CVE-2014-5254.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-5254", "ID": "CVE-2014-5254",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2014/5xxx/CVE-2014-5913.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-5913", "ID": "CVE-2014-5913",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Allies in War (aka com.gamelion.aiw) application 1.3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Allies in War (aka com.gamelion.aiw) application 1.3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#582497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/582497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#972337", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/972337" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "VU#972337",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/972337"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

180
2016/10xxx/CVE-2016-10093.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-10093", "ID": "CVE-2016-10093",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image, which triggers a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20170101 Re: Re: libtiff: multiple heap-based buffer overflow", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2017/01/01/12" "lang": "eng",
}, "value": "Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image, which triggers a heap-based buffer overflow."
{ }
"name" : "[oss-security] 20170101 Re: libtiff: multiple heap-based buffer overflow", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2017/01/01/10" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/", "description": [
"refsource" : "MISC", {
"url" : "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2610", ]
"refsource" : "CONFIRM", }
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2610" ]
}, },
{ "references": {
"name" : "https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec" "name": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/",
}, "refsource": "MISC",
{ "url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/"
"name" : "DSA-3762", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3762" "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2610",
}, "refsource": "CONFIRM",
{ "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2610"
"name" : "95215", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/95215" "name": "[oss-security] 20170101 Re: Re: libtiff: multiple heap-based buffer overflow",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2017/01/01/12"
} },
} {
"name": "https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec",
"refsource": "CONFIRM",
"url": "https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec"
},
{
"name": "95215",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95215"
},
{
"name": "[oss-security] 20170101 Re: libtiff: multiple heap-based buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/01/10"
},
{
"name": "DSA-3762",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3762"
}
]
}
}

120
2016/10xxx/CVE-2016-10730.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-10730", "ID": "CVE-2016-10730",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing the command line argument --star-path."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "39244", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/39244/" "lang": "eng",
} "value": "An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing the command line argument --star-path."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39244",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39244/"
}
]
}
}

140
2016/3xxx/CVE-2016-3294.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2016-3294", "ID": "CVE-2016-3294",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Edge Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3330."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS16-105", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105" "lang": "eng",
}, "value": "Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Microsoft Edge Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3330."
{ }
"name" : "92789", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/92789" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1036789", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036789" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1036789",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036789"
},
{
"name": "92789",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92789"
},
{
"name": "MS16-105",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105"
}
]
}
}

140
2016/3xxx/CVE-2016-3300.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2016-3300", "ID": "CVE-2016-3300",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Netlogon service in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 improperly establishes secure communications channels, which allows local users to gain privileges by leveraging access to a domain-joined machine, aka \"Netlogon Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS16-101", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-101" "lang": "eng",
}, "value": "The Netlogon service in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 improperly establishes secure communications channels, which allows local users to gain privileges by leveraging access to a domain-joined machine, aka \"Netlogon Elevation of Privilege Vulnerability.\""
{ }
"name" : "92296", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/92296" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1036576", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036576" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "92296",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92296"
},
{
"name": "MS16-101",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-101"
},
{
"name": "1036576",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036576"
}
]
}
}

140
2016/3xxx/CVE-2016-3870.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-3870", "ID": "CVE-2016-3870",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "omx/SimpleSoftOMXComponent.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not prevent input-port changes, which allows attackers to gain privileges via a crafted application, aka internal bug 29421804."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://source.android.com/security/bulletin/2016-09-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://source.android.com/security/bulletin/2016-09-01.html" "lang": "eng",
}, "value": "omx/SimpleSoftOMXComponent.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not prevent input-port changes, which allows attackers to gain privileges via a crafted application, aka internal bug 29421804."
{ }
"name" : "https://android.googlesource.com/platform/frameworks/av/+/1e9801783770917728b7edbdeff3d0ec09c621ac", ]
"refsource" : "CONFIRM", },
"url" : "https://android.googlesource.com/platform/frameworks/av/+/1e9801783770917728b7edbdeff3d0ec09c621ac" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1036763", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036763" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/1e9801783770917728b7edbdeff3d0ec09c621ac",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/1e9801783770917728b7edbdeff3d0ec09c621ac"
},
{
"name": "http://source.android.com/security/bulletin/2016-09-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-09-01.html"
},
{
"name": "1036763",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036763"
}
]
}
}

34
2016/8xxx/CVE-2016-8128.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-8128", "ID": "CVE-2016-8128",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2016/8xxx/CVE-2016-8274.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@huawei.com", "ASSIGNER": "psirt@huawei.com",
"ID" : "CVE-2016-8274", "ID": "CVE-2016-8274",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "HiSuite 4.0.5.300_OVE", "product_name": "HiSuite 4.0.5.300_OVE",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "HiSuite 4.0.5.300_OVE" "version_value": "HiSuite 4.0.5.300_OVE"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei PC client software HiSuite 4.0.5.300_OVE has a dynamic link library (DLL) hijack vulnerability; an attacker can make the system load malicious DLL files to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "dynamic link library (DLL) hijack"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en" "lang": "eng",
} "value": "Huawei PC client software HiSuite 4.0.5.300_OVE has a dynamic link library (DLL) hijack vulnerability; an attacker can make the system load malicious DLL files to execute arbitrary code."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "dynamic link library (DLL) hijack"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160905-01-hisuite-en"
}
]
}
}

130
2016/8xxx/CVE-2016-8378.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2016-8378", "ID": "CVE-2016-8378",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Lynxspring JENEsys BAS Bridge 1.1.8 and older", "product_name": "Lynxspring JENEsys BAS Bridge 1.1.8 and older",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Lynxspring JENEsys BAS Bridge 1.1.8 and older" "version_value": "Lynxspring JENEsys BAS Bridge 1.1.8 and older"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application's database lacks sufficient safeguards for protecting credentials."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Lynxspring JENEsys BAS Bridge lacks sufficient safeguards"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01" "lang": "eng",
}, "value": "An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application's database lacks sufficient safeguards for protecting credentials."
{ }
"name" : "94344", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/94344" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Lynxspring JENEsys BAS Bridge lacks sufficient safeguards"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94344",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94344"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01"
}
]
}
}

130
2016/8xxx/CVE-2016-8438.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2016-8438", "ID": "CVE-2016-8438",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Kernel-3.18" "version_value": "Kernel-3.18"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow leading to a TOCTOU condition in hypervisor PIL. An integer overflow exposes a race condition that may be used to bypass (Peripheral Image Loader) PIL authentication. Product: Android. Versions: Kernel 3.18. Android ID: A-31624565. References: QC-CR#1023638."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Integer Overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-01-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-01-01.html" "lang": "eng",
}, "value": "Integer overflow leading to a TOCTOU condition in hypervisor PIL. An integer overflow exposes a race condition that may be used to bypass (Peripheral Image Loader) PIL authentication. Product: Android. Versions: Kernel 3.18. Android ID: A-31624565. References: QC-CR#1023638."
{ }
"name" : "95227", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95227" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Integer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-01-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-01-01.html"
},
{
"name": "95227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95227"
}
]
}
}

152
2016/9xxx/CVE-2016-9070.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@mozilla.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2016-9070", "ID": "CVE-2016-9070",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Firefox", "product_name": "Firefox",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "50" "version_value": "50"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Mozilla" "vendor_name": "Mozilla"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox < 50."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Sidebar bookmark can have reference to chrome window"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1281071", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1281071" "lang": "eng",
}, "value": "A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox < 50."
{ }
"name" : "https://www.mozilla.org/security/advisories/mfsa2016-89/", ]
"refsource" : "CONFIRM", },
"url" : "https://www.mozilla.org/security/advisories/mfsa2016-89/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "94337", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/94337" "lang": "eng",
}, "value": "Sidebar bookmark can have reference to chrome window"
{ }
"name" : "1037298", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1037298" ]
} },
] "references": {
} "reference_data": [
} {
"name": "94337",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94337"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1281071",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1281071"
},
{
"name": "1037298",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037298"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-89/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
}
]
}
}

34
2016/9xxx/CVE-2016-9232.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-9232", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-9232",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

170
2016/9xxx/CVE-2016-9448.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-9448", "ID": "CVE-2016-9448",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII to values that access 0-byte arrays. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9297."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20161118 Re: CVE-2016-9297 LibTIFF regression", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/11/18/15" "lang": "eng",
}, "value": "The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII to values that access 0-byte arrays. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9297."
{ }
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2593", ]
"refsource" : "MISC", },
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2593" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-3762", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3762" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201701-16", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201701-16" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2016:3035", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html" "name": "openSUSE-SU-2016:3035",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html"
"name" : "94420", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/94420" "name": "GLSA-201701-16",
} "refsource": "GENTOO",
] "url": "https://security.gentoo.org/glsa/201701-16"
} },
} {
"name": "94420",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94420"
},
{
"name": "[oss-security] 20161118 Re: CVE-2016-9297 LibTIFF regression",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/18/15"
},
{
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2593",
"refsource": "MISC",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2593"
},
{
"name": "DSA-3762",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3762"
}
]
}
}

220
2016/9xxx/CVE-2016-9467.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"ID" : "CVE-2016-9467", "ID": "CVE-2016-9467",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2", "product_name": "Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2" "version_value": "Nextcloud Server & ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "User Interface (UI) Misrepresentation of Critical Information (CWE-451)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/nextcloud/server/commit/1352365e8bf5ea49da3dc82b1ccf7ddb659ae960", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/nextcloud/server/commit/1352365e8bf5ea49da3dc82b1ccf7ddb659ae960" "lang": "eng",
}, "value": "Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user."
{ }
"name" : "https://github.com/nextcloud/server/commit/5dd211cc8845fd4533966bf8d7a7f2a6359ea013", ]
"refsource" : "MISC", },
"url" : "https://github.com/nextcloud/server/commit/5dd211cc8845fd4533966bf8d7a7f2a6359ea013" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/nextcloud/server/commit/778ae8abd54c378fc4781394bbedc7a2ee3095e1", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/nextcloud/server/commit/778ae8abd54c378fc4781394bbedc7a2ee3095e1" "lang": "eng",
}, "value": "User Interface (UI) Misrepresentation of Critical Information (CWE-451)"
{ }
"name" : "https://github.com/nextcloud/server/commit/c3ae21fef2880c9fe44e8fdbe1262ac7f9716f14", ]
"refsource" : "MISC", }
"url" : "https://github.com/nextcloud/server/commit/c3ae21fef2880c9fe44e8fdbe1262ac7f9716f14" ]
}, },
{ "references": {
"name" : "https://github.com/nextcloud/server/commit/df50e967dbd27b13875625b7dd3189294619b071", "reference_data": [
"refsource" : "MISC", {
"url" : "https://github.com/nextcloud/server/commit/df50e967dbd27b13875625b7dd3189294619b071" "name": "https://github.com/nextcloud/server/commit/5dd211cc8845fd4533966bf8d7a7f2a6359ea013",
}, "refsource": "MISC",
{ "url": "https://github.com/nextcloud/server/commit/5dd211cc8845fd4533966bf8d7a7f2a6359ea013"
"name" : "https://github.com/nextcloud/server/commit/ed0f0db5fa0aff04594cb0f973ae4c22b17a175a", },
"refsource" : "MISC", {
"url" : "https://github.com/nextcloud/server/commit/ed0f0db5fa0aff04594cb0f973ae4c22b17a175a" "name": "https://github.com/nextcloud/server/commit/ed0f0db5fa0aff04594cb0f973ae4c22b17a175a",
}, "refsource": "MISC",
{ "url": "https://github.com/nextcloud/server/commit/ed0f0db5fa0aff04594cb0f973ae4c22b17a175a"
"name" : "https://github.com/owncloud/core/commit/768221fcf3c526c65d85f62b0efa2da5ea00bf2d", },
"refsource" : "MISC", {
"url" : "https://github.com/owncloud/core/commit/768221fcf3c526c65d85f62b0efa2da5ea00bf2d" "name": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-010",
}, "refsource": "MISC",
{ "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2016-010"
"name" : "https://github.com/owncloud/core/commit/e7acbce27fa0ef1c6fe216ca67c72d86484919a4", },
"refsource" : "MISC", {
"url" : "https://github.com/owncloud/core/commit/e7acbce27fa0ef1c6fe216ca67c72d86484919a4" "name": "https://github.com/nextcloud/server/commit/df50e967dbd27b13875625b7dd3189294619b071",
}, "refsource": "MISC",
{ "url": "https://github.com/nextcloud/server/commit/df50e967dbd27b13875625b7dd3189294619b071"
"name" : "https://hackerone.com/reports/154827", },
"refsource" : "MISC", {
"url" : "https://hackerone.com/reports/154827" "name": "https://github.com/owncloud/core/commit/768221fcf3c526c65d85f62b0efa2da5ea00bf2d",
}, "refsource": "MISC",
{ "url": "https://github.com/owncloud/core/commit/768221fcf3c526c65d85f62b0efa2da5ea00bf2d"
"name" : "https://nextcloud.com/security/advisory/?id=nc-sa-2016-010", },
"refsource" : "MISC", {
"url" : "https://nextcloud.com/security/advisory/?id=nc-sa-2016-010" "name": "https://github.com/owncloud/core/commit/e7acbce27fa0ef1c6fe216ca67c72d86484919a4",
}, "refsource": "MISC",
{ "url": "https://github.com/owncloud/core/commit/e7acbce27fa0ef1c6fe216ca67c72d86484919a4"
"name" : "https://owncloud.org/security/advisory/?id=oc-sa-2016-020", },
"refsource" : "MISC", {
"url" : "https://owncloud.org/security/advisory/?id=oc-sa-2016-020" "name": "https://github.com/nextcloud/server/commit/c3ae21fef2880c9fe44e8fdbe1262ac7f9716f14",
} "refsource": "MISC",
] "url": "https://github.com/nextcloud/server/commit/c3ae21fef2880c9fe44e8fdbe1262ac7f9716f14"
} },
} {
"name": "https://hackerone.com/reports/154827",
"refsource": "MISC",
"url": "https://hackerone.com/reports/154827"
},
{
"name": "https://github.com/nextcloud/server/commit/1352365e8bf5ea49da3dc82b1ccf7ddb659ae960",
"refsource": "MISC",
"url": "https://github.com/nextcloud/server/commit/1352365e8bf5ea49da3dc82b1ccf7ddb659ae960"
},
{
"name": "https://github.com/nextcloud/server/commit/778ae8abd54c378fc4781394bbedc7a2ee3095e1",
"refsource": "MISC",
"url": "https://github.com/nextcloud/server/commit/778ae8abd54c378fc4781394bbedc7a2ee3095e1"
},
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2016-020",
"refsource": "MISC",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2016-020"
}
]
}
}

34
2019/2xxx/CVE-2019-2006.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2006", "ID": "CVE-2019-2006",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/2xxx/CVE-2019-2350.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-2350", "ID": "CVE-2019-2350",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

132
2019/2xxx/CVE-2019-2399.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2019-2399", "ID": "CVE-2019-2399",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Communications Diameter Signaling Router (DSR)", "product_name": "Communications Diameter Signaling Router (DSR)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "8.3" "version_value": "8.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) component of Oracle Communications Applications (subcomponent: Security). The supported version that is affected is prior to 8.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Diameter Signaling Router (DSR). CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Diameter Signaling Router (DSR)."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) component of Oracle Communications Applications (subcomponent: Security). The supported version that is affected is prior to 8.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Diameter Signaling Router (DSR). CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)."
{ }
"name" : "106580", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106580" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Diameter Signaling Router (DSR)."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106580",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106580"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
}
]
}
}

34
2019/6xxx/CVE-2019-6178.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-6178", "ID": "CVE-2019-6178",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2019/6xxx/CVE-2019-6246.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-6246", "ID": "CVE-2019-6246",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in SVG++ (aka svgpp) 1.2.3. After calling the gil::get_color function in Generic Image Library in Boost, the return code is used as an address, leading to an Access Violation because of an out-of-bounds read."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/svgpp/svgpp/issues/70", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/svgpp/svgpp/issues/70" "lang": "eng",
} "value": "An issue was discovered in SVG++ (aka svgpp) 1.2.3. After calling the gil::get_color function in Generic Image Library in Boost, the return code is used as an address, leading to an Access Violation because of an out-of-bounds read."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/svgpp/svgpp/issues/70",
"refsource": "MISC",
"url": "https://github.com/svgpp/svgpp/issues/70"
}
]
}
}

34
2019/6xxx/CVE-2019-6646.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-6646", "ID": "CVE-2019-6646",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }