admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:15:06 +00:00
parent 0bb25b9ff2
commit 7dbb0fbf40
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 4045 additions and 4045 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

280
2006/0xxx/CVE-2006-0051.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0051",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through 0.7.1 allows user-assisted attackers to execute arbitrary code via long HTTP request headers when Kaffeine is \"fetching remote playlists\", which triggers the overflow in the http_peek function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-0051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060405 [Kaffeine Security Advisory] Heap based buffer overflow in http_peek()",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/430319/100/0/threaded"
},
{
"name" : "http://www.kde.org/info/security/advisory-20060404-1.txt",
"refsource" : "CONFIRM",
"url" : "http://www.kde.org/info/security/advisory-20060404-1.txt"
},
{
"name" : "DSA-1023",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1023"
},
{
"name" : "GLSA-200604-04",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-04.xml"
},
{
"name" : "MDKSA-2006:065",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:065"
},
{
"name" : "SUSE-SR:2006:008",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_08_sr.html"
},
{
"name" : "USN-268-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/268-1/"
},
{
"name" : "17372",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17372"
},
{
"name" : "ADV-2006-1229",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1229"
},
{
"name" : "1015863",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015863"
},
{
"name" : "19525",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19525"
},
{
"name" : "19540",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19540"
},
{
"name" : "19542",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19542"
},
{
"name" : "19549",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19549"
},
{
"name" : "19557",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19557"
},
{
"name" : "19571",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19571"
},
{
"name" : "kaffeine-http-peek-bo(25631)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25631"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through 0.7.1 allows user-assisted attackers to execute arbitrary code via long HTTP request headers when Kaffeine is \"fetching remote playlists\", which triggers the overflow in the http_peek function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-268-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/268-1/"
},
{
"name": "ADV-2006-1229",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1229"
},
{
"name": "http://www.kde.org/info/security/advisory-20060404-1.txt",
"refsource": "CONFIRM",
"url": "http://www.kde.org/info/security/advisory-20060404-1.txt"
},
{
"name": "19557",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19557"
},
{
"name": "17372",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17372"
},
{
"name": "MDKSA-2006:065",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:065"
},
{
"name": "DSA-1023",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1023"
},
{
"name": "1015863",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015863"
},
{
"name": "kaffeine-http-peek-bo(25631)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25631"
},
{
"name": "GLSA-200604-04",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-04.xml"
},
{
"name": "SUSE-SR:2006:008",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_08_sr.html"
},
{
"name": "19549",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19549"
},
{
"name": "19542",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19542"
},
{
"name": "19525",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19525"
},
{
"name": "19540",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19540"
},
{
"name": "20060405 [Kaffeine Security Advisory] Heap based buffer overflow in http_peek()",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430319/100/0/threaded"
},
{
"name": "19571",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19571"
}
]
}
}

130
2006/0xxx/CVE-2006-0418.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0418",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 allows attackers to execute arbitrary code via a crafted username."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060124 [ISecAuditors Advisories] Arbitrary flash code remote execution in 123flashchat",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/423164/100/0/threaded"
},
{
"name" : "16360",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16360"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 allows attackers to execute arbitrary code via a crafted username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060124 [ISecAuditors Advisories] Arbitrary flash code remote execution in 123flashchat",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423164/100/0/threaded"
},
{
"name": "16360",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16360"
}
]
}
}

270
2006/0xxx/CVE-2006-0709.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0709",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via e-mail messages with a long boundary attribute, a different vulnerability than CVE-2004-0105."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=352482",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=352482"
},
{
"name" : "DSA-995",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-995"
},
{
"name" : "GLSA-200603-16",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200603-16.xml"
},
{
"name" : "MDKSA-2006:047",
"refsource" : "MANDRIVA",
"url" : "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:047"
},
{
"name" : "RHSA-2006:0217",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0217.html"
},
{
"name" : "SUSE-SR:2006:005",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
},
{
"name" : "16611",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16611"
},
{
"name" : "ADV-2006-0565",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0565"
},
{
"name" : "1015654",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015654"
},
{
"name" : "18796",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18796"
},
{
"name" : "18987",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18987"
},
{
"name" : "19000",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19000"
},
{
"name" : "19130",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19130"
},
{
"name" : "19226",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19226"
},
{
"name" : "19304",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19304"
},
{
"name" : "metamail-boundary-bo(24702)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24702"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via e-mail messages with a long boundary attribute, a different vulnerability than CVE-2004-0105."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015654",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015654"
},
{
"name": "18796",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18796"
},
{
"name": "SUSE-SR:2006:005",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
},
{
"name": "19226",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19226"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=352482",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=352482"
},
{
"name": "GLSA-200603-16",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-16.xml"
},
{
"name": "metamail-boundary-bo(24702)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24702"
},
{
"name": "MDKSA-2006:047",
"refsource": "MANDRIVA",
"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:047"
},
{
"name": "18987",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18987"
},
{
"name": "19130",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19130"
},
{
"name": "DSA-995",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-995"
},
{
"name": "RHSA-2006:0217",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0217.html"
},
{
"name": "19000",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19000"
},
{
"name": "16611",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16611"
},
{
"name": "19304",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19304"
},
{
"name": "ADV-2006-0565",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0565"
}
]
}
}

180
2006/0xxx/CVE-2006-0804.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0804",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Off-by-one error in TIN 1.8.0 and earlier might allow attackers to execute arbitrary code via unknown vectors that trigger a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "GLSA-200611-18",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200611-18.xml"
},
{
"name" : "OpenPKG-SA-2006.005",
"refsource" : "OPENPKG",
"url" : "http://www.openpkg.org/security/OpenPKG-SA-2006.005-tin.html"
},
{
"name" : "SUSE-SR:2006:005",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
},
{
"name" : "16728",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16728"
},
{
"name" : "ADV-2006-0702",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0702"
},
{
"name" : "19130",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19130"
},
{
"name" : "tin-offbyone-bo(24841)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24841"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in TIN 1.8.0 and earlier might allow attackers to execute arbitrary code via unknown vectors that trigger a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200611-18",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200611-18.xml"
},
{
"name": "SUSE-SR:2006:005",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
},
{
"name": "ADV-2006-0702",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0702"
},
{
"name": "OpenPKG-SA-2006.005",
"refsource": "OPENPKG",
"url": "http://www.openpkg.org/security/OpenPKG-SA-2006.005-tin.html"
},
{
"name": "19130",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19130"
},
{
"name": "tin-offbyone-bo(24841)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24841"
},
{
"name": "16728",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16728"
}
]
}
}

140
2006/1xxx/CVE-2006-1624.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1624",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration of syslogd in the Linux sysklogd package does not enable the -x (disable name lookups) option, which allows remote attackers to cause a denial of service (traffic amplification) via messages with spoofed source IP addresses."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060331 DoS-ing sysklogd?",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/429618/100/0/threaded"
},
{
"name" : "20060402 RE: DoS-ing sysklogd?",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/429739/100/0/threaded"
},
{
"name" : "sysklogd-sourceip-dos(25672)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25672"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of syslogd in the Linux sysklogd package does not enable the -x (disable name lookups) option, which allows remote attackers to cause a denial of service (traffic amplification) via messages with spoofed source IP addresses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060331 DoS-ing sysklogd?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/429618/100/0/threaded"
},
{
"name": "20060402 RE: DoS-ing sysklogd?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/429739/100/0/threaded"
},
{
"name": "sysklogd-sourceip-dos(25672)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25672"
}
]
}
}

740
2006/3xxx/CVE-2006-3113.json
View File

@ -1,372 +1,372 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3113",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via simultaneous XPCOM events, which causes a timer object to be deleted in a way that triggers memory corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2006-3113",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060727 rPSA-2006-0137-1 firefox",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441333/100/0/threaded"
},
{
"name" : "20060727 Secunia Research: Mozilla Firefox XPCOM Event Handling MemoryCorruption",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441330/100/0/threaded"
},
{
"name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-46.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-46.html"
},
{
"name" : "http://secunia.com/secunia_research/2006-53/advisory/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2006-53/advisory/"
},
{
"name" : "https://issues.rpath.com/browse/RPL-536",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-536"
},
{
"name" : "https://issues.rpath.com/browse/RPL-537",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-537"
},
{
"name" : "GLSA-200608-02",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200608-02.xml"
},
{
"name" : "GLSA-200608-04",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200608-04.xml"
},
{
"name" : "GLSA-200608-03",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml"
},
{
"name" : "HPSBUX02153",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
},
{
"name" : "SSRT061181",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
},
{
"name" : "HPSBUX02156",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
},
{
"name" : "SSRT061236",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
},
{
"name" : "MDKSA-2006:143",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143"
},
{
"name" : "MDKSA-2006:145",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145"
},
{
"name" : "MDKSA-2006:146",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:146"
},
{
"name" : "RHSA-2006:0608",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0608.html"
},
{
"name" : "RHSA-2006:0610",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0610.html"
},
{
"name" : "RHSA-2006:0611",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0611.html"
},
{
"name" : "RHSA-2006:0609",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2006-0609.html"
},
{
"name" : "RHSA-2006:0594",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0594.html"
},
{
"name" : "20060703-01-P",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc"
},
{
"name" : "SUSE-SA:2006:048",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html"
},
{
"name" : "USN-327-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/327-1/"
},
{
"name" : "USN-329-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/329-1/"
},
{
"name" : "USN-350-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-350-1"
},
{
"name" : "USN-354-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-354-1"
},
{
"name" : "TA06-208A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-208A.html"
},
{
"name" : "VU#239124",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/239124"
},
{
"name" : "19181",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19181"
},
{
"name" : "19197",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19197"
},
{
"name" : "oval:org.mitre.oval:def:10261",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10261"
},
{
"name" : "ADV-2006-2998",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2998"
},
{
"name" : "ADV-2006-3748",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3748"
},
{
"name" : "ADV-2006-3749",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3749"
},
{
"name" : "ADV-2008-0083",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name" : "1016586",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016586"
},
{
"name" : "1016587",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016587"
},
{
"name" : "1016588",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016588"
},
{
"name" : "19873",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19873"
},
{
"name" : "21216",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21216"
},
{
"name" : "21228",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21228"
},
{
"name" : "21229",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21229"
},
{
"name" : "21246",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21246"
},
{
"name" : "21243",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21243"
},
{
"name" : "21269",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21269"
},
{
"name" : "21270",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21270"
},
{
"name" : "21275",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21275"
},
{
"name" : "21336",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21336"
},
{
"name" : "21358",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21358"
},
{
"name" : "21361",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21361"
},
{
"name" : "21250",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21250"
},
{
"name" : "21262",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21262"
},
{
"name" : "21343",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21343"
},
{
"name" : "21529",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21529"
},
{
"name" : "21532",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21532"
},
{
"name" : "21607",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21607"
},
{
"name" : "21631",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21631"
},
{
"name" : "22055",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22055"
},
{
"name" : "22210",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22210"
},
{
"name" : "22065",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22065"
},
{
"name" : "22066",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22066"
},
{
"name" : "mozilla-xpcom-memory-corruption(27982)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27982"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via simultaneous XPCOM events, which causes a timer object to be deleted in a way that triggers memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#239124",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/239124"
},
{
"name": "21243",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21243"
},
{
"name": "RHSA-2006:0608",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0608.html"
},
{
"name": "GLSA-200608-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200608-02.xml"
},
{
"name": "MDKSA-2006:145",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145"
},
{
"name": "http://secunia.com/secunia_research/2006-53/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2006-53/advisory/"
},
{
"name": "ADV-2006-3748",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3748"
},
{
"name": "19181",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19181"
},
{
"name": "TA06-208A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-208A.html"
},
{
"name": "22055",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22055"
},
{
"name": "mozilla-xpcom-memory-corruption(27982)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27982"
},
{
"name": "ADV-2006-2998",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2998"
},
{
"name": "20060727 rPSA-2006-0137-1 firefox",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441333/100/0/threaded"
},
{
"name": "21529",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21529"
},
{
"name": "19197",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19197"
},
{
"name": "21216",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21216"
},
{
"name": "GLSA-200608-03",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml"
},
{
"name": "RHSA-2006:0594",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0594.html"
},
{
"name": "21336",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21336"
},
{
"name": "ADV-2006-3749",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3749"
},
{
"name": "20060727 Secunia Research: Mozilla Firefox XPCOM Event Handling MemoryCorruption",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441330/100/0/threaded"
},
{
"name": "RHSA-2006:0610",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0610.html"
},
{
"name": "1016588",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016588"
},
{
"name": "USN-329-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/329-1/"
},
{
"name": "MDKSA-2006:146",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:146"
},
{
"name": "RHSA-2006:0609",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0609.html"
},
{
"name": "22210",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22210"
},
{
"name": "21607",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21607"
},
{
"name": "1016586",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016586"
},
{
"name": "19873",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19873"
},
{
"name": "21262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21262"
},
{
"name": "21532",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21532"
},
{
"name": "21270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21270"
},
{
"name": "ADV-2008-0083",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0083"
},
{
"name": "USN-327-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/327-1/"
},
{
"name": "21361",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21361"
},
{
"name": "21631",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21631"
},
{
"name": "SSRT061181",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
},
{
"name": "SSRT061236",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
},
{
"name": "21275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21275"
},
{
"name": "21246",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21246"
},
{
"name": "SUSE-SA:2006:048",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html"
},
{
"name": "http://www.mozilla.org/security/announce/2006/mfsa2006-46.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-46.html"
},
{
"name": "21229",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21229"
},
{
"name": "oval:org.mitre.oval:def:10261",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10261"
},
{
"name": "1016587",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016587"
},
{
"name": "HPSBUX02153",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded"
},
{
"name": "RHSA-2006:0611",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0611.html"
},
{
"name": "21228",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21228"
},
{
"name": "21250",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21250"
},
{
"name": "USN-350-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-350-1"
},
{
"name": "HPSBUX02156",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded"
},
{
"name": "21358",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21358"
},
{
"name": "https://issues.rpath.com/browse/RPL-536",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-536"
},
{
"name": "https://issues.rpath.com/browse/RPL-537",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-537"
},
{
"name": "22066",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22066"
},
{
"name": "21269",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21269"
},
{
"name": "GLSA-200608-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200608-04.xml"
},
{
"name": "21343",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21343"
},
{
"name": "MDKSA-2006:143",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143"
},
{
"name": "22065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22065"
},
{
"name": "USN-354-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-354-1"
},
{
"name": "20060703-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc"
}
]
}
}

200
2006/3xxx/CVE-2006-3434.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3434",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-3434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBST02161",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name" : "SSRT061264",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name" : "MS06-062",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-062"
},
{
"name" : "VU#234900",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/234900"
},
{
"name" : "20382",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20382"
},
{
"name" : "ADV-2006-3981",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3981"
},
{
"name" : "oval:org.mitre.oval:def:389",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A389"
},
{
"name" : "1017034",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017034"
},
{
"name" : "22339",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22339"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#234900",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/234900"
},
{
"name": "oval:org.mitre.oval:def:389",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A389"
},
{
"name": "SSRT061264",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "ADV-2006-3981",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3981"
},
{
"name": "MS06-062",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-062"
},
{
"name": "1017034",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017034"
},
{
"name": "HPSBST02161",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "20382",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20382"
},
{
"name": "22339",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22339"
}
]
}
}

160
2006/3xxx/CVE-2006-3605.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3605",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Transition property on an uninitialized DXImageTransform.Microsoft.RevealTrans.1 ActiveX Object, which triggers a null dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://browserfun.blogspot.com/2006/07/mobb-13-revealtrans-transition.html",
"refsource" : "MISC",
"url" : "http://browserfun.blogspot.com/2006/07/mobb-13-revealtrans-transition.html"
},
{
"name" : "18960",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18960"
},
{
"name" : "ADV-2006-2793",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2793"
},
{
"name" : "27057",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27057"
},
{
"name" : "ie-revealtrans-dos(27713)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27713"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Transition property on an uninitialized DXImageTransform.Microsoft.RevealTrans.1 ActiveX Object, which triggers a null dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27057",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27057"
},
{
"name": "ie-revealtrans-dos(27713)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27713"
},
{
"name": "ADV-2006-2793",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2793"
},
{
"name": "18960",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18960"
},
{
"name": "http://browserfun.blogspot.com/2006/07/mobb-13-revealtrans-transition.html",
"refsource": "MISC",
"url": "http://browserfun.blogspot.com/2006/07/mobb-13-revealtrans-transition.html"
}
]
}
}

160
2006/3xxx/CVE-2006-3736.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3736",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in core/videodb.class.xml.php in the VideoDB component for Mambo 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3736",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2020",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2020"
},
{
"name" : "19049",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19049"
},
{
"name" : "ADV-2006-2845",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2845"
},
{
"name" : "21082",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21082"
},
{
"name" : "videodb-class-xml-file-include(27778)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27778"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in core/videodb.class.xml.php in the VideoDB component for Mambo 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19049",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19049"
},
{
"name": "ADV-2006-2845",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2845"
},
{
"name": "videodb-class-xml-file-include(27778)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27778"
},
{
"name": "2020",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2020"
},
{
"name": "21082",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21082"
}
]
}
}

180
2006/3xxx/CVE-2006-3923.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3923",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in add.php in Fire-Mouse Toplist 1.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the Seitenname parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060722 [MajorSecurity #24] Fire-Mouse TopList <=v1.1 - Cross Site Scripting",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/440859/100/100/threaded"
},
{
"name" : "http://www.majorsecurity.de/advisory/major_rls24.txt",
"refsource" : "MISC",
"url" : "http://www.majorsecurity.de/advisory/major_rls24.txt"
},
{
"name" : "19120",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19120"
},
{
"name" : "ADV-2006-2962",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2962"
},
{
"name" : "21173",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21173"
},
{
"name" : "1299",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1299"
},
{
"name" : "firemouse-toplist-add-xss(27912)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27912"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in add.php in Fire-Mouse Toplist 1.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the Seitenname parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060722 [MajorSecurity #24] Fire-Mouse TopList <=v1.1 - Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440859/100/100/threaded"
},
{
"name": "19120",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19120"
},
{
"name": "ADV-2006-2962",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2962"
},
{
"name": "http://www.majorsecurity.de/advisory/major_rls24.txt",
"refsource": "MISC",
"url": "http://www.majorsecurity.de/advisory/major_rls24.txt"
},
{
"name": "firemouse-toplist-add-xss(27912)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27912"
},
{
"name": "1299",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1299"
},
{
"name": "21173",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21173"
}
]
}
}

200
2006/4xxx/CVE-2006-4169.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4169",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin 2.0, and 2.1dev before 20070614, for Squirrelmail allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the help parameter to (1) gpg_help.php or (2) gpg_help_base.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070711 SquirrelMail G/PGP Plugin gpg_help.php Local File Inclusion Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=555"
},
{
"name" : "GLSA-200708-08",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200708-08.xml"
},
{
"name" : "24874",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24874"
},
{
"name" : "37932",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37932"
},
{
"name" : "37933",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37933"
},
{
"name" : "ADV-2007-2513",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2513"
},
{
"name" : "26035",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26035"
},
{
"name" : "26424",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26424"
},
{
"name" : "squirrelmail-gpgp-help-file-include(35362)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35362"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin 2.0, and 2.1dev before 20070614, for Squirrelmail allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the help parameter to (1) gpg_help.php or (2) gpg_help_base.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26035",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26035"
},
{
"name": "26424",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26424"
},
{
"name": "20070711 SquirrelMail G/PGP Plugin gpg_help.php Local File Inclusion Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=555"
},
{
"name": "37933",
"refsource": "OSVDB",
"url": "http://osvdb.org/37933"
},
{
"name": "37932",
"refsource": "OSVDB",
"url": "http://osvdb.org/37932"
},
{
"name": "24874",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24874"
},
{
"name": "ADV-2007-2513",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2513"
},
{
"name": "GLSA-200708-08",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200708-08.xml"
},
{
"name": "squirrelmail-gpgp-help-file-include(35362)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35362"
}
]
}
}

140
2006/4xxx/CVE-2006-4298.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4298",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in cache.php in osCommerce before 2.2 Milestone 2 060817 allow remote attackers to determine existence of arbitrary files and disclose the installation path via a .. (dot dot) in unspecified parameters in the (1) tep_cache_also_purchased, (2) tep_cache_manufacturers_box, and (3) tep_cache_categories_box functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.gulftech.org/?node=research&article_id=00110-08172006",
"refsource" : "MISC",
"url" : "http://www.gulftech.org/?node=research&article_id=00110-08172006"
},
{
"name" : "http://forums.oscommerce.com/index.php?showtopic=223556&pid=918371",
"refsource" : "CONFIRM",
"url" : "http://forums.oscommerce.com/index.php?showtopic=223556&pid=918371"
},
{
"name" : "oscommerce-cache-directory-traversal(28435)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28435"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in cache.php in osCommerce before 2.2 Milestone 2 060817 allow remote attackers to determine existence of arbitrary files and disclose the installation path via a .. (dot dot) in unspecified parameters in the (1) tep_cache_also_purchased, (2) tep_cache_manufacturers_box, and (3) tep_cache_categories_box functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.gulftech.org/?node=research&article_id=00110-08172006",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research&article_id=00110-08172006"
},
{
"name": "http://forums.oscommerce.com/index.php?showtopic=223556&pid=918371",
"refsource": "CONFIRM",
"url": "http://forums.oscommerce.com/index.php?showtopic=223556&pid=918371"
},
{
"name": "oscommerce-cache-directory-traversal(28435)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28435"
}
]
}
}

160
2006/4xxx/CVE-2006-4599.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4599",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in aut_verifica.inc.php in Autentificator 2.01 allows remote attackers to execute arbitrary SQL commands via the user parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4599",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060902 Autentificator <=2.01 SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445008/100/0/threaded"
},
{
"name" : "19813",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19813"
},
{
"name" : "ADV-2006-3442",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3442"
},
{
"name" : "21737",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21737"
},
{
"name" : "1494",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1494"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in aut_verifica.inc.php in Autentificator 2.01 allows remote attackers to execute arbitrary SQL commands via the user parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060902 Autentificator <=2.01 SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445008/100/0/threaded"
},
{
"name": "1494",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1494"
},
{
"name": "ADV-2006-3442",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3442"
},
{
"name": "21737",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21737"
},
{
"name": "19813",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19813"
}
]
}
}

260
2006/4xxx/CVE-2006-4655.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4655",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4655",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060908 [RISE-2006001] X11R6 XKEYBOARD extension Strcmp() buffer overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445579/100/0/threaded"
},
{
"name" : "http://www.risesecurity.org/advisory/RISE-2006001.txt",
"refsource" : "MISC",
"url" : "http://www.risesecurity.org/advisory/RISE-2006001.txt"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-195.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-195.htm"
},
{
"name" : "102570",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102570-1"
},
{
"name" : "19905",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19905"
},
{
"name" : "ADV-2006-3525",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3525"
},
{
"name" : "ADV-2006-3529",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3529"
},
{
"name" : "oval:org.mitre.oval:def:1798",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1798"
},
{
"name" : "1016806",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016806"
},
{
"name" : "21815",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21815"
},
{
"name" : "21845",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21845"
},
{
"name" : "21856",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21856"
},
{
"name" : "21993",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21993"
},
{
"name" : "1545",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1545"
},
{
"name" : "xorg-libx11-xkeyboard-bo(28820)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28820"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3529",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3529"
},
{
"name": "19905",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19905"
},
{
"name": "102570",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102570-1"
},
{
"name": "20060908 [RISE-2006001] X11R6 XKEYBOARD extension Strcmp() buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445579/100/0/threaded"
},
{
"name": "1016806",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016806"
},
{
"name": "21856",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21856"
},
{
"name": "ADV-2006-3525",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3525"
},
{
"name": "oval:org.mitre.oval:def:1798",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1798"
},
{
"name": "21815",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21815"
},
{
"name": "21993",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21993"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-195.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-195.htm"
},
{
"name": "1545",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1545"
},
{
"name": "21845",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21845"
},
{
"name": "http://www.risesecurity.org/advisory/RISE-2006001.txt",
"refsource": "MISC",
"url": "http://www.risesecurity.org/advisory/RISE-2006001.txt"
},
{
"name": "xorg-libx11-xkeyboard-bo(28820)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28820"
}
]
}
}

200
2010/2xxx/CVE-2010-2661.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2661",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.opera.com/docs/changelogs/mac/1054/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/mac/1054/"
},
{
"name" : "http://www.opera.com/docs/changelogs/unix/1060/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/unix/1060/"
},
{
"name" : "http://www.opera.com/docs/changelogs/windows/1054/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/windows/1054/"
},
{
"name" : "http://www.opera.com/support/search/view/960/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/support/search/view/960/"
},
{
"name" : "40973",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40973"
},
{
"name" : "oval:org.mitre.oval:def:11669",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11669"
},
{
"name" : "40250",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40250"
},
{
"name" : "ADV-2010-1529",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1529"
},
{
"name" : "ADV-2010-1673",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1673"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict access to the full pathname of a file selected for upload, which allows remote attackers to obtain potentially sensitive information via unspecified DOM manipulations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-1673",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1673"
},
{
"name": "40973",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40973"
},
{
"name": "http://www.opera.com/support/search/view/960/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/search/view/960/"
},
{
"name": "http://www.opera.com/docs/changelogs/unix/1060/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/unix/1060/"
},
{
"name": "ADV-2010-1529",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1529"
},
{
"name": "http://www.opera.com/docs/changelogs/mac/1054/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/mac/1054/"
},
{
"name": "40250",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40250"
},
{
"name": "oval:org.mitre.oval:def:11669",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11669"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/1054/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/1054/"
}
]
}
}

150
2010/2xxx/CVE-2010-2663.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2663",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via an ended event handler that changes the SRC attribute of an AUDIO element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.opera.com/docs/changelogs/mac/1060/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/mac/1060/"
},
{
"name" : "http://www.opera.com/docs/changelogs/unix/1060/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/unix/1060/"
},
{
"name" : "http://www.opera.com/docs/changelogs/windows/1060/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/windows/1060/"
},
{
"name" : "oval:org.mitre.oval:def:11170",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11170"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via an ended event handler that changes the SRC attribute of an AUDIO element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.opera.com/docs/changelogs/mac/1060/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/mac/1060/"
},
{
"name": "oval:org.mitre.oval:def:11170",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11170"
},
{
"name": "http://www.opera.com/docs/changelogs/unix/1060/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/unix/1060/"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/1060/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/1060/"
}
]
}
}

140
2010/2xxx/CVE-2010-2814.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2814",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3 before 8.3(1.6) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a sequence of crafted TLS packets, aka Bug ID CSCtf37506."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-2814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100804 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3f12f.shtml"
},
{
"name" : "42196",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/42196"
},
{
"name" : "40842",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40842"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3 before 8.3(1.6) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a sequence of crafted TLS packets, aka Bug ID CSCtf37506."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40842",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40842"
},
{
"name": "42196",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42196"
},
{
"name": "20100804 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3f12f.shtml"
}
]
}
}

130
2010/3xxx/CVE-2010-3142.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3142",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14782",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14782/"
},
{
"name" : "oval:org.mitre.oval:def:12219",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12219"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:12219",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12219"
},
{
"name": "14782",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14782/"
}
]
}
}

170
2010/3xxx/CVE-2010-3480.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3480",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15011",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15011"
},
{
"name" : "43232",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43232"
},
{
"name" : "68074",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/68074"
},
{
"name" : "41455",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41455"
},
{
"name" : "41491",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41491"
},
{
"name" : "phpmicrocms-index-file-include(61813)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61813"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41491",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41491"
},
{
"name": "43232",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43232"
},
{
"name": "15011",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15011"
},
{
"name": "phpmicrocms-index-file-include(61813)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61813"
},
{
"name": "41455",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41455"
},
{
"name": "68074",
"refsource": "OSVDB",
"url": "http://osvdb.org/68074"
}
]
}
}

160
2010/3xxx/CVE-2010-3589.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3589",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Application Object Library component in Oracle Applications 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Logout."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-3589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name" : "45861",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45861"
},
{
"name" : "42922",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42922"
},
{
"name" : "ADV-2011-0144",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0144"
},
{
"name" : "oracle-ebusiness-library-unauth-access(64781)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64781"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Application Object Library component in Oracle Applications 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Logout."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42922",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42922"
},
{
"name": "ADV-2011-0144",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0144"
},
{
"name": "oracle-ebusiness-library-unauth-access(64781)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64781"
},
{
"name": "45861",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45861"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
}
]
}
}

34
2010/3xxx/CVE-2010-3724.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3724",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2010-3724",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}

190
2010/3xxx/CVE-2010-3963.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3963",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka \"Kernel NDProxy Buffer Overflow Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-3963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS10-099",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-099"
},
{
"name" : "TA10-348A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
},
{
"name" : "45269",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45269"
},
{
"name" : "69823",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/69823"
},
{
"name" : "oval:org.mitre.oval:def:12461",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12461"
},
{
"name" : "1024881",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024881"
},
{
"name" : "42613",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42613"
},
{
"name" : "ADV-2010-3221",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3221"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka \"Kernel NDProxy Buffer Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA10-348A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
},
{
"name": "1024881",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024881"
},
{
"name": "45269",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45269"
},
{
"name": "69823",
"refsource": "OSVDB",
"url": "http://osvdb.org/69823"
},
{
"name": "oval:org.mitre.oval:def:12461",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12461"
},
{
"name": "ADV-2010-3221",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3221"
},
{
"name": "42613",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42613"
},
{
"name": "MS10-099",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-099"
}
]
}
}

170
2011/0xxx/CVE-2011-0628.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0628",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code via ActionScript that improperly handles a long array object."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2011-0628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110524 Adobe Flash Player ActionScript Integer Overflow Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=908"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-12.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-12.html"
},
{
"name" : "47961",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47961"
},
{
"name" : "oval:org.mitre.oval:def:13994",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13994"
},
{
"name" : "oval:org.mitre.oval:def:15639",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15639"
},
{
"name" : "flash-player-overflow(67638)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67638"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code via ActionScript that improperly handles a long array object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:13994",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13994"
},
{
"name": "20110524 Adobe Flash Player ActionScript Integer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=908"
},
{
"name": "47961",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47961"
},
{
"name": "oval:org.mitre.oval:def:15639",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15639"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-12.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html"
},
{
"name": "flash-player-overflow(67638)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67638"
}
]
}
}

120
2011/0xxx/CVE-2011-0819.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0819",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote attackers to affect integrity, related to Enterprise Infrastructure SEC, a different vulnerability than CVE-2011-0823."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2011-0819",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote attackers to affect integrity, related to Enterprise Infrastructure SEC, a different vulnerability than CVE-2011-0823."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
}
]
}
}

34
2011/1xxx/CVE-2011-1075.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1075",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1075",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

210
2011/1xxx/CVE-2011-1094.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1094",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a certificate issued by a legitimate Certification Authority for an IP address, a different vulnerability than CVE-2009-2702."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110308 KDE SSL name check issue",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/08/13"
},
{
"name" : "[oss-security] 20110308 Re: KDE SSL name check issue",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/03/08/20"
},
{
"name" : "https://projects.kde.org/projects/kde/kdelibs/repository/revisions/76f935197599a335a5fe09b78751ddb455248cf7",
"refsource" : "CONFIRM",
"url" : "https://projects.kde.org/projects/kde/kdelibs/repository/revisions/76f935197599a335a5fe09b78751ddb455248cf7"
},
{
"name" : "MDVSA-2011:071",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:071"
},
{
"name" : "USN-1110-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1110-1"
},
{
"name" : "46789",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46789"
},
{
"name" : "44108",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44108"
},
{
"name" : "ADV-2011-0913",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0913"
},
{
"name" : "ADV-2011-0990",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0990"
},
{
"name" : "kdelibs-ssl-security-bypass(65986)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65986"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a certificate issued by a legitimate Certification Authority for an IP address, a different vulnerability than CVE-2009-2702."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0990",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0990"
},
{
"name": "MDVSA-2011:071",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:071"
},
{
"name": "46789",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46789"
},
{
"name": "44108",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44108"
},
{
"name": "USN-1110-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1110-1"
},
{
"name": "ADV-2011-0913",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0913"
},
{
"name": "https://projects.kde.org/projects/kde/kdelibs/repository/revisions/76f935197599a335a5fe09b78751ddb455248cf7",
"refsource": "CONFIRM",
"url": "https://projects.kde.org/projects/kde/kdelibs/repository/revisions/76f935197599a335a5fe09b78751ddb455248cf7"
},
{
"name": "[oss-security] 20110308 KDE SSL name check issue",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/08/13"
},
{
"name": "kdelibs-ssl-security-bypass(65986)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65986"
},
{
"name": "[oss-security] 20110308 Re: KDE SSL name check issue",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/03/08/20"
}
]
}
}

200
2011/1xxx/CVE-2011-1655.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1655",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and subsequently execute arbitrary code, by sniffing the network, related to the UNCWS Web Service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1655",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110413 CA20110413-01: Security Notice for CA Total Defense",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/517494/100/0/threaded"
},
{
"name" : "20110413 ZDI-11-127: CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/517492/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-127/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-127/"
},
{
"name" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={CD065CEC-AFE2-4D9D-8E0B-BE7F6E345866}",
"refsource" : "CONFIRM",
"url" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={CD065CEC-AFE2-4D9D-8E0B-BE7F6E345866}"
},
{
"name" : "47356",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47356"
},
{
"name" : "1025353",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025353"
},
{
"name" : "44097",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44097"
},
{
"name" : "ADV-2011-0977",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0977"
},
{
"name" : "totaldefense-uncsw-code-execution(66727)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66727"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and subsequently execute arbitrary code, by sniffing the network, related to the UNCWS Web Service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110413 ZDI-11-127: CA Total Defense Suite UNCWS Web Service getDBConfigSettings Credential Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517492/100/0/threaded"
},
{
"name": "44097",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44097"
},
{
"name": "ADV-2011-0977",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0977"
},
{
"name": "1025353",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025353"
},
{
"name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={CD065CEC-AFE2-4D9D-8E0B-BE7F6E345866}",
"refsource": "CONFIRM",
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={CD065CEC-AFE2-4D9D-8E0B-BE7F6E345866}"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-127/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-127/"
},
{
"name": "47356",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47356"
},
{
"name": "totaldefense-uncsw-code-execution(66727)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66727"
},
{
"name": "20110413 CA20110413-01: Security Notice for CA Total Defense",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517494/100/0/threaded"
}
]
}
}

200
2011/1xxx/CVE-2011-1758.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1758",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110429 vulnerability in sssd 1.5.0+ (CVE-2011-1758)",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2011/04/29/4"
},
{
"name" : "[sssd-devel] 20110429 SSSD Security Release 1.5.7",
"refsource" : "MLIST",
"url" : "https://fedorahosted.org/pipermail/sssd-devel/2011-April/006138.html"
},
{
"name" : "http://git.fedorahosted.org/git/?p=sssd.git;a=commit;h=fffdae81651b460f3d2c119c56d5caa09b4de42a",
"refsource" : "CONFIRM",
"url" : "http://git.fedorahosted.org/git/?p=sssd.git;a=commit;h=fffdae81651b460f3d2c119c56d5caa09b4de42a"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=700867",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=700867"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=700891",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=700891"
},
{
"name" : "https://fedorahosted.org/sssd/ticket/856",
"refsource" : "CONFIRM",
"url" : "https://fedorahosted.org/sssd/ticket/856"
},
{
"name" : "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.7",
"refsource" : "CONFIRM",
"url" : "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.7"
},
{
"name" : "FEDORA-2011-5815",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059619.html"
},
{
"name" : "FEDORA-2011-6279",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059532.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=700867",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=700867"
},
{
"name": "https://fedorahosted.org/sssd/ticket/856",
"refsource": "CONFIRM",
"url": "https://fedorahosted.org/sssd/ticket/856"
},
{
"name": "[oss-security] 20110429 vulnerability in sssd 1.5.0+ (CVE-2011-1758)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/29/4"
},
{
"name": "FEDORA-2011-5815",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059619.html"
},
{
"name": "FEDORA-2011-6279",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059532.html"
},
{
"name": "[sssd-devel] 20110429 SSSD Security Release 1.5.7",
"refsource": "MLIST",
"url": "https://fedorahosted.org/pipermail/sssd-devel/2011-April/006138.html"
},
{
"name": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.7",
"refsource": "CONFIRM",
"url": "https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.7"
},
{
"name": "http://git.fedorahosted.org/git/?p=sssd.git;a=commit;h=fffdae81651b460f3d2c119c56d5caa09b4de42a",
"refsource": "CONFIRM",
"url": "http://git.fedorahosted.org/git/?p=sssd.git;a=commit;h=fffdae81651b460f3d2c119c56d5caa09b4de42a"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=700891",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=700891"
}
]
}
}

150
2011/5xxx/CVE-2011-5260.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5260",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5260",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20111117 [DSECRG-11-037] SAP BW Doc - Multiple XSS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/520555/100/0/threaded"
},
{
"name" : "http://dsecrg.com/pages/vul/show.php?id=337",
"refsource" : "MISC",
"url" : "http://dsecrg.com/pages/vul/show.php?id=337"
},
{
"name" : "https://erpscan.io/advisories/dsecrg-11-037-sap-bw-doc-multiple-xss/",
"refsource" : "MISC",
"url" : "https://erpscan.io/advisories/dsecrg-11-037-sap-bw-doc-multiple-xss/"
},
{
"name" : "http://www.sdn.sap.com/irj/scn/index?rid=/webcontent/uuid/50316177-762d-2f10-0993-a2206cc349b4",
"refsource" : "CONFIRM",
"url" : "http://www.sdn.sap.com/irj/scn/index?rid=/webcontent/uuid/50316177-762d-2f10-0993-a2206cc349b4"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://erpscan.io/advisories/dsecrg-11-037-sap-bw-doc-multiple-xss/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/dsecrg-11-037-sap-bw-doc-multiple-xss/"
},
{
"name": "http://dsecrg.com/pages/vul/show.php?id=337",
"refsource": "MISC",
"url": "http://dsecrg.com/pages/vul/show.php?id=337"
},
{
"name": "20111117 [DSECRG-11-037] SAP BW Doc - Multiple XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520555/100/0/threaded"
},
{
"name": "http://www.sdn.sap.com/irj/scn/index?rid=/webcontent/uuid/50316177-762d-2f10-0993-a2206cc349b4",
"refsource": "CONFIRM",
"url": "http://www.sdn.sap.com/irj/scn/index?rid=/webcontent/uuid/50316177-762d-2f10-0993-a2206cc349b4"
}
]
}
}

170
2014/3xxx/CVE-2014-3183.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3183",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the logi_dj_ll_raw_request function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that specifies a large report size for an LED report."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-3183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140911 Multiple Linux USB driver CVE assignment",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/09/11/21"
},
{
"name" : "https://code.google.com/p/google-security-research/issues/detail?id=90",
"refsource" : "MISC",
"url" : "https://code.google.com/p/google-security-research/issues/detail?id=90"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=51217e69697fba92a06e07e16f55c9a52d8e8945",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=51217e69697fba92a06e07e16f55c9a52d8e8945"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1141344",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1141344"
},
{
"name" : "https://github.com/torvalds/linux/commit/51217e69697fba92a06e07e16f55c9a52d8e8945",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/51217e69697fba92a06e07e16f55c9a52d8e8945"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the logi_dj_ll_raw_request function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that specifies a large report size for an LED report."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2"
},
{
"name": "[oss-security] 20140911 Multiple Linux USB driver CVE assignment",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/09/11/21"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=51217e69697fba92a06e07e16f55c9a52d8e8945",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=51217e69697fba92a06e07e16f55c9a52d8e8945"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1141344",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1141344"
},
{
"name": "https://github.com/torvalds/linux/commit/51217e69697fba92a06e07e16f55c9a52d8e8945",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/51217e69697fba92a06e07e16f55c9a52d8e8945"
},
{
"name": "https://code.google.com/p/google-security-research/issues/detail?id=90",
"refsource": "MISC",
"url": "https://code.google.com/p/google-security-research/issues/detail?id=90"
}
]
}
}

170
2014/3xxx/CVE-2014-3353.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3353",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS XR 4.3(.2) and earlier, as used in Cisco Carrier Routing System (CRS), allows remote attackers to cause a denial of service (CPU consumption and IPv6 packet drops) via a malformed IPv6 packet, aka Bug ID CSCuo95165."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3353",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35559",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35559"
},
{
"name" : "20140902 Cisco IOS XR Software Malformed IPv6 Packet Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3353"
},
{
"name" : "69506",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69506"
},
{
"name" : "1030790",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030790"
},
{
"name" : "60205",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60205"
},
{
"name" : "ciscoiosxr-cve20143353-dos(95623)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95623"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS XR 4.3(.2) and earlier, as used in Cisco Carrier Routing System (CRS), allows remote attackers to cause a denial of service (CPU consumption and IPv6 packet drops) via a malformed IPv6 packet, aka Bug ID CSCuo95165."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35559",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35559"
},
{
"name": "69506",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69506"
},
{
"name": "60205",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60205"
},
{
"name": "1030790",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030790"
},
{
"name": "20140902 Cisco IOS XR Software Malformed IPv6 Packet Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3353"
},
{
"name": "ciscoiosxr-cve20143353-dos(95623)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95623"
}
]
}
}

34
2014/3xxx/CVE-2014-3831.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3831",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-3831",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}

140
2014/3xxx/CVE-2014-3960.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3960",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.opennms.org/documentation/ReleaseNotesStable.html#opennms-1.12.7",
"refsource" : "CONFIRM",
"url" : "http://www.opennms.org/documentation/ReleaseNotesStable.html#opennms-1.12.7"
},
{
"name" : "67774",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67774"
},
{
"name" : "58748",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58748"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.opennms.org/documentation/ReleaseNotesStable.html#opennms-1.12.7",
"refsource": "CONFIRM",
"url": "http://www.opennms.org/documentation/ReleaseNotesStable.html#opennms-1.12.7"
},
{
"name": "67774",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67774"
},
{
"name": "58748",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58748"
}
]
}
}

130
2014/6xxx/CVE-2014-6454.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6454",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4299, CVE-2014-4300, CVE-2014-6452, and CVE-2014-6542."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-6454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name" : "70529",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70529"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4299, CVE-2014-4300, CVE-2014-6452, and CVE-2014-6542."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70529",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70529"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
}
]
}
}

130
2014/6xxx/CVE-2014-6487.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6487",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote authenticated users to affect integrity via unknown vectors related to End User Self Service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-6487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name" : "70458",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70458"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote authenticated users to affect integrity via unknown vectors related to End User Self Service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70458",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70458"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
}
]
}
}

140
2014/6xxx/CVE-2014-6658.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6658",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Apploi Job Search- Find Jobs (aka com.apploi) application 4.19 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-6658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#975681",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/975681"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Apploi Job Search- Find Jobs (aka com.apploi) application 4.19 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#975681",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/975681"
}
]
}
}

140
2014/7xxx/CVE-2014-7022.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7022",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Modelisme.com forum/portail (aka com.tapatalk.modelismecomforum) application 3.6.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#748289",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/748289"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Modelisme.com forum/portail (aka com.tapatalk.modelismecomforum) application 3.6.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#748289",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/748289"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7726.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7726",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Golosinas Simpson1 (aka com.wGolosinasSimpson1) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7726",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#851073",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/851073"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Golosinas Simpson1 (aka com.wGolosinasSimpson1) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#851073",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/851073"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

190
2014/7xxx/CVE-2014-7828.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7828",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-7828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[Freeipa-devel] 20141105 [PATCH 0076] Ensure that a password exists after OTP validation",
"refsource" : "MLIST",
"url" : "https://www.redhat.com/archives/freeipa-devel/2014-November/msg00068.html"
},
{
"name" : "[Freeipa-users] 20141105 ATTN: CVE-2014-7828",
"refsource" : "MLIST",
"url" : "https://www.redhat.com/archives/freeipa-users/2014-November/msg00077.html"
},
{
"name" : "http://www.freeipa.org/page/Releases/4.1.1",
"refsource" : "CONFIRM",
"url" : "http://www.freeipa.org/page/Releases/4.1.1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1160871",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1160871"
},
{
"name" : "https://fedorahosted.org/freeipa/ticket/4690",
"refsource" : "CONFIRM",
"url" : "https://fedorahosted.org/freeipa/ticket/4690"
},
{
"name" : "FEDORA-2014-14427",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/143000.html"
},
{
"name" : "70932",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70932"
},
{
"name" : "freeipa-otp-sec-bypass(98500)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98500"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fedorahosted.org/freeipa/ticket/4690",
"refsource": "CONFIRM",
"url": "https://fedorahosted.org/freeipa/ticket/4690"
},
{
"name": "http://www.freeipa.org/page/Releases/4.1.1",
"refsource": "CONFIRM",
"url": "http://www.freeipa.org/page/Releases/4.1.1"
},
{
"name": "[Freeipa-users] 20141105 ATTN: CVE-2014-7828",
"refsource": "MLIST",
"url": "https://www.redhat.com/archives/freeipa-users/2014-November/msg00077.html"
},
{
"name": "[Freeipa-devel] 20141105 [PATCH 0076] Ensure that a password exists after OTP validation",
"refsource": "MLIST",
"url": "https://www.redhat.com/archives/freeipa-devel/2014-November/msg00068.html"
},
{
"name": "freeipa-otp-sec-bypass(98500)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98500"
},
{
"name": "FEDORA-2014-14427",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/143000.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1160871",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1160871"
},
{
"name": "70932",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70932"
}
]
}
}

34
2014/8xxx/CVE-2014-8198.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8198",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-8198",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

34
2014/8xxx/CVE-2014-8219.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8219",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-8219",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

34
2014/8xxx/CVE-2014-8466.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8466",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8466",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/8xxx/CVE-2014-8694.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8694",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8694",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2014/8xxx/CVE-2014-8836.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8836",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (arbitrary-size bzero of kernel memory) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-8836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/google-security-research/issues/detail?id=136",
"refsource" : "MISC",
"url" : "http://code.google.com/p/google-security-research/issues/detail?id=136"
},
{
"name" : "http://support.apple.com/HT204244",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/HT204244"
},
{
"name" : "APPLE-SA-2015-01-27-4",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
},
{
"name" : "1031626",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031626"
},
{
"name" : "macosx-cve20148836-priv-esc(100490)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100490"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (arbitrary-size bzero of kernel memory) via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/google-security-research/issues/detail?id=136",
"refsource": "MISC",
"url": "http://code.google.com/p/google-security-research/issues/detail?id=136"
},
{
"name": "macosx-cve20148836-priv-esc(100490)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100490"
},
{
"name": "http://support.apple.com/HT204244",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204244"
},
{
"name": "1031626",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031626"
},
{
"name": "APPLE-SA-2015-01-27-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
]
}
}

34
2016/2xxx/CVE-2016-2520.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2520",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2520",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2016/2xxx/CVE-2016-2662.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2662",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2662",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

166
2016/2xxx/CVE-2016-2964.json
View File

@ -1,85 +1,85 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-08-25T00:00:00",
"ID" : "CVE-2016-2964",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Sametime",
"version" : {
"version_data" : [
{
"version_value" : "8.5.2"
},
{
"version_value" : "8.5.2.1"
},
{
"version_value" : "9.0"
},
{
"version_value" : "9.0.0.1"
},
{
"version_value" : "9.0.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sametime 8.5.2 and 9.0 under certain conditions provides an error message to a user that is too detailed and may reveal details about the application. IBM X-Force ID: 113813."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-08-25T00:00:00",
"ID": "CVE-2016-2964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sametime",
"version": {
"version_data": [
{
"version_value": "8.5.2"
},
{
"version_value": "8.5.2.1"
},
{
"version_value": "9.0"
},
{
"version_value": "9.0.0.1"
},
{
"version_value": "9.0.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113813",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/113813"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22006441",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22006441"
},
{
"name" : "100572",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100572"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sametime 8.5.2 and 9.0 under certain conditions provides an error message to a user that is too detailed and may reveal details about the application. IBM X-Force ID: 113813."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113813",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/113813"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006441",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006441"
},
{
"name": "100572",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100572"
}
]
}
}

144
2016/6xxx/CVE-2016-6092.json
View File

@ -1,74 +1,74 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-6092",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Key Lifecycle Manager",
"version" : {
"version_data" : [
{
"version_value" : "2.5"
},
{
"version_value" : "1.0"
},
{
"version_value" : "2.0"
},
{
"version_value" : "2.0.1"
},
{
"version_value" : "2.6"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Key Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "2.5"
},
{
"version_value": "1.0"
},
{
"version_value": "2.0"
},
{
"version_value": "2.0.1"
},
{
"version_value": "2.6"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21997953",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21997953"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21997953",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997953"
}
]
}
}

130
2016/6xxx/CVE-2016-6669.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6669",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a crafted EAP packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160810-01-usg-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160810-01-usg-en"
},
{
"name" : "92441",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92441"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a crafted EAP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92441",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92441"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160810-01-usg-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160810-01-usg-en"
}
]
}
}

130
2016/6xxx/CVE-2016-6818.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6818",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service (data deletion), or launch administrative operations or possibly OS commands via a crafted SQL query. The vendor response is SAP Security Note 2361633."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6818",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-january-2017/",
"refsource" : "MISC",
"url" : "https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-january-2017/"
},
{
"name" : "97661",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97661"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service (data deletion), or launch administrative operations or possibly OS commands via a crafted SQL query. The vendor response is SAP Security Note 2361633."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97661",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97661"
},
{
"name": "https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-january-2017/",
"refsource": "MISC",
"url": "https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-january-2017/"
}
]
}
}

130
2017/18xxx/CVE-2017-18327.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2017-18327",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
{
"version_value" : "MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Security keys are logged when any WCDMA call is configured or reconfigured in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Exposure in WCDMA"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-18327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.qualcomm.com/company/product-security/bulletins",
"refsource" : "CONFIRM",
"url" : "https://www.qualcomm.com/company/product-security/bulletins"
},
{
"name" : "106128",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106128"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Security keys are logged when any WCDMA call is configured or reconfigured in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure in WCDMA"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
},
{
"name": "106128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106128"
}
]
}
}

150
2017/5xxx/CVE-2017-5084.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-5084",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Google Chrome prior to 59.0.3071.92",
"version" : {
"version_data" : [
{
"version_value" : "Google Chrome prior to 59.0.3071.92"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Inappropriate implementation in image-burner in Google Chrome OS prior to 59.0.3071.92 allowed a local attacker to read local files via dbus-send commands to a BurnImage D-Bus endpoint."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Inappropriate implementation"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-5084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 59.0.3071.92",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 59.0.3071.92"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-chrome-os.html",
"refsource" : "MISC",
"url" : "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-chrome-os.html"
},
{
"name" : "https://crbug.com/702030",
"refsource" : "MISC",
"url" : "https://crbug.com/702030"
},
{
"name" : "GLSA-201706-20",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201706-20"
},
{
"name" : "98986",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98986"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inappropriate implementation in image-burner in Google Chrome OS prior to 59.0.3071.92 allowed a local attacker to read local files via dbus-send commands to a BurnImage D-Bus endpoint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/702030",
"refsource": "MISC",
"url": "https://crbug.com/702030"
},
{
"name": "GLSA-201706-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-20"
},
{
"name": "98986",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98986"
},
{
"name": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-chrome-os.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-chrome-os.html"
}
]
}
}

34
2017/5xxx/CVE-2017-5755.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5755",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5755",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}