admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:59:27 +00:00
parent 39eda71f99
commit 8538bd75ff
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 3878 additions and 3878 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

178
2006/0xxx/CVE-2006-0194.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0194",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in default.asp in FogBugz 4.029, and other versions before 4.0.33, allows remote attackers to inject arbitrary web script or HTML via the dest parameter in the pgLogon page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060112 FogBugz Cross Site Scripting Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/421729/100/0/threaded"
},
{
"name" : "http://www.fogcreek.com/FogBugz/KB/releaseNotes/WhatsNewInFogBugz4.0.33.html",
"refsource" : "CONFIRM",
"url" : "http://www.fogcreek.com/FogBugz/KB/releaseNotes/WhatsNewInFogBugz4.0.33.html"
},
{
"name" : "16216",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16216"
},
{
"name" : "ADV-2006-0174",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0174"
},
{
"name" : "22370",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22370"
},
{
"name" : "18443",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18443"
},
{
"name" : "fogbugz-login-xss(24103)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24103"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in default.asp in FogBugz 4.029, and other versions before 4.0.33, allows remote attackers to inject arbitrary web script or HTML via the dest parameter in the pgLogon page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22370",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22370"
},
{
"name": "ADV-2006-0174",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0174"
},
{
"name": "20060112 FogBugz Cross Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421729/100/0/threaded"
},
{
"name": "http://www.fogcreek.com/FogBugz/KB/releaseNotes/WhatsNewInFogBugz4.0.33.html",
"refsource": "CONFIRM",
"url": "http://www.fogcreek.com/FogBugz/KB/releaseNotes/WhatsNewInFogBugz4.0.33.html"
},
{
"name": "fogbugz-login-xss(24103)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24103"
},
{
"name": "18443",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18443"
},
{
"name": "16216",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16216"
}
]
}
}

148
2006/0xxx/CVE-2006-0519.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0519",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zone-h.org/en/advisories/read/id=8650/",
"refsource" : "MISC",
"url" : "http://www.zone-h.org/en/advisories/read/id=8650/"
},
{
"name" : "ADV-2006-0398",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0398"
},
{
"name" : "18676",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18676"
},
{
"name" : "spip-incmessforum-path-disclosure(24399)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24399"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zone-h.org/en/advisories/read/id=8650/",
"refsource": "MISC",
"url": "http://www.zone-h.org/en/advisories/read/id=8650/"
},
{
"name": "18676",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18676"
},
{
"name": "ADV-2006-0398",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0398"
},
{
"name": "spip-incmessforum-path-disclosure(24399)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24399"
}
]
}
}

158
2006/0xxx/CVE-2006-0728.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0728",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in search.php in webSPELL 4.01.00 and earlier allows remote attackers to inject arbitrary SQL commands via the title_op parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.webspell.org/index.php?site=news_comments&newsID=49&lang=en",
"refsource" : "CONFIRM",
"url" : "http://www.webspell.org/index.php?site=news_comments&newsID=49&lang=en"
},
{
"name" : "16673",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16673"
},
{
"name" : "ADV-2006-0606",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0606"
},
{
"name" : "18885",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18885"
},
{
"name" : "webspell-search-sql-injection(24708)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24708"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in search.php in webSPELL 4.01.00 and earlier allows remote attackers to inject arbitrary SQL commands via the title_op parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18885",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18885"
},
{
"name": "http://www.webspell.org/index.php?site=news_comments&newsID=49&lang=en",
"refsource": "CONFIRM",
"url": "http://www.webspell.org/index.php?site=news_comments&newsID=49&lang=en"
},
{
"name": "16673",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16673"
},
{
"name": "webspell-search-sql-injection(24708)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24708"
},
{
"name": "ADV-2006-0606",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0606"
}
]
}
}

178
2006/1xxx/CVE-2006-1243.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1243",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "1581",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1581"
},
{
"name" : "http://sourceforge.net/forum/forum.php?forum_id=564904",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/forum/forum.php?forum_id=564904"
},
{
"name" : "Vendor ACK for CVE-2006-1243 (older Simple PHP Blog)",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2006-November/001138.html"
},
{
"name" : "17102",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17102"
},
{
"name" : "ADV-2006-1007",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1007"
},
{
"name" : "19270",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19270"
},
{
"name" : "simplephpblog-install05-file-include(25322)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25322"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "Vendor ACK for CVE-2006-1243 (older Simple PHP Blog)",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-November/001138.html"
},
{
"name": "simplephpblog-install05-file-include(25322)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25322"
},
{
"name": "19270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19270"
},
{
"name": "1581",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1581"
},
{
"name": "17102",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17102"
},
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=564904",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=564904"
},
{
"name": "ADV-2006-1007",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1007"
}
]
}
}

138
2006/1xxx/CVE-2006-1250.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1250",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Webmail module in Winmail before 4.3 has unknown impact and unknown remote attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.magicwinmail.net/changelog.asp",
"refsource" : "CONFIRM",
"url" : "http://www.magicwinmail.net/changelog.asp"
},
{
"name" : "17009",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17009"
},
{
"name" : "ADV-2006-0858",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0858"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Webmail module in Winmail before 4.3 has unknown impact and unknown remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.magicwinmail.net/changelog.asp",
"refsource": "CONFIRM",
"url": "http://www.magicwinmail.net/changelog.asp"
},
{
"name": "ADV-2006-0858",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0858"
},
{
"name": "17009",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17009"
}
]
}
}

168
2006/1xxx/CVE-2006-1588.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1588",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not clear sensitive memory before copying ioctl results to the requesting process, which allows local users to obtain portions of kernel memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "NetBSD-SA2006-005",
"refsource" : "NETBSD",
"url" : "ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-005.txt.asc"
},
{
"name" : "17312",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17312"
},
{
"name" : "24262",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24262"
},
{
"name" : "1015846",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015846"
},
{
"name" : "19464",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19464"
},
{
"name" : "bsd-ifbridge-information-disclosure(25582)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25582"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not clear sensitive memory before copying ioctl results to the requesting process, which allows local users to obtain portions of kernel memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17312",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17312"
},
{
"name": "24262",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24262"
},
{
"name": "19464",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19464"
},
{
"name": "bsd-ifbridge-information-disclosure(25582)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25582"
},
{
"name": "NetBSD-SA2006-005",
"refsource": "NETBSD",
"url": "ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-005.txt.asc"
},
{
"name": "1015846",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015846"
}
]
}
}

32
2006/1xxx/CVE-2006-1632.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1632",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1632",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

178
2006/3xxx/CVE-2006-3568.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3568",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php in Fantastic Guestbook 2.0.1, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) nickname parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060711 Fantastic Guestbook v2.0.1 Advisory",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/440152/100/100/threaded"
},
{
"name" : "http://it.security.netsons.org/exploit/FGB.txt",
"refsource" : "MISC",
"url" : "http://it.security.netsons.org/exploit/FGB.txt"
},
{
"name" : "18942",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18942"
},
{
"name" : "ADV-2006-2762",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2762"
},
{
"name" : "27107",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27107"
},
{
"name" : "21024",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21024"
},
{
"name" : "fantastic-guestbook-guestbook-xss(27697)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27697"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php in Fantastic Guestbook 2.0.1, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) nickname parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://it.security.netsons.org/exploit/FGB.txt",
"refsource": "MISC",
"url": "http://it.security.netsons.org/exploit/FGB.txt"
},
{
"name": "20060711 Fantastic Guestbook v2.0.1 Advisory",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440152/100/100/threaded"
},
{
"name": "18942",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18942"
},
{
"name": "21024",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21024"
},
{
"name": "ADV-2006-2762",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2762"
},
{
"name": "fantastic-guestbook-guestbook-xss(27697)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27697"
},
{
"name": "27107",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27107"
}
]
}
}

228
2006/3xxx/CVE-2006-3709.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3709",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, and 10.1.2.0.0 has unknown impact and attack vectors, aka Oracle Vuln# AS04."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html"
},
{
"name" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html",
"refsource" : "MISC",
"url" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html"
},
{
"name" : "HPSBMA02133",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
},
{
"name" : "SSRT061201",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
},
{
"name" : "TA06-200A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-200A.html"
},
{
"name" : "19054",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19054"
},
{
"name" : "ADV-2006-2863",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2863"
},
{
"name" : "ADV-2006-2947",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2947"
},
{
"name" : "1016529",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016529"
},
{
"name" : "21111",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21111"
},
{
"name" : "21165",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21165"
},
{
"name" : "oracle-cpu-july-2006(27897)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, and 10.1.2.0.0 has unknown impact and attack vectors, aka Oracle Vuln# AS04."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016529",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016529"
},
{
"name": "19054",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19054"
},
{
"name": "oracle-cpu-july-2006(27897)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897"
},
{
"name": "21165",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21165"
},
{
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
},
{
"name": "ADV-2006-2947",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2947"
},
{
"name": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html"
},
{
"name": "SSRT061201",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
},
{
"name": "TA06-200A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-200A.html"
},
{
"name": "21111",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21111"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html"
},
{
"name": "ADV-2006-2863",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2863"
}
]
}
}

198
2006/4xxx/CVE-2006-4111.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4111",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with \"severe\" or \"serious\" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://weblog.rubyonrails.org/2006/8/9/rails-1-1-5-mandatory-security-patch-and-other-tidbits",
"refsource" : "CONFIRM",
"url" : "http://weblog.rubyonrails.org/2006/8/9/rails-1-1-5-mandatory-security-patch-and-other-tidbits"
},
{
"name" : "GLSA-200608-20",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml"
},
{
"name" : "http://blog.koehntopp.de/archives/1367-Ruby-On-Rails-Mandatory-Mystery-Patch.html",
"refsource" : "MISC",
"url" : "http://blog.koehntopp.de/archives/1367-Ruby-On-Rails-Mandatory-Mystery-Patch.html"
},
{
"name" : "SUSE-SR:2006:021",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_21_sr.html"
},
{
"name" : "19454",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19454"
},
{
"name" : "ADV-2006-3237",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3237"
},
{
"name" : "1016673",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016673"
},
{
"name" : "21466",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21466"
},
{
"name" : "21749",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21749"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with \"severe\" or \"serious\" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21466",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21466"
},
{
"name": "21749",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21749"
},
{
"name": "19454",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19454"
},
{
"name": "ADV-2006-3237",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3237"
},
{
"name": "http://blog.koehntopp.de/archives/1367-Ruby-On-Rails-Mandatory-Mystery-Patch.html",
"refsource": "MISC",
"url": "http://blog.koehntopp.de/archives/1367-Ruby-On-Rails-Mandatory-Mystery-Patch.html"
},
{
"name": "SUSE-SR:2006:021",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_21_sr.html"
},
{
"name": "http://weblog.rubyonrails.org/2006/8/9/rails-1-1-5-mandatory-security-patch-and-other-tidbits",
"refsource": "CONFIRM",
"url": "http://weblog.rubyonrails.org/2006/8/9/rails-1-1-5-mandatory-security-patch-and-other-tidbits"
},
{
"name": "GLSA-200608-20",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml"
},
{
"name": "1016673",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016673"
}
]
}
}

32
2006/4xxx/CVE-2006-4261.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4261",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-4253. Reason: This candidate is a duplicate of CVE-2006-4253. Notes: All CVE users should reference CVE-2006-4253 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2006-4261",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-4253. Reason: This candidate is a duplicate of CVE-2006-4253. Notes: All CVE users should reference CVE-2006-4253 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

168
2006/4xxx/CVE-2006-4504.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4504",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in NX5Linx 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) c and (2) l parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060912 [eVuln] NX5Linkx Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445916/100/0/threaded"
},
{
"name" : "http://www.evuln.com/vulns/138/",
"refsource" : "MISC",
"url" : "http://www.evuln.com/vulns/138/"
},
{
"name" : "20010",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20010"
},
{
"name" : "ADV-2006-3631",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3631"
},
{
"name" : "21922",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21922"
},
{
"name" : "nx5linkx-sql-injection(28602)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28602"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in NX5Linx 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) c and (2) l parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21922",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21922"
},
{
"name": "http://www.evuln.com/vulns/138/",
"refsource": "MISC",
"url": "http://www.evuln.com/vulns/138/"
},
{
"name": "20010",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20010"
},
{
"name": "nx5linkx-sql-injection(28602)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28602"
},
{
"name": "20060912 [eVuln] NX5Linkx Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445916/100/0/threaded"
},
{
"name": "ADV-2006-3631",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3631"
}
]
}
}

178
2006/4xxx/CVE-2006-4674.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4674",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060907 DokuWiki <= 2006-03-09brel /bin/dwpage.php remote commands execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/445516/100/0/threaded"
},
{
"name" : "http://retrogod.altervista.org/dokuwiki_2006-03-09b_cmd.html",
"refsource" : "MISC",
"url" : "http://retrogod.altervista.org/dokuwiki_2006-03-09b_cmd.html"
},
{
"name" : "http://bugs.splitbrain.org/index.php?do=details&id=906",
"refsource" : "CONFIRM",
"url" : "http://bugs.splitbrain.org/index.php?do=details&id=906"
},
{
"name" : "GLSA-200609-10",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200609-10.xml"
},
{
"name" : "21819",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21819"
},
{
"name" : "21936",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21936"
},
{
"name" : "1537",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1537"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://retrogod.altervista.org/dokuwiki_2006-03-09b_cmd.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/dokuwiki_2006-03-09b_cmd.html"
},
{
"name": "1537",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1537"
},
{
"name": "http://bugs.splitbrain.org/index.php?do=details&id=906",
"refsource": "CONFIRM",
"url": "http://bugs.splitbrain.org/index.php?do=details&id=906"
},
{
"name": "GLSA-200609-10",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200609-10.xml"
},
{
"name": "21936",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21936"
},
{
"name": "20060907 DokuWiki <= 2006-03-09brel /bin/dwpage.php remote commands execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445516/100/0/threaded"
},
{
"name": "21819",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21819"
}
]
}
}

128
2010/2xxx/CVE-2010-2554.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2554",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka \"Tracing Registry Key ACL Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-2554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS10-059",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-059"
},
{
"name" : "oval:org.mitre.oval:def:12082",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12082"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka \"Tracing Registry Key ACL Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:12082",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12082"
},
{
"name": "MS10-059",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-059"
}
]
}
}

148
2010/2xxx/CVE-2010-2656.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2656",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14237",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14237/"
},
{
"name" : "http://dsecrg.com/pages/vul/show.php?id=154",
"refsource" : "MISC",
"url" : "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"name" : "41383",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41383"
},
{
"name" : "66123",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/66123"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14237",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14237/"
},
{
"name": "41383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41383"
},
{
"name": "http://dsecrg.com/pages/vul/show.php?id=154",
"refsource": "MISC",
"url": "http://dsecrg.com/pages/vul/show.php?id=154"
},
{
"name": "66123",
"refsource": "OSVDB",
"url": "http://osvdb.org/66123"
}
]
}
}

128
2010/2xxx/CVE-2010-2819.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2819",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the SunRPC inspection feature on the Cisco Firewall Services Module (FWSM) with software 3.1 before 3.1(17.2), 3.2 before 3.2(16.1), 4.0 before 4.0(10.1), and 4.1 before 4.1(1.1) for Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service (device reload) via crafted SunRPC messages, aka Bug ID CSCte61622."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-2819",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100804 Multiple Vulnerabilities in Cisco Firewall Services Module",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3f130.shtml"
},
{
"name" : "40843",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40843"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the SunRPC inspection feature on the Cisco Firewall Services Module (FWSM) with software 3.1 before 3.1(17.2), 3.2 before 3.2(16.1), 4.0 before 4.0(10.1), and 4.1 before 4.1(1.1) for Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service (device reload) via crafted SunRPC messages, aka Bug ID CSCte61622."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40843"
},
{
"name": "20100804 Multiple Vulnerabilities in Cisco Firewall Services Module",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3f130.shtml"
}
]
}
}

158
2010/2xxx/CVE-2010-2844.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2844",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in news_show.php in Newanz NewsOffice 2.0.18 allows remote attackers to inject arbitrary web script or HTML via the n-cat parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://cross-site-scripting.blogspot.com/2010/07/news-office-2018-reflected-xss.html",
"refsource" : "MISC",
"url" : "http://cross-site-scripting.blogspot.com/2010/07/news-office-2018-reflected-xss.html"
},
{
"name" : "http://packetstormsecurity.org/1007-exploits/newsoffice-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1007-exploits/newsoffice-xss.txt"
},
{
"name" : "41419",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41419"
},
{
"name" : "ADV-2010-1723",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1723"
},
{
"name" : "newsoffice-newsshow-xss(60182)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60182"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in news_show.php in Newanz NewsOffice 2.0.18 allows remote attackers to inject arbitrary web script or HTML via the n-cat parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-1723",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1723"
},
{
"name": "newsoffice-newsshow-xss(60182)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60182"
},
{
"name": "http://packetstormsecurity.org/1007-exploits/newsoffice-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1007-exploits/newsoffice-xss.txt"
},
{
"name": "41419",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41419"
},
{
"name": "http://cross-site-scripting.blogspot.com/2010/07/news-office-2018-reflected-xss.html",
"refsource": "MISC",
"url": "http://cross-site-scripting.blogspot.com/2010/07/news-office-2018-reflected-xss.html"
}
]
}
}

138
2010/2xxx/CVE-2010-2998.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2998",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Array index error in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.0.1 allows remote attackers to execute arbitrary code via malformed sample data in a RealMedia .IVR file, related to a \"malformed IVR pointer index\" issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2998",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-209/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-209/"
},
{
"name" : "http://service.real.com/realplayer/security/10152010_player/en/",
"refsource" : "CONFIRM",
"url" : "http://service.real.com/realplayer/security/10152010_player/en/"
},
{
"name" : "44144",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44144"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Array index error in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.0.1 allows remote attackers to execute arbitrary code via malformed sample data in a RealMedia .IVR file, related to a \"malformed IVR pointer index\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44144",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44144"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-209/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-209/"
},
{
"name": "http://service.real.com/realplayer/security/10152010_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/10152010_player/en/"
}
]
}
}

128
2010/3xxx/CVE-2010-3503.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3503",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect confidentiality and integrity via unknown vectors related to su."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-3503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name" : "TA10-287A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect confidentiality and integrity via unknown vectors related to su."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name": "TA10-287A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"
}
]
}
}

198
2010/3xxx/CVE-2010-3628.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3628",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3632, and CVE-2010-3658."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-3628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html"
},
{
"name" : "GLSA-201101-08",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201101-08.xml"
},
{
"name" : "RHSA-2010:0743",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0743.html"
},
{
"name" : "SUSE-SA:2010:048",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html"
},
{
"name" : "SUSE-SR:2010:019",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"name" : "TA10-279A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-279A.html"
},
{
"name" : "oval:org.mitre.oval:def:7455",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7455"
},
{
"name" : "43025",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43025"
},
{
"name" : "ADV-2011-0191",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0191"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3632, and CVE-2010-3658."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2010:048",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html"
},
{
"name": "ADV-2011-0191",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0191"
},
{
"name": "43025",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43025"
},
{
"name": "oval:org.mitre.oval:def:7455",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7455"
},
{
"name": "GLSA-201101-08",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201101-08.xml"
},
{
"name": "RHSA-2010:0743",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0743.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-21.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-21.html"
},
{
"name": "TA10-279A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-279A.html"
},
{
"name": "SUSE-SR:2010:019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
}
]
}
}

138
2010/3xxx/CVE-2010-3732.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3732",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of parameter markers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3732",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
"refsource" : "CONFIRM",
"url" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
},
{
"name" : "IZ56428",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ56428"
},
{
"name" : "oval:org.mitre.oval:def:14219",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14219"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of parameter markers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:14219",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14219"
},
{
"name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
"refsource": "CONFIRM",
"url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
},
{
"name": "IZ56428",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ56428"
}
]
}
}

248
2010/4xxx/CVE-2010-4349.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4349",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid db_type parameter, which reveals the installation path in an error message, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4349",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20101215 CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/12/15/4"
},
{
"name" : "[oss-security] 20101216 Re: CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/12/16/1"
},
{
"name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php",
"refsource" : "MISC",
"url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php"
},
{
"name" : "http://www.mantisbt.org/bugs/changelog_page.php?version_id=112",
"refsource" : "CONFIRM",
"url" : "http://www.mantisbt.org/bugs/changelog_page.php?version_id=112"
},
{
"name" : "http://www.mantisbt.org/bugs/view.php?id=12607",
"refsource" : "CONFIRM",
"url" : "http://www.mantisbt.org/bugs/view.php?id=12607"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=663230",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=663230"
},
{
"name" : "http://www.mantisbt.org/blog/?p=123",
"refsource" : "CONFIRM",
"url" : "http://www.mantisbt.org/blog/?p=123"
},
{
"name" : "FEDORA-2010-19070",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html"
},
{
"name" : "FEDORA-2010-19078",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html"
},
{
"name" : "GLSA-201211-01",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201211-01.xml"
},
{
"name" : "42772",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42772"
},
{
"name" : "51199",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51199"
},
{
"name" : "ADV-2011-0002",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0002"
},
{
"name" : "mantisbt-dbtype-path-disclosure(64463)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64463"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid db_type parameter, which reveals the installation path in an error message, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0002",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0002"
},
{
"name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php",
"refsource": "MISC",
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php"
},
{
"name": "[oss-security] 20101216 Re: CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/12/16/1"
},
{
"name": "GLSA-201211-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201211-01.xml"
},
{
"name": "http://www.mantisbt.org/blog/?p=123",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/blog/?p=123"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=12607",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=12607"
},
{
"name": "mantisbt-dbtype-path-disclosure(64463)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64463"
},
{
"name": "51199",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51199"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=663230",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=663230"
},
{
"name": "FEDORA-2010-19078",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052730.html"
},
{
"name": "[oss-security] 20101215 CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/12/15/4"
},
{
"name": "42772",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42772"
},
{
"name": "FEDORA-2010-19070",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052721.html"
},
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php?version_id=112",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php?version_id=112"
}
]
}
}

128
2010/4xxx/CVE-2010-4360.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4360",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in index.php in Jurpopage 0.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) note and (2) pg parameters, different vectors than CVE-2010-4359. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45076",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45076"
},
{
"name" : "42387",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42387"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in index.php in Jurpopage 0.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) note and (2) pg parameters, different vectors than CVE-2010-4359. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42387",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42387"
},
{
"name": "45076",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45076"
}
]
}
}

148
2011/1xxx/CVE-2011-1067.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1067",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not properly manage the c_timelimit field of the connection table element, which allows remote attackers to cause a denial of service (daemon outage) via Simple Paged Results connections, as demonstrated by using multiple processes to replay TCP sessions, a different vulnerability than CVE-2011-0019."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://directory.fedoraproject.org/wiki/Release_Notes",
"refsource" : "CONFIRM",
"url" : "http://directory.fedoraproject.org/wiki/Release_Notes"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=668619",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=668619"
},
{
"name" : "43566",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43566"
},
{
"name" : "rhds-simple-paged-dos(65769)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65769"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not properly manage the c_timelimit field of the connection table element, which allows remote attackers to cause a denial of service (daemon outage) via Simple Paged Results connections, as demonstrated by using multiple processes to replay TCP sessions, a different vulnerability than CVE-2011-0019."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43566",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43566"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=668619",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=668619"
},
{
"name": "rhds-simple-paged-dos(65769)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65769"
},
{
"name": "http://directory.fedoraproject.org/wiki/Release_Notes",
"refsource": "CONFIRM",
"url": "http://directory.fedoraproject.org/wiki/Release_Notes"
}
]
}
}

218
2011/1xxx/CVE-2011-1238.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1238",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other \"Vulnerability Type 1\" CVEs listed in MS11-034, aka \"Win32k Use After Free Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2011-1238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx",
"refsource" : "MISC",
"url" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100133352",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100133352"
},
{
"name" : "MS11-034",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034"
},
{
"name" : "TA11-102A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name" : "47215",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47215"
},
{
"name" : "71753",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/71753"
},
{
"name" : "oval:org.mitre.oval:def:12417",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12417"
},
{
"name" : "1025345",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025345"
},
{
"name" : "44156",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44156"
},
{
"name" : "ADV-2011-0952",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0952"
},
{
"name" : "mswin-win32k-var26-priv-escalation(66420)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66420"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other \"Vulnerability Type 1\" CVEs listed in MS11-034, aka \"Win32k Use After Free Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA11-102A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
},
{
"name": "mswin-win32k-var26-priv-escalation(66420)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66420"
},
{
"name": "MS11-034",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034"
},
{
"name": "ADV-2011-0952",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0952"
},
{
"name": "47215",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47215"
},
{
"name": "http://support.avaya.com/css/P8/documents/100133352",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100133352"
},
{
"name": "71753",
"refsource": "OSVDB",
"url": "http://osvdb.org/71753"
},
{
"name": "44156",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44156"
},
{
"name": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx",
"refsource": "MISC",
"url": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx"
},
{
"name": "1025345",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025345"
},
{
"name": "oval:org.mitre.oval:def:12417",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12417"
}
]
}
}

138
2011/5xxx/CVE-2011-5275.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5275",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The install script in Domain Technologie Control (DTC) before 0.34.1 gives sudo permissions for chrootuid to the dtc user, which makes it easier for context-dependent users to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3",
"refsource" : "CONFIRM",
"url" : "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
},
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637618",
"refsource" : "CONFIRM",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637618"
},
{
"name" : "DSA-2365",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2365"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The install script in Domain Technologie Control (DTC) before 0.34.1 gives sudo permissions for chrootuid to the dtc user, which makes it easier for context-dependent users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637618",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637618"
},
{
"name": "DSA-2365",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2365"
},
{
"name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3",
"refsource": "CONFIRM",
"url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=blob;f=debian/changelog;hb=3eb6ef5cea6c571aae5e49e1930de778eca280c3"
}
]
}
}

218
2014/3xxx/CVE-2014-3095.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3095",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted UNION clause in a subquery of a SELECT statement."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681623",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21681623"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683297",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21683297"
},
{
"name" : "IT02433",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02433"
},
{
"name" : "IT02643",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02643"
},
{
"name" : "IT02644",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02644"
},
{
"name" : "IT02645",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02645"
},
{
"name" : "IT02646",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02646"
},
{
"name" : "69546",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69546"
},
{
"name" : "60845",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60845"
},
{
"name" : "58725",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58725"
},
{
"name" : "ibm-db2-cve20143095-dos(94263)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94263"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted UNION clause in a subquery of a SELECT statement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681623",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681623"
},
{
"name": "IT02644",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02644"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683297",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683297"
},
{
"name": "69546",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69546"
},
{
"name": "IT02645",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02645"
},
{
"name": "ibm-db2-cve20143095-dos(94263)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94263"
},
{
"name": "58725",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58725"
},
{
"name": "IT02643",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02643"
},
{
"name": "IT02433",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02433"
},
{
"name": "IT02646",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT02646"
},
{
"name": "60845",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60845"
}
]
}
}

148
2014/3xxx/CVE-2014-3309.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3309",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a \"deny all\" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140708 Cisco IOS Software and Cisco IOS XE Software NTP Access Group Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3309"
},
{
"name" : "68463",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68463"
},
{
"name" : "1030549",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030549"
},
{
"name" : "ciscoios-cve20143309-info-disc(94420)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94420"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a \"deny all\" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030549",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030549"
},
{
"name": "20140708 Cisco IOS Software and Cisco IOS XE Software NTP Access Group Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3309"
},
{
"name": "68463",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68463"
},
{
"name": "ciscoios-cve20143309-info-disc(94420)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94420"
}
]
}
}

158
2014/3xxx/CVE-2014-3315.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3315",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34900",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34900"
},
{
"name" : "20140709 Cisco Unified Communications Manager DNA Cross-Site Scripting Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3315"
},
{
"name" : "68477",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68477"
},
{
"name" : "59739",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59739"
},
{
"name" : "cucm-cve20143315-xss(94430)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94430"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140709 Cisco Unified Communications Manager DNA Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3315"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34900",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34900"
},
{
"name": "68477",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68477"
},
{
"name": "59739",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59739"
},
{
"name": "cucm-cve20143315-xss(94430)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94430"
}
]
}
}

32
2014/3xxx/CVE-2014-3334.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3334",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-3334",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

288
2014/3xxx/CVE-2014-3634.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3634",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140930 vulnerability in rsyslog",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/09/30/15"
},
{
"name" : "[oss-security] 20141003 sysklogd vulnerability (CVE-2014-3634)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/10/03/1"
},
{
"name" : "http://www.rsyslog.com/remote-syslog-pri-vulnerability/",
"refsource" : "CONFIRM",
"url" : "http://www.rsyslog.com/remote-syslog-pri-vulnerability/"
},
{
"name" : "http://linux.oracle.com/errata/ELSA-2014-1654",
"refsource" : "CONFIRM",
"url" : "http://linux.oracle.com/errata/ELSA-2014-1654"
},
{
"name" : "http://advisories.mageia.org/MGASA-2014-0411.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2014-0411.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name" : "DSA-3040",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3040"
},
{
"name" : "MDVSA-2015:130",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:130"
},
{
"name" : "RHSA-2014:1397",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1397.html"
},
{
"name" : "RHSA-2014:1654",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1654.html"
},
{
"name" : "RHSA-2014:1671",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1671.html"
},
{
"name" : "SUSE-SU-2014:1294",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00005.html"
},
{
"name" : "openSUSE-SU-2014:1297",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-10/msg00020.html"
},
{
"name" : "openSUSE-SU-2014:1298",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-10/msg00021.html"
},
{
"name" : "USN-2381-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2381-1"
},
{
"name" : "61494",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61494"
},
{
"name" : "61720",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61720"
},
{
"name" : "61930",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61930"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:1297",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00020.html"
},
{
"name": "RHSA-2014:1671",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1671.html"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0411.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0411.html"
},
{
"name": "SUSE-SU-2014:1294",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00005.html"
},
{
"name": "openSUSE-SU-2014:1298",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00021.html"
},
{
"name": "RHSA-2014:1654",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1654.html"
},
{
"name": "61720",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61720"
},
{
"name": "MDVSA-2015:130",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:130"
},
{
"name": "[oss-security] 20140930 vulnerability in rsyslog",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/09/30/15"
},
{
"name": "61494",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61494"
},
{
"name": "RHSA-2014:1397",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1397.html"
},
{
"name": "[oss-security] 20141003 sysklogd vulnerability (CVE-2014-3634)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/10/03/1"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-1654",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-1654"
},
{
"name": "http://www.rsyslog.com/remote-syslog-pri-vulnerability/",
"refsource": "CONFIRM",
"url": "http://www.rsyslog.com/remote-syslog-pri-vulnerability/"
},
{
"name": "USN-2381-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2381-1"
},
{
"name": "DSA-3040",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3040"
},
{
"name": "61930",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61930"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
]
}
}

32
2014/7xxx/CVE-2014-7212.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7212",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-7212",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

248
2014/8xxx/CVE-2014-8130.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8130",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2015/01/24/15"
},
{
"name" : "http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt",
"refsource" : "MISC",
"url" : "http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt"
},
{
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2483",
"refsource" : "CONFIRM",
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2483"
},
{
"name" : "http://support.apple.com/kb/HT204941",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT204941"
},
{
"name" : "http://support.apple.com/kb/HT204942",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT204942"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1185817",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1185817"
},
{
"name" : "https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543",
"refsource" : "CONFIRM",
"url" : "https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543"
},
{
"name" : "APPLE-SA-2015-06-30-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
},
{
"name" : "APPLE-SA-2015-06-30-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"name" : "GLSA-201701-16",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-16"
},
{
"name" : "RHSA-2016:1546",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
},
{
"name" : "RHSA-2016:1547",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
},
{
"name" : "72353",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72353"
},
{
"name" : "1032760",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032760"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT204941",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT204941"
},
{
"name": "RHSA-2016:1547",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1547.html"
},
{
"name": "72353",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72353"
},
{
"name": "https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543",
"refsource": "CONFIRM",
"url": "https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543"
},
{
"name": "APPLE-SA-2015-06-30-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"name": "[oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2015/01/24/15"
},
{
"name": "GLSA-201701-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-16"
},
{
"name": "1032760",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032760"
},
{
"name": "http://support.apple.com/kb/HT204942",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT204942"
},
{
"name": "http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt",
"refsource": "MISC",
"url": "http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt"
},
{
"name": "APPLE-SA-2015-06-30-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
},
{
"name": "RHSA-2016:1546",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1546.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1185817",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185817"
},
{
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2483",
"refsource": "CONFIRM",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2483"
}
]
}
}

148
2014/8xxx/CVE-2014-8820.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8820",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8821."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-8820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/HT204244",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/HT204244"
},
{
"name" : "APPLE-SA-2015-01-27-4",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
},
{
"name" : "1031650",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031650"
},
{
"name" : "macosx-cve20148820-priv-esc(100501)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100501"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Intel Graphics Driver in Apple OS X before 10.10.2 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2014-8819 and CVE-2014-8821."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031650",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031650"
},
{
"name": "http://support.apple.com/HT204244",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204244"
},
{
"name": "APPLE-SA-2015-01-27-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
},
{
"name": "macosx-cve20148820-priv-esc(100501)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100501"
}
]
}
}

138
2014/9xxx/CVE-2014-9156.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9156",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not properly check permissions to view files, which allows remote authenticated users with permission to create or edit content to read private files by attaching an uploaded file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.drupal.org/node/2304561",
"refsource" : "MISC",
"url" : "https://www.drupal.org/node/2304561"
},
{
"name" : "http://cgit.drupalcode.org/filefield/commit/?id=3a97fe1",
"refsource" : "CONFIRM",
"url" : "http://cgit.drupalcode.org/filefield/commit/?id=3a97fe1"
},
{
"name" : "https://www.drupal.org/node/2304517",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2304517"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not properly check permissions to view files, which allows remote authenticated users with permission to create or edit content to read private files by attaching an uploaded file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2304517",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2304517"
},
{
"name": "https://www.drupal.org/node/2304561",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2304561"
},
{
"name": "http://cgit.drupalcode.org/filefield/commit/?id=3a97fe1",
"refsource": "CONFIRM",
"url": "http://cgit.drupalcode.org/filefield/commit/?id=3a97fe1"
}
]
}
}

32
2014/9xxx/CVE-2014-9370.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9370",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9370",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2014/9xxx/CVE-2014-9586.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9586",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9586",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2014/9xxx/CVE-2014-9626.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9626",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9626",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

148
2014/9xxx/CVE-2014-9812.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9812",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted ps file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141224 Imagemagick fuzzing bug",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/12/24/1"
},
{
"name" : "[oss-security] 20160602 Re: ImageMagick CVEs",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=f093a3119704fd6d349a9ee32b9f71cabe7d04c8",
"refsource" : "CONFIRM",
"url" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=f093a3119704fd6d349a9ee32b9f71cabe7d04c8"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343468",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343468"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted ps file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160602 Re: ImageMagick CVEs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name": "[oss-security] 20141224 Imagemagick fuzzing bug",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/12/24/1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343468",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343468"
},
{
"name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=f093a3119704fd6d349a9ee32b9f71cabe7d04c8",
"refsource": "CONFIRM",
"url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=f093a3119704fd6d349a9ee32b9f71cabe7d04c8"
}
]
}
}

148
2016/2xxx/CVE-2016-2100.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"ID" : "CVE-2016-2100",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160331 CVE-2016-2100: Foreman private bookmarks can be viewed and edited",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/03/31/2"
},
{
"name" : "http://projects.theforeman.org/issues/13828",
"refsource" : "CONFIRM",
"url" : "http://projects.theforeman.org/issues/13828"
},
{
"name" : "http://theforeman.org/security.html#2016-2100",
"refsource" : "CONFIRM",
"url" : "http://theforeman.org/security.html#2016-2100"
},
{
"name" : "RHBA-2016:1500",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHBA-2016:1500"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHBA-2016:1500",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2016:1500"
},
{
"name": "[oss-security] 20160331 CVE-2016-2100: Foreman private bookmarks can be viewed and edited",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/03/31/2"
},
{
"name": "http://projects.theforeman.org/issues/13828",
"refsource": "CONFIRM",
"url": "http://projects.theforeman.org/issues/13828"
},
{
"name": "http://theforeman.org/security.html#2016-2100",
"refsource": "CONFIRM",
"url": "http://theforeman.org/security.html#2016-2100"
}
]
}
}

468
2016/2xxx/CVE-2016-2178.json
View File

@ -1,237 +1,237 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"ID" : "CVE-2016-2178",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160608 CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/06/08/2"
},
{
"name" : "[oss-security] 20160609 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/06/09/8"
},
{
"name" : "http://eprint.iacr.org/2016/594.pdf",
"refsource" : "MISC",
"url" : "http://eprint.iacr.org/2016/594.pdf"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343400",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343400"
},
{
"name" : "https://git.openssl.org/?p=openssl.git;a=commit;h=399944622df7bd81af62e67ea967c470534090e2",
"refsource" : "CONFIRM",
"url" : "https://git.openssl.org/?p=openssl.git;a=commit;h=399944622df7bd81af62e67ea967c470534090e2"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/",
"refsource" : "CONFIRM",
"url" : "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"name" : "http://www.splunk.com/view/SP-CAAAPSV",
"refsource" : "CONFIRM",
"url" : "http://www.splunk.com/view/SP-CAAAPSV"
},
{
"name" : "http://www.splunk.com/view/SP-CAAAPUE",
"refsource" : "CONFIRM",
"url" : "http://www.splunk.com/view/SP-CAAAPUE"
},
{
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
"refsource" : "CONFIRM",
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"
},
{
"name" : "https://bto.bluecoat.com/security-advisory/sa132",
"refsource" : "CONFIRM",
"url" : "https://bto.bluecoat.com/security-advisory/sa132"
},
{
"name" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312",
"refsource" : "CONFIRM",
"url" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"name" : "https://www.tenable.com/security/tns-2016-16",
"refsource" : "CONFIRM",
"url" : "https://www.tenable.com/security/tns-2016-16"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name" : "https://www.tenable.com/security/tns-2016-20",
"refsource" : "CONFIRM",
"url" : "https://www.tenable.com/security/tns-2016-20"
},
{
"name" : "https://www.tenable.com/security/tns-2016-21",
"refsource" : "CONFIRM",
"url" : "https://www.tenable.com/security/tns-2016-21"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us"
},
{
"name" : "FreeBSD-SA-16:26",
"refsource" : "FREEBSD",
"url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
},
{
"name" : "GLSA-201612-16",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201612-16"
},
{
"name" : "RHSA-2016:1940",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
},
{
"name" : "RHSA-2016:2957",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"name" : "RHSA-2017:0193",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:0193"
},
{
"name" : "RHSA-2017:0194",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:0194"
},
{
"name" : "RHSA-2017:1658",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1658"
},
{
"name" : "RHSA-2017:1659",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
},
{
"name" : "SUSE-SU-2016:2470",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
},
{
"name" : "91081",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91081"
},
{
"name" : "1036054",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036054"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/tns-2016-20",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"name": "http://www.splunk.com/view/SP-CAAAPUE",
"refsource": "CONFIRM",
"url": "http://www.splunk.com/view/SP-CAAAPUE"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "RHSA-2017:1659",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
},
{
"name": "[oss-security] 20160609 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/09/8"
},
{
"name": "RHSA-2017:1658",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1658"
},
{
"name": "RHSA-2016:1940",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"name": "GLSA-201612-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312",
"refsource": "CONFIRM",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us"
},
{
"name": "http://www.splunk.com/view/SP-CAAAPSV",
"refsource": "CONFIRM",
"url": "http://www.splunk.com/view/SP-CAAAPSV"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/",
"refsource": "CONFIRM",
"url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
},
{
"name": "https://www.tenable.com/security/tns-2016-16",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-16"
},
{
"name": "https://www.tenable.com/security/tns-2016-21",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-21"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "https://git.openssl.org/?p=openssl.git;a=commit;h=399944622df7bd81af62e67ea967c470534090e2",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/?p=openssl.git;a=commit;h=399944622df7bd81af62e67ea967c470534090e2"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "91081",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91081"
},
{
"name": "RHSA-2017:0194",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0194"
},
{
"name": "[oss-security] 20160608 CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/08/2"
},
{
"name": "RHSA-2017:0193",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0193"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343400",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343400"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"name": "RHSA-2016:2957",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa132",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa132"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "FreeBSD-SA-16:26",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
},
{
"name": "SUSE-SU-2016:2470",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
},
{
"name": "1036054",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036054"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"
},
{
"name": "http://eprint.iacr.org/2016/594.pdf",
"refsource": "MISC",
"url": "http://eprint.iacr.org/2016/594.pdf"
}
]
}
}

32
2016/2xxx/CVE-2016-2731.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2731",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2731",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

32
2016/6xxx/CVE-2016-6086.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6086",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6086",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

148
2016/6xxx/CVE-2016-6609.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6609",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180706 [SECURITY] [DLA 1415-1] phpmyadmin security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html"
},
{
"name" : "https://www.phpmyadmin.net/security/PMASA-2016-32",
"refsource" : "CONFIRM",
"url" : "https://www.phpmyadmin.net/security/PMASA-2016-32"
},
{
"name" : "GLSA-201701-32",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-32"
},
{
"name" : "94112",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94112"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94112",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94112"
},
{
"name": "https://www.phpmyadmin.net/security/PMASA-2016-32",
"refsource": "CONFIRM",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-32"
},
{
"name": "[debian-lts-announce] 20180706 [SECURITY] [DLA 1415-1] phpmyadmin security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html"
},
{
"name": "GLSA-201701-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-32"
}
]
}
}

148
2016/7xxx/CVE-2016-7044.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7044",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://irssi.org/security/irssi_sa_2016.txt",
"refsource" : "CONFIRM",
"url" : "https://irssi.org/security/irssi_sa_2016.txt"
},
{
"name" : "DSA-3672",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3672"
},
{
"name" : "USN-3086-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3086-1"
},
{
"name" : "1036868",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036868"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3672",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3672"
},
{
"name": "https://irssi.org/security/irssi_sa_2016.txt",
"refsource": "CONFIRM",
"url": "https://irssi.org/security/irssi_sa_2016.txt"
},
{
"name": "1036868",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036868"
},
{
"name": "USN-3086-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3086-1"
}
]
}
}

188
2016/7xxx/CVE-2016-7154.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7154",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.c7zero.info/stuff/csw2017_ExploringYourSystemDeeper_updated.pdf",
"refsource" : "MISC",
"url" : "http://www.c7zero.info/stuff/csw2017_ExploringYourSystemDeeper_updated.pdf"
},
{
"name" : "http://support.citrix.com/article/CTX216071",
"refsource" : "CONFIRM",
"url" : "http://support.citrix.com/article/CTX216071"
},
{
"name" : "http://xenbits.xen.org/xsa/advisory-188.html",
"refsource" : "CONFIRM",
"url" : "http://xenbits.xen.org/xsa/advisory-188.html"
},
{
"name" : "http://xenbits.xen.org/xsa/xsa188.patch",
"refsource" : "CONFIRM",
"url" : "http://xenbits.xen.org/xsa/xsa188.patch"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name" : "DSA-3663",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3663"
},
{
"name" : "92863",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92863"
},
{
"name" : "1036754",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036754"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "92863",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92863"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-188.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-188.html"
},
{
"name": "DSA-3663",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3663"
},
{
"name": "http://xenbits.xen.org/xsa/xsa188.patch",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/xsa188.patch"
},
{
"name": "http://www.c7zero.info/stuff/csw2017_ExploringYourSystemDeeper_updated.pdf",
"refsource": "MISC",
"url": "http://www.c7zero.info/stuff/csw2017_ExploringYourSystemDeeper_updated.pdf"
},
{
"name": "http://support.citrix.com/article/CTX216071",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX216071"
},
{
"name": "1036754",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036754"
}
]
}
}

168
2016/7xxx/CVE-2016-7392.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7392",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the pstoedit_suffix_table_init function in output-pstoedit.c in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted bmp image file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160910 Re: autotrace: out-of-bounds write",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/09/10/3"
},
{
"name" : "[oss-security] 20160913 Re: autotrace: out-of-bounds write",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/09/12/7"
},
{
"name" : "https://blogs.gentoo.org/ago/2016/09/10/autotrace-heap-based-buffer-overflow-in-pstoedit_suffix_table_init-output-pstoedit-c/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2016/09/10/autotrace-heap-based-buffer-overflow-in-pstoedit_suffix_table_init-output-pstoedit-c/"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1375255",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1375255"
},
{
"name" : "GLSA-201708-09",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201708-09"
},
{
"name" : "92907",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92907"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the pstoedit_suffix_table_init function in output-pstoedit.c in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted bmp image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201708-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201708-09"
},
{
"name": "https://blogs.gentoo.org/ago/2016/09/10/autotrace-heap-based-buffer-overflow-in-pstoedit_suffix_table_init-output-pstoedit-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2016/09/10/autotrace-heap-based-buffer-overflow-in-pstoedit_suffix_table_init-output-pstoedit-c/"
},
{
"name": "[oss-security] 20160910 Re: autotrace: out-of-bounds write",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/10/3"
},
{
"name": "92907",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92907"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1375255",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375255"
},
{
"name": "[oss-security] 20160913 Re: autotrace: out-of-bounds write",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/12/7"
}
]
}
}

198
2017/1001xxx/CVE-2017-1001000.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1001000",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a numeric value and a non-numeric value, as demonstrated by the wp-json/wp/v2/posts/123?id=123helloworld URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "josh@bress.net",
"ID": "CVE-2017-1001000",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170210 Re: Asking for a CVE id for the WordPress Privilege Escalation vulnerability (4.7/4.7.1)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/02/10/16"
},
{
"name" : "https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html",
"refsource" : "MISC",
"url" : "https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html"
},
{
"name" : "https://blogs.akamai.com/2017/02/wordpress-web-api-vulnerability.html",
"refsource" : "MISC",
"url" : "https://blogs.akamai.com/2017/02/wordpress-web-api-vulnerability.html"
},
{
"name" : "https://gist.github.com/leonjza/2244eb15510a0687ed93160c623762ab",
"refsource" : "MISC",
"url" : "https://gist.github.com/leonjza/2244eb15510a0687ed93160c623762ab"
},
{
"name" : "https://codex.wordpress.org/Version_4.7.2",
"refsource" : "CONFIRM",
"url" : "https://codex.wordpress.org/Version_4.7.2"
},
{
"name" : "https://github.com/WordPress/WordPress/commit/e357195ce303017d517aff944644a7a1232926f7",
"refsource" : "CONFIRM",
"url" : "https://github.com/WordPress/WordPress/commit/e357195ce303017d517aff944644a7a1232926f7"
},
{
"name" : "https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/",
"refsource" : "CONFIRM",
"url" : "https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/"
},
{
"name" : "https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/"
},
{
"name" : "1037731",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037731"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a numeric value and a non-numeric value, as demonstrated by the wp-json/wp/v2/posts/123?id=123helloworld URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codex.wordpress.org/Version_4.7.2",
"refsource": "CONFIRM",
"url": "https://codex.wordpress.org/Version_4.7.2"
},
{
"name": "https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/",
"refsource": "CONFIRM",
"url": "https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/"
},
{
"name": "https://blogs.akamai.com/2017/02/wordpress-web-api-vulnerability.html",
"refsource": "MISC",
"url": "https://blogs.akamai.com/2017/02/wordpress-web-api-vulnerability.html"
},
{
"name": "https://gist.github.com/leonjza/2244eb15510a0687ed93160c623762ab",
"refsource": "MISC",
"url": "https://gist.github.com/leonjza/2244eb15510a0687ed93160c623762ab"
},
{
"name": "https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html",
"refsource": "MISC",
"url": "https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html"
},
{
"name": "https://github.com/WordPress/WordPress/commit/e357195ce303017d517aff944644a7a1232926f7",
"refsource": "CONFIRM",
"url": "https://github.com/WordPress/WordPress/commit/e357195ce303017d517aff944644a7a1232926f7"
},
{
"name": "https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/"
},
{
"name": "[oss-security] 20170210 Re: Asking for a CVE id for the WordPress Privilege Escalation vulnerability (4.7/4.7.1)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/10/16"
},
{
"name": "1037731",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037731"
}
]
}
}

118
2017/5xxx/CVE-2017-5250.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@rapid7.com",
"ID" : "CVE-2017-5250",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Insteon for Hub",
"version" : {
"version_data" : [
{
"version_value" : "1.9.7"
}
]
}
}
]
},
"vendor_name" : "Insteon"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-922 (Insecure Storage of Sensitive Information)"
}
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2017-5250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Insteon for Hub",
"version": {
"version_data": [
{
"version_value": "1.9.7"
}
]
}
}
]
},
"vendor_name": "Insteon"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blog.rapid7.com/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/",
"refsource" : "MISC",
"url" : "https://blog.rapid7.com/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-922 (Insecure Storage of Sensitive Information)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.rapid7.com/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/"
}
]
}
}

188
2017/5xxx/CVE-2017-5493.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5493",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170114 Re: CVE Request: Wordpress: 8 security issues in 4.7",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/14/6"
},
{
"name" : "https://wpvulndb.com/vulnerabilities/8721",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/8721"
},
{
"name" : "https://codex.wordpress.org/Version_4.7.1",
"refsource" : "CONFIRM",
"url" : "https://codex.wordpress.org/Version_4.7.1"
},
{
"name" : "https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4",
"refsource" : "CONFIRM",
"url" : "https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4"
},
{
"name" : "https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/"
},
{
"name" : "DSA-3779",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3779"
},
{
"name" : "95401",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95401"
},
{
"name" : "1037591",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037591"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8721",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8721"
},
{
"name": "95401",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95401"
},
{
"name": "DSA-3779",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3779"
},
{
"name": "https://codex.wordpress.org/Version_4.7.1",
"refsource": "CONFIRM",
"url": "https://codex.wordpress.org/Version_4.7.1"
},
{
"name": "[oss-security] 20170114 Re: CVE Request: Wordpress: 8 security issues in 4.7",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/14/6"
},
{
"name": "1037591",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037591"
},
{
"name": "https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4",
"refsource": "CONFIRM",
"url": "https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4"
},
{
"name": "https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/"
}
]
}
}

138
2017/5xxx/CVE-2017-5586.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5586",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons Collections (ACC) libraries."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41366",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41366/"
},
{
"name" : "http://packetstormsecurity.com/files/141105/OpenText-Documentum-D2-4.x-Remote-Code-Execution.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/141105/OpenText-Documentum-D2-4.x-Remote-Code-Execution.html"
},
{
"name" : "96216",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96216"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons Collections (ACC) libraries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/141105/OpenText-Documentum-D2-4.x-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/141105/OpenText-Documentum-D2-4.x-Remote-Code-Execution.html"
},
{
"name": "41366",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41366/"
},
{
"name": "96216",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96216"
}
]
}
}