admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:26:38 +00:00
parent 4154911832
commit 8ab6bbb094
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
52 changed files with 3964 additions and 3964 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

180
2006/0xxx/CVE-2006-0193.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0193",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Hosting Control Panel (psoft.hsphere.CP) in Positive Software H-Sphere 2.4.3 Patch 8 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter in a login action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060112 H-Sphere Security Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/421704/100/0/threaded"
},
{
"name" : "http://www.psoft.net/HSdocumentation/versions/?v=all&p=r",
"refsource" : "CONFIRM",
"url" : "http://www.psoft.net/HSdocumentation/versions/?v=all&p=r"
},
{
"name" : "http://www.psoft.net/HSdocumentation/versions/index.php?v=243p9&p=r",
"refsource" : "CONFIRM",
"url" : "http://www.psoft.net/HSdocumentation/versions/index.php?v=243p9&p=r"
},
{
"name" : "ADV-2006-0172",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0172"
},
{
"name" : "22372",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22372"
},
{
"name" : "18447",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18447"
},
{
"name" : "hsphere-login-xss(24096)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24096"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Hosting Control Panel (psoft.hsphere.CP) in Positive Software H-Sphere 2.4.3 Patch 8 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter in a login action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22372",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22372"
},
{
"name": "http://www.psoft.net/HSdocumentation/versions/index.php?v=243p9&p=r",
"refsource": "CONFIRM",
"url": "http://www.psoft.net/HSdocumentation/versions/index.php?v=243p9&p=r"
},
{
"name": "ADV-2006-0172",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0172"
},
{
"name": "20060112 H-Sphere Security Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421704/100/0/threaded"
},
{
"name": "hsphere-login-xss(24096)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24096"
},
{
"name": "18447",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18447"
},
{
"name": "http://www.psoft.net/HSdocumentation/versions/?v=all&p=r",
"refsource": "CONFIRM",
"url": "http://www.psoft.net/HSdocumentation/versions/?v=all&p=r"
}
]
}
}

160
2006/0xxx/CVE-2006-0229.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0229",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unquoted Windows search path vulnerability in Wehntrust might allow local users to gain privileges via a malicious \"program.exe\" file in the C: folder, which is run when Wehntrust creates the autostart key."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060116 WehnTrust - When you have to trust Wehntrust",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/422020/100/0/threaded"
},
{
"name" : "20060116 Re: [Full-disclosure] WehnTrust - When you have to trust Wehntrust",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/422046/100/0/threaded"
},
{
"name" : "http://www.wehnus.com/downloads.pl",
"refsource" : "MISC",
"url" : "http://www.wehnus.com/downloads.pl"
},
{
"name" : "16268",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16268"
},
{
"name" : "wehntrust-service-start-file-execution(24315)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24315"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unquoted Windows search path vulnerability in Wehntrust might allow local users to gain privileges via a malicious \"program.exe\" file in the C: folder, which is run when Wehntrust creates the autostart key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060116 WehnTrust - When you have to trust Wehntrust",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422020/100/0/threaded"
},
{
"name": "wehntrust-service-start-file-execution(24315)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24315"
},
{
"name": "16268",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16268"
},
{
"name": "20060116 Re: [Full-disclosure] WehnTrust - When you have to trust Wehntrust",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422046/100/0/threaded"
},
{
"name": "http://www.wehnus.com/downloads.pl",
"refsource": "MISC",
"url": "http://www.wehnus.com/downloads.pl"
}
]
}
}

350
2006/3xxx/CVE-2006-3468.json
View File

@ -1,177 +1,177 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3468",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Linux kernel 2.6.x, when using both NFS and EXT3, allows remote attackers to cause a denial of service (file system panic) via a crafted UDP packet with a V2 lookup procedure that specifies a bad file handle (inode number), which triggers an error and causes an exported directory to be remounted read-only."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-3468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://lkml.org/lkml/2006/7/17/41",
"refsource" : "MISC",
"url" : "http://lkml.org/lkml/2006/7/17/41"
},
{
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=199172",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=199172"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm"
},
{
"name" : "DSA-1184",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1184"
},
{
"name" : "MDKSA-2006:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:150"
},
{
"name" : "MDKSA-2006:151",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:151"
},
{
"name" : "RHSA-2006:0617",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0617.html"
},
{
"name" : "SUSE-SR:2006:021",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_21_sr.html"
},
{
"name" : "SUSE-SR:2006:022",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_22_sr.html"
},
{
"name" : "SUSE-SA:2006:057",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_57_kernel.html"
},
{
"name" : "SUSE-SA:2006:064",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_64_kernel.html"
},
{
"name" : "2006-0046",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2006/0046/"
},
{
"name" : "USN-346-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-346-1"
},
{
"name" : "19396",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19396"
},
{
"name" : "oval:org.mitre.oval:def:9809",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9809"
},
{
"name" : "21369",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21369"
},
{
"name" : "21605",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21605"
},
{
"name" : "21614",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21614"
},
{
"name" : "22093",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22093"
},
{
"name" : "22174",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22174"
},
{
"name" : "21847",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21847"
},
{
"name" : "21934",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21934"
},
{
"name" : "22148",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22148"
},
{
"name" : "22822",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22822"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linux kernel 2.6.x, when using both NFS and EXT3, allows remote attackers to cause a denial of service (file system panic) via a crafted UDP packet with a V2 lookup procedure that specifies a bad file handle (inode number), which triggers an error and causes an exported directory to be remounted read-only."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21934",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21934"
},
{
"name": "oval:org.mitre.oval:def:9809",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9809"
},
{
"name": "21847",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21847"
},
{
"name": "RHSA-2006:0617",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0617.html"
},
{
"name": "21605",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21605"
},
{
"name": "MDKSA-2006:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:150"
},
{
"name": "http://lkml.org/lkml/2006/7/17/41",
"refsource": "MISC",
"url": "http://lkml.org/lkml/2006/7/17/41"
},
{
"name": "MDKSA-2006:151",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:151"
},
{
"name": "21614",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21614"
},
{
"name": "SUSE-SA:2006:064",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_64_kernel.html"
},
{
"name": "21369",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21369"
},
{
"name": "19396",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19396"
},
{
"name": "22174",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22174"
},
{
"name": "22822",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22822"
},
{
"name": "22148",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22148"
},
{
"name": "USN-346-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-346-1"
},
{
"name": "SUSE-SR:2006:021",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_21_sr.html"
},
{
"name": "SUSE-SR:2006:022",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_22_sr.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm"
},
{
"name": "2006-0046",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0046/"
},
{
"name": "22093",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22093"
},
{
"name": "DSA-1184",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1184"
},
{
"name": "SUSE-SA:2006:057",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_57_kernel.html"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=199172",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=199172"
}
]
}
}

230
2006/3xxx/CVE-2006-3699.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3699",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5 and 9.2.0.6 has unknown impact and attack vectors, aka Oracle Vuln# DB02."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html"
},
{
"name" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html",
"refsource" : "MISC",
"url" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html"
},
{
"name" : "HPSBMA02133",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
},
{
"name" : "SSRT061201",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
},
{
"name" : "TA06-200A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-200A.html"
},
{
"name" : "19054",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19054"
},
{
"name" : "ADV-2006-2863",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2863"
},
{
"name" : "ADV-2006-2947",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2947"
},
{
"name" : "1016529",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016529"
},
{
"name" : "21111",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21111"
},
{
"name" : "21165",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21165"
},
{
"name" : "oracle-cpu-july-2006(27897)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5 and 9.2.0.6 has unknown impact and attack vectors, aka Oracle Vuln# DB02."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016529",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016529"
},
{
"name": "19054",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19054"
},
{
"name": "oracle-cpu-july-2006(27897)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897"
},
{
"name": "21165",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21165"
},
{
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
},
{
"name": "ADV-2006-2947",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2947"
},
{
"name": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html"
},
{
"name": "SSRT061201",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded"
},
{
"name": "TA06-200A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-200A.html"
},
{
"name": "21111",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21111"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html"
},
{
"name": "ADV-2006-2863",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2863"
}
]
}
}

160
2006/3xxx/CVE-2006-3760.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3760",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.4 allow remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://community.mybboard.net/showthread.php?tid=10115",
"refsource" : "CONFIRM",
"url" : "http://community.mybboard.net/showthread.php?tid=10115"
},
{
"name" : "http://www.mybboard.com/archive.php?nid=15",
"refsource" : "CONFIRM",
"url" : "http://www.mybboard.com/archive.php?nid=15"
},
{
"name" : "26811",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26811"
},
{
"name" : "20873",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20873"
},
{
"name" : "mybb-unspecified-sql-injection(27483)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27483"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.4 allow remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://community.mybboard.net/showthread.php?tid=10115",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/showthread.php?tid=10115"
},
{
"name": "26811",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26811"
},
{
"name": "http://www.mybboard.com/archive.php?nid=15",
"refsource": "CONFIRM",
"url": "http://www.mybboard.com/archive.php?nid=15"
},
{
"name": "mybb-unspecified-sql-injection(27483)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27483"
},
{
"name": "20873",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20873"
}
]
}
}

180
2006/3xxx/CVE-2006-3781.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-3781",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Sun Solaris 10 allows context-dependent attackers to cause a denial of service (panic) via unspecified vectors involving the event port API."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3781",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "102485",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102485-1"
},
{
"name" : "19081",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19081"
},
{
"name" : "ADV-2006-2885",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2885"
},
{
"name" : "oval:org.mitre.oval:def:2078",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2078"
},
{
"name" : "1016542",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016542"
},
{
"name" : "21132",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21132"
},
{
"name" : "solaris-event-api-dos(27843)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27843"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Sun Solaris 10 allows context-dependent attackers to cause a denial of service (panic) via unspecified vectors involving the event port API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016542",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016542"
},
{
"name": "solaris-event-api-dos(27843)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27843"
},
{
"name": "21132",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21132"
},
{
"name": "102485",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102485-1"
},
{
"name": "19081",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19081"
},
{
"name": "ADV-2006-2885",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2885"
},
{
"name": "oval:org.mitre.oval:def:2078",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2078"
}
]
}
}

170
2006/4xxx/CVE-2006-4707.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4707",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF])."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060830 [KAPDA]MyBB 1.1.7 ~ admin/global.php ~ XSS Attack",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/444782/100/100/threaded"
},
{
"name" : "http://myimei.com/security/2006-08-17/mybb-117-adminglobalphp-xss-attack.html",
"refsource" : "MISC",
"url" : "http://myimei.com/security/2006-08-17/mybb-117-adminglobalphp-xss-attack.html"
},
{
"name" : "http://www.mybboard.com/archive.php?nid=18",
"refsource" : "CONFIRM",
"url" : "http://www.mybboard.com/archive.php?nid=18"
},
{
"name" : "ADV-2006-3418",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3418"
},
{
"name" : "21697",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21697"
},
{
"name" : "1540",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1540"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF])."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1540",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1540"
},
{
"name": "21697",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21697"
},
{
"name": "ADV-2006-3418",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3418"
},
{
"name": "http://myimei.com/security/2006-08-17/mybb-117-adminglobalphp-xss-attack.html",
"refsource": "MISC",
"url": "http://myimei.com/security/2006-08-17/mybb-117-adminglobalphp-xss-attack.html"
},
{
"name": "20060830 [KAPDA]MyBB 1.1.7 ~ admin/global.php ~ XSS Attack",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444782/100/100/threaded"
},
{
"name": "http://www.mybboard.com/archive.php?nid=18",
"refsource": "CONFIRM",
"url": "http://www.mybboard.com/archive.php?nid=18"
}
]
}
}

170
2006/4xxx/CVE-2006-4917.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4917",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in search.php in PT News 1.7.8 allows remote attackers to inject arbitrary web script or HTML via the pgname parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060918 PT News 1.7.8 (Search.php) XSS Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446417/100/0/threaded"
},
{
"name" : "20090",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20090"
},
{
"name" : "ADV-2006-3713",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3713"
},
{
"name" : "22028",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22028"
},
{
"name" : "1612",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1612"
},
{
"name" : "ptnews-search-xss(29043)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29043"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in search.php in PT News 1.7.8 allows remote attackers to inject arbitrary web script or HTML via the pgname parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1612",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1612"
},
{
"name": "20060918 PT News 1.7.8 (Search.php) XSS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446417/100/0/threaded"
},
{
"name": "ptnews-search-xss(29043)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29043"
},
{
"name": "ADV-2006-3713",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3713"
},
{
"name": "22028",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22028"
},
{
"name": "20090",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20090"
}
]
}
}

170
2006/6xxx/CVE-2006-6167.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6167",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in L. Brandon Stone and Nathanial P. Hendler Active PHP Bookmarks (APB) 1.1.02 allow remote attackers to execute arbitrary PHP code via a URL in the APB_SETTINGS['apb_path'] parameter in (1) apb_common.php or (2) apb.php. NOTE: CVE and another third party dispute this vulnerability because these PHP scripts exit if the attack vectors are present in GPC variables."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061123 Active PHP Bookmarks (apb.php) Remote file include",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/452490/100/0/threaded"
},
{
"name" : "20061124 Re: Active PHP Bookmarks (apb.php) Remote file include",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/452559/100/0/threaded"
},
{
"name" : "23670",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23670"
},
{
"name" : "21263",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21263"
},
{
"name" : "31956",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/31956"
},
{
"name" : "apb-apbpath-file-include(30518)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30518"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in L. Brandon Stone and Nathanial P. Hendler Active PHP Bookmarks (APB) 1.1.02 allow remote attackers to execute arbitrary PHP code via a URL in the APB_SETTINGS['apb_path'] parameter in (1) apb_common.php or (2) apb.php. NOTE: CVE and another third party dispute this vulnerability because these PHP scripts exit if the attack vectors are present in GPC variables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "apb-apbpath-file-include(30518)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30518"
},
{
"name": "23670",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23670"
},
{
"name": "21263",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21263"
},
{
"name": "31956",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/31956"
},
{
"name": "20061123 Active PHP Bookmarks (apb.php) Remote file include",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452490/100/0/threaded"
},
{
"name": "20061124 Re: Active PHP Bookmarks (apb.php) Remote file include",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452559/100/0/threaded"
}
]
}
}

200
2006/6xxx/CVE-2006-6442.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-6442",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the SetClientInfo function in the CDDBControlAOL.CDDBAOLControl ActiveX control (cddbcontrol.dll), as used in America Online (AOL) 7.0 4114.563, 8.0 4129.230, and 9.0 Security Edition 4156.910, and possibly other products, allows remote attackers to execute arbitrary code via a long ClientId argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6442",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061211 Secunia Research: AOL CDDBControl ActiveX Control\"SetClientInfo()\" Buffer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/454105/100/0/threaded"
},
{
"name" : "20061211 Secunia Research: AOL CDDBControl ActiveX Control \"SetClientInfo()\" Buffer Overflow",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051230.html"
},
{
"name" : "20061211 GraceNote CDDBControl (CVE-2006-3134) = CDDBAOLControl (CVE-2006-6442)",
"refsource" : "VIM",
"url" : "http://attrition.org/pipermail/vim/2006-December/001173.html"
},
{
"name" : "http://secunia.com/secunia_research/2006-69/advisory/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2006-69/advisory/"
},
{
"name" : "21488",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21488"
},
{
"name" : "ADV-2006-4904",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4904"
},
{
"name" : "1017357",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017357"
},
{
"name" : "23043",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23043"
},
{
"name" : "aol-cddbcontrol-bo(30790)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30790"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the SetClientInfo function in the CDDBControlAOL.CDDBAOLControl ActiveX control (cddbcontrol.dll), as used in America Online (AOL) 7.0 4114.563, 8.0 4129.230, and 9.0 Security Edition 4156.910, and possibly other products, allows remote attackers to execute arbitrary code via a long ClientId argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4904",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4904"
},
{
"name": "21488",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21488"
},
{
"name": "20061211 Secunia Research: AOL CDDBControl ActiveX Control\"SetClientInfo()\" Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454105/100/0/threaded"
},
{
"name": "1017357",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017357"
},
{
"name": "23043",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23043"
},
{
"name": "aol-cddbcontrol-bo(30790)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30790"
},
{
"name": "20061211 Secunia Research: AOL CDDBControl ActiveX Control \"SetClientInfo()\" Buffer Overflow",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051230.html"
},
{
"name": "http://secunia.com/secunia_research/2006-69/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2006-69/advisory/"
},
{
"name": "20061211 GraceNote CDDBControl (CVE-2006-3134) = CDDBAOLControl (CVE-2006-6442)",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-December/001173.html"
}
]
}
}

120
2010/2xxx/CVE-2010-2096.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2096",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in CMSQlite 1.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://php-security.org/2010/05/15/mops-2010-030-cmsqlite-mod-parameter-local-file-inclusion-vulnerability/index.html",
"refsource" : "MISC",
"url" : "http://php-security.org/2010/05/15/mops-2010-030-cmsqlite-mod-parameter-local-file-inclusion-vulnerability/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in CMSQlite 1.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://php-security.org/2010/05/15/mops-2010-030-cmsqlite-mod-parameter-local-file-inclusion-vulnerability/index.html",
"refsource": "MISC",
"url": "http://php-security.org/2010/05/15/mops-2010-030-cmsqlite-mod-parameter-local-file-inclusion-vulnerability/index.html"
}
]
}
}

130
2010/2xxx/CVE-2010-2827.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2827",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS 15.1(2)T allows remote attackers to cause a denial of service (resource consumption and TCP outage) via spoofed TCP packets, related to embryonic TCP connections that remain in the SYN_RCVD or SYN_SENT state, aka Bug ID CSCti18193."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-2827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100812 Cisco IOS Software TCP Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4095e.shtml"
},
{
"name" : "42426",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/42426"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS 15.1(2)T allows remote attackers to cause a denial of service (resource consumption and TCP outage) via spoofed TCP packets, related to embryonic TCP connections that remain in the SYN_RCVD or SYN_SENT state, aka Bug ID CSCti18193."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100812 Cisco IOS Software TCP Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4095e.shtml"
},
{
"name": "42426",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42426"
}
]
}
}

160
2010/2xxx/CVE-2010-2847.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2847",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allow remote attackers to execute arbitrary SQL commands via the viewform parameter in a (1) ferforms or (2) tferforms action to index.php, and the (3) id parameter in a vferforms action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100707 ArtForms 2.1b7.2 RC2 Joomla Component Multiple Remote Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/512215/100/0/threaded"
},
{
"name" : "14263",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14263"
},
{
"name" : "http://packetstormsecurity.org/1007-exploits/joomlaartforms-sqltraversalxss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1007-exploits/joomlaartforms-sqltraversalxss.txt"
},
{
"name" : "41457",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41457"
},
{
"name" : "artforms-index-sql-injection(60160)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60160"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allow remote attackers to execute arbitrary SQL commands via the viewform parameter in a (1) ferforms or (2) tferforms action to index.php, and the (3) id parameter in a vferforms action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41457"
},
{
"name": "20100707 ArtForms 2.1b7.2 RC2 Joomla Component Multiple Remote Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/512215/100/0/threaded"
},
{
"name": "14263",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14263"
},
{
"name": "artforms-index-sql-injection(60160)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60160"
},
{
"name": "http://packetstormsecurity.org/1007-exploits/joomlaartforms-sqltraversalxss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1007-exploits/joomlaartforms-sqltraversalxss.txt"
}
]
}
}

190
2010/2xxx/CVE-2010-2849.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2849",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in productionnu2/nuedit.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to inject arbitrary web script or HTML via the f parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://cross-site-scripting.blogspot.com/2010/07/nubuilder-100420-reflected-xss.html",
"refsource" : "MISC",
"url" : "http://cross-site-scripting.blogspot.com/2010/07/nubuilder-100420-reflected-xss.html"
},
{
"name" : "http://packetstormsecurity.org/1007-exploits/nubuilder-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1007-exploits/nubuilder-xss.txt"
},
{
"name" : "http://www.nubuilder.com/nubuilderwww/change.php?changelog_id=14c3d1ea2a9fab",
"refsource" : "CONFIRM",
"url" : "http://www.nubuilder.com/nubuilderwww/change.php?changelog_id=14c3d1ea2a9fab"
},
{
"name" : "41404",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41404"
},
{
"name" : "66005",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/66005"
},
{
"name" : "40483",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40483"
},
{
"name" : "ADV-2010-1726",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1726"
},
{
"name" : "nubuilder-nuedit-xss(60137)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60137"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in productionnu2/nuedit.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to inject arbitrary web script or HTML via the f parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41404",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41404"
},
{
"name": "http://www.nubuilder.com/nubuilderwww/change.php?changelog_id=14c3d1ea2a9fab",
"refsource": "CONFIRM",
"url": "http://www.nubuilder.com/nubuilderwww/change.php?changelog_id=14c3d1ea2a9fab"
},
{
"name": "40483",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40483"
},
{
"name": "nubuilder-nuedit-xss(60137)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60137"
},
{
"name": "http://packetstormsecurity.org/1007-exploits/nubuilder-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1007-exploits/nubuilder-xss.txt"
},
{
"name": "http://cross-site-scripting.blogspot.com/2010/07/nubuilder-100420-reflected-xss.html",
"refsource": "MISC",
"url": "http://cross-site-scripting.blogspot.com/2010/07/nubuilder-100420-reflected-xss.html"
},
{
"name": "66005",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/66005"
},
{
"name": "ADV-2010-1726",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1726"
}
]
}
}

330
2010/2xxx/CVE-2010-2949.json
View File

@ -1,167 +1,167 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2949",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "bgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS path attribute in a BGP UPDATE message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100824 CVE Request -- Quagga (bgpd) [two ids] -- 1, Stack buffer overflow by processing crafted Refresh-Route msgs 2, NULL ptr deref by parsing certain AS paths by BGP update request",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/08/24/3"
},
{
"name" : "[oss-security] 20100825 Re: CVE Request -- Quagga (bgpd) [two ids] -- 1, Stack buffer overflow by processing crafted Refresh-Route msgs 2, NULL ptr deref by parsing certain AS paths by BGP update request",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/08/25/4"
},
{
"name" : "http://code.quagga.net/?p=quagga.git;a=commit;h=cddb8112b80fa9867156c637d63e6e79eeac67bb",
"refsource" : "CONFIRM",
"url" : "http://code.quagga.net/?p=quagga.git;a=commit;h=cddb8112b80fa9867156c637d63e6e79eeac67bb"
},
{
"name" : "http://www.quagga.net/news2.php?y=2010&m=8&d=19",
"refsource" : "CONFIRM",
"url" : "http://www.quagga.net/news2.php?y=2010&m=8&d=19"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=626795",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=626795"
},
{
"name" : "DSA-2104",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2104"
},
{
"name" : "GLSA-201202-02",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"name" : "MDVSA-2010:174",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:174"
},
{
"name" : "RHSA-2010:0945",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0945.html"
},
{
"name" : "SUSE-SR:2010:022",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
},
{
"name" : "SUSE-SU-2011:1316",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"name" : "USN-1027-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1027-1"
},
{
"name" : "42642",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/42642"
},
{
"name" : "41038",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41038"
},
{
"name" : "41238",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41238"
},
{
"name" : "42397",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42397"
},
{
"name" : "42446",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42446"
},
{
"name" : "42498",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42498"
},
{
"name" : "48106",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48106"
},
{
"name" : "ADV-2010-2304",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2304"
},
{
"name" : "ADV-2010-3097",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3097"
},
{
"name" : "ADV-2010-3124",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3124"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS path attribute in a BGP UPDATE message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-2304",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2304"
},
{
"name": "42498",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42498"
},
{
"name": "[oss-security] 20100824 CVE Request -- Quagga (bgpd) [two ids] -- 1, Stack buffer overflow by processing crafted Refresh-Route msgs 2, NULL ptr deref by parsing certain AS paths by BGP update request",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/08/24/3"
},
{
"name": "41238",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41238"
},
{
"name": "SUSE-SR:2010:022",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
},
{
"name": "42642",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42642"
},
{
"name": "41038",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41038"
},
{
"name": "GLSA-201202-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201202-02.xml"
},
{
"name": "42397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42397"
},
{
"name": "DSA-2104",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2104"
},
{
"name": "USN-1027-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1027-1"
},
{
"name": "42446",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42446"
},
{
"name": "SUSE-SU-2011:1316",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html"
},
{
"name": "http://code.quagga.net/?p=quagga.git;a=commit;h=cddb8112b80fa9867156c637d63e6e79eeac67bb",
"refsource": "CONFIRM",
"url": "http://code.quagga.net/?p=quagga.git;a=commit;h=cddb8112b80fa9867156c637d63e6e79eeac67bb"
},
{
"name": "MDVSA-2010:174",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:174"
},
{
"name": "48106",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48106"
},
{
"name": "ADV-2010-3097",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3097"
},
{
"name": "[oss-security] 20100825 Re: CVE Request -- Quagga (bgpd) [two ids] -- 1, Stack buffer overflow by processing crafted Refresh-Route msgs 2, NULL ptr deref by parsing certain AS paths by BGP update request",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/08/25/4"
},
{
"name": "RHSA-2010:0945",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0945.html"
},
{
"name": "http://www.quagga.net/news2.php?y=2010&m=8&d=19",
"refsource": "CONFIRM",
"url": "http://www.quagga.net/news2.php?y=2010&m=8&d=19"
},
{
"name": "ADV-2010-3124",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3124"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=626795",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=626795"
}
]
}
}

160
2010/3xxx/CVE-2010-3020.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3020",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The news-feed preview feature in Opera before 10.61 does not properly remove scripts, which allows remote attackers to force subscriptions to arbitrary feeds via crafted content."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.opera.com/docs/changelogs/mac/1061/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/mac/1061/"
},
{
"name" : "http://www.opera.com/docs/changelogs/unix/1061/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/unix/1061/"
},
{
"name" : "http://www.opera.com/docs/changelogs/windows/1061/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/windows/1061/"
},
{
"name" : "http://www.opera.com/support/kb/view/968/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/support/kb/view/968/"
},
{
"name" : "oval:org.mitre.oval:def:12073",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12073"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The news-feed preview feature in Opera before 10.61 does not properly remove scripts, which allows remote attackers to force subscriptions to arbitrary feeds via crafted content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.opera.com/docs/changelogs/unix/1061/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/unix/1061/"
},
{
"name": "oval:org.mitre.oval:def:12073",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12073"
},
{
"name": "http://www.opera.com/docs/changelogs/mac/1061/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/mac/1061/"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/1061/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/1061/"
},
{
"name": "http://www.opera.com/support/kb/view/968/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/kb/view/968/"
}
]
}
}

150
2010/3xxx/CVE-2010-3483.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3483",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "cms_write.php in Primitive CMS 1.0.9 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request. NOTE: this vulnerability can be leveraged to conduct cross-site scripting attacks, as demonstrated using the (1) title, (2) content, and (3) menutitle parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15064",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15064"
},
{
"name" : "http://packetstormsecurity.org/1009-exploits/primitive-sqlxss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1009-exploits/primitive-sqlxss.txt"
},
{
"name" : "41515",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41515"
},
{
"name" : "ADV-2010-2458",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2458"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cms_write.php in Primitive CMS 1.0.9 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request. NOTE: this vulnerability can be leveraged to conduct cross-site scripting attacks, as demonstrated using the (1) title, (2) content, and (3) menutitle parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-2458",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2458"
},
{
"name": "http://packetstormsecurity.org/1009-exploits/primitive-sqlxss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1009-exploits/primitive-sqlxss.txt"
},
{
"name": "15064",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15064"
},
{
"name": "41515",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41515"
}
]
}
}

34
2010/3xxx/CVE-2010-3543.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3543",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2010-3543",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}

150
2011/0xxx/CVE-2011-0242.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0242",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving a URL that contains a username."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4808",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4808"
},
{
"name" : "http://support.apple.com/kb/HT4999",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4999"
},
{
"name" : "APPLE-SA-2011-07-20-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
},
{
"name" : "APPLE-SA-2011-10-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving a URL that contains a username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2011-10-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "http://support.apple.com/kb/HT4808",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4808"
},
{
"name": "APPLE-SA-2011-07-20-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html"
}
]
}
}

320
2011/0xxx/CVE-2011-0282.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0282",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110208 MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516299/100/0/threaded"
},
{
"name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt",
"refsource" : "CONFIRM",
"url" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name" : "MDVSA-2011:024",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:024"
},
{
"name" : "MDVSA-2011:025",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:025"
},
{
"name" : "RHSA-2011:0199",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0199.html"
},
{
"name" : "RHSA-2011:0200",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0200.html"
},
{
"name" : "SUSE-SR:2011:004",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html"
},
{
"name" : "46271",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46271"
},
{
"name" : "1025037",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025037"
},
{
"name" : "43260",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43260"
},
{
"name" : "43273",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43273"
},
{
"name" : "43275",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43275"
},
{
"name" : "46397",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46397"
},
{
"name" : "8073",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8073"
},
{
"name" : "ADV-2011-0330",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0330"
},
{
"name" : "ADV-2011-0333",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0333"
},
{
"name" : "ADV-2011-0347",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0347"
},
{
"name" : "ADV-2011-0464",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0464"
},
{
"name" : "kerberos-ldap-dos(65323)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65323"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:025",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:025"
},
{
"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
},
{
"name": "46397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46397"
},
{
"name": "46271",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46271"
},
{
"name": "ADV-2011-0347",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0347"
},
{
"name": "43260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43260"
},
{
"name": "ADV-2011-0333",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0333"
},
{
"name": "RHSA-2011:0199",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0199.html"
},
{
"name": "43273",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43273"
},
{
"name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt"
},
{
"name": "20110208 MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516299/100/0/threaded"
},
{
"name": "1025037",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025037"
},
{
"name": "SUSE-SR:2011:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
},
{
"name": "MDVSA-2011:024",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:024"
},
{
"name": "ADV-2011-0464",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0464"
},
{
"name": "8073",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8073"
},
{
"name": "kerberos-ldap-dos(65323)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65323"
},
{
"name": "ADV-2011-0330",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0330"
},
{
"name": "43275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43275"
},
{
"name": "RHSA-2011:0200",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0200.html"
}
]
}
}

170
2011/0xxx/CVE-2011-0688.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-0688",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Intel Alert Management System (aka AMS or AMS2), as used in Symantec Antivirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary commands via crafted messages over TCP, as discovered by Junaid Bohio, a different vulnerability than CVE-2010-0110 and CVE-2010-0111. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_00",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_00"
},
{
"name" : "45936",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45936"
},
{
"name" : "1024996",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024996"
},
{
"name" : "43099",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43099"
},
{
"name" : "ADV-2011-0234",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0234"
},
{
"name" : "symantec-tcp-command-execution(65071)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65071"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Intel Alert Management System (aka AMS or AMS2), as used in Symantec Antivirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary commands via crafted messages over TCP, as discovered by Junaid Bohio, a different vulnerability than CVE-2010-0110 and CVE-2010-0111. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43099",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43099"
},
{
"name": "symantec-tcp-command-execution(65071)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65071"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_00"
},
{
"name": "1024996",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024996"
},
{
"name": "45936",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45936"
},
{
"name": "ADV-2011-0234",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0234"
}
]
}
}

34
2011/1xxx/CVE-2011-1040.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1040",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1040",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2011/1xxx/CVE-2011-1041.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1041",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1041",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2011/1xxx/CVE-2011-1421.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1421",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EMC NetWorker 7.5.x before 7.5.4.3 and 7.6.x before 7.6.1.5, when the client push feature is enabled, uses weak permissions for an unspecified file, which allows local users to gain privileges via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2011-1421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110418 ESA-2011-013: EMC NetWorker arbitrary code execution with elevated privileges vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/517532/100/0/threaded"
},
{
"name" : "47410",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47410"
},
{
"name" : "1025383",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025383"
},
{
"name" : "44237",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44237"
},
{
"name" : "8214",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8214"
},
{
"name" : "ADV-2011-1025",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/1025"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC NetWorker 7.5.x before 7.5.4.3 and 7.6.x before 7.6.1.5, when the client push feature is enabled, uses weak permissions for an unspecified file, which allows local users to gain privileges via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-1025",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1025"
},
{
"name": "1025383",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025383"
},
{
"name": "8214",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8214"
},
{
"name": "20110418 ESA-2011-013: EMC NetWorker arbitrary code execution with elevated privileges vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517532/100/0/threaded"
},
{
"name": "47410",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47410"
},
{
"name": "44237",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44237"
}
]
}
}

160
2011/5xxx/CVE-2011-5220.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5220",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in templates/default/Admin/Login.html in PHP-SCMS 1.6.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.rul3z.de/advisories/SSCHADV2011-035.txt",
"refsource" : "MISC",
"url" : "http://www.rul3z.de/advisories/SSCHADV2011-035.txt"
},
{
"name" : "51062",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51062"
},
{
"name" : "77692",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/77692"
},
{
"name" : "46766",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46766"
},
{
"name" : "phpscms-index-xss(71829)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71829"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in templates/default/Admin/Login.html in PHP-SCMS 1.6.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "77692",
"refsource": "OSVDB",
"url": "http://osvdb.org/77692"
},
{
"name": "http://www.rul3z.de/advisories/SSCHADV2011-035.txt",
"refsource": "MISC",
"url": "http://www.rul3z.de/advisories/SSCHADV2011-035.txt"
},
{
"name": "51062",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51062"
},
{
"name": "phpscms-index-xss(71829)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71829"
},
{
"name": "46766",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46766"
}
]
}
}

130
2014/3xxx/CVE-2014-3246.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3246",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileview_list action to manageajax.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "33249",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/33249"
},
{
"name" : "67287",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67287"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileview_list action to manageajax.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33249",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/33249"
},
{
"name": "67287",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67287"
}
]
}
}

150
2014/3xxx/CVE-2014-3299.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3299",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS allows remote authenticated users to cause a denial of service (device reload) via malformed IPsec packets, aka Bug ID CSCui79745."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140624 Cisco IOS Software IPsec Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3299"
},
{
"name" : "68177",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68177"
},
{
"name" : "1030473",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030473"
},
{
"name" : "59382",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59382"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS allows remote authenticated users to cause a denial of service (device reload) via malformed IPsec packets, aka Bug ID CSCui79745."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68177",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68177"
},
{
"name": "59382",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59382"
},
{
"name": "20140624 Cisco IOS Software IPsec Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3299"
},
{
"name": "1030473",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030473"
}
]
}
}

140
2014/3xxx/CVE-2014-3910.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3910",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Emurasoft EmFTP allows local users to gain privileges via a Trojan horse executable file that is launched during an attempt to read a similarly named file that lacks a filename extension."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-3910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://jvn.jp/en/jp/JVN50367052/995292/index.html",
"refsource" : "MISC",
"url" : "http://jvn.jp/en/jp/JVN50367052/995292/index.html"
},
{
"name" : "JVN#50367052",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN50367052/index.html"
},
{
"name" : "JVNDB-2014-000103",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000103"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Emurasoft EmFTP allows local users to gain privileges via a Trojan horse executable file that is launched during an attempt to read a similarly named file that lacks a filename extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN50367052/995292/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN50367052/995292/index.html"
},
{
"name": "JVN#50367052",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN50367052/index.html"
},
{
"name": "JVNDB-2014-000103",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000103"
}
]
}
}

34
2014/6xxx/CVE-2014-6286.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6286",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6286",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2014/6xxx/CVE-2014-6297.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6297",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-001/",
"refsource" : "MISC",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-001/"
},
{
"name" : "http://typo3.org/extensions/repository/view/mm_forum",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/extensions/repository/view/mm_forum"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/mm_forum",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/mm_forum"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-001/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-001/"
}
]
}
}

190
2014/6xxx/CVE-2014-6324.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-6324",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka \"Kerberos Checksum Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-6324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blogs.technet.com/b/srd/archive/2014/11/18/additional-information-about-cve-2014-6324.aspx",
"refsource" : "CONFIRM",
"url" : "http://blogs.technet.com/b/srd/archive/2014/11/18/additional-information-about-cve-2014-6324.aspx"
},
{
"name" : "HPSBMU03224",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142350249315918&w=2"
},
{
"name" : "SSRT101864",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142350249315918&w=2"
},
{
"name" : "MS14-068",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-068"
},
{
"name" : "TA14-323A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/ncas/alerts/TA14-323A"
},
{
"name" : "70958",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70958"
},
{
"name" : "1031237",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031237"
},
{
"name" : "62556",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62556"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka \"Kerberos Checksum Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031237",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031237"
},
{
"name": "HPSBMU03224",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142350249315918&w=2"
},
{
"name": "http://blogs.technet.com/b/srd/archive/2014/11/18/additional-information-about-cve-2014-6324.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/b/srd/archive/2014/11/18/additional-information-about-cve-2014-6324.aspx"
},
{
"name": "70958",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70958"
},
{
"name": "MS14-068",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-068"
},
{
"name": "SSRT101864",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142350249315918&w=2"
},
{
"name": "TA14-323A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA14-323A"
},
{
"name": "62556",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62556"
}
]
}
}

34
2014/7xxx/CVE-2014-7224.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7224",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7224",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/7xxx/CVE-2014-7301.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7301",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7301",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/7xxx/CVE-2014-7448.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7448",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DealSide Institutional (aka com.magzter.dealsideinstitutional) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#226713",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/226713"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DealSide Institutional (aka com.magzter.dealsideinstitutional) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#226713",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/226713"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/7xxx/CVE-2014-7553.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7553",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The GET NYCE Lightworks (aka com.wGETNYCE) application 0.84.13506.98953 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7553",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#438441",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/438441"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GET NYCE Lightworks (aka com.wGETNYCE) application 0.84.13506.98953 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#438441",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/438441"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

220
2014/8xxx/CVE-2014-8097.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8097",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcDbeSwapBuffers or (2) SProcDbeSwapBuffers function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/",
"refsource" : "CONFIRM",
"url" : "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/"
},
{
"name" : "http://advisories.mageia.org/MGASA-2014-0532.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2014-0532.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name" : "DSA-3095",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3095"
},
{
"name" : "GLSA-201504-06",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201504-06"
},
{
"name" : "MDVSA-2015:119",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119"
},
{
"name" : "71604",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71604"
},
{
"name" : "62292",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62292"
},
{
"name" : "61947",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61947"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcDbeSwapBuffers or (2) SProcDbeSwapBuffers function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3095",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3095"
},
{
"name": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/",
"refsource": "CONFIRM",
"url": "http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0532.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0532.html"
},
{
"name": "GLSA-201504-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-06"
},
{
"name": "62292",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62292"
},
{
"name": "MDVSA-2015:119",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:119"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "61947",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61947"
},
{
"name": "71604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71604"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
]
}
}

34
2016/2xxx/CVE-2016-2095.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2095",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2095",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2016/2xxx/CVE-2016-2338.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2338",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2338",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

200
2016/2xxx/CVE-2016-2523.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2523",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2016-03.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2016-03.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11938",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11938"
},
{
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=260afe11feb796d1fde992d8f8c133ebd950b573",
"refsource" : "CONFIRM",
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=260afe11feb796d1fde992d8f8c133ebd950b573"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "DSA-3516",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3516"
},
{
"name" : "GLSA-201604-05",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201604-05"
},
{
"name" : "openSUSE-SU-2016:0660",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00015.html"
},
{
"name" : "openSUSE-SU-2016:0661",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00016.html"
},
{
"name" : "1035118",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035118"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:0661",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00016.html"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2016-03.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2016-03.html"
},
{
"name": "openSUSE-SU-2016:0660",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00015.html"
},
{
"name": "DSA-3516",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3516"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=260afe11feb796d1fde992d8f8c133ebd950b573",
"refsource": "CONFIRM",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=260afe11feb796d1fde992d8f8c133ebd950b573"
},
{
"name": "GLSA-201604-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201604-05"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11938",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11938"
},
{
"name": "1035118",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035118"
}
]
}
}

370
2016/2xxx/CVE-2016-2792.json
View File

@ -1,187 +1,187 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2792",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-2792",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1243482",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1243482"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name" : "DSA-3510",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3510"
},
{
"name" : "DSA-3515",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3515"
},
{
"name" : "DSA-3520",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3520"
},
{
"name" : "GLSA-201605-06",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201605-06"
},
{
"name" : "GLSA-201701-63",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-63"
},
{
"name" : "openSUSE-SU-2016:0894",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
},
{
"name" : "openSUSE-SU-2016:1767",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
},
{
"name" : "openSUSE-SU-2016:1769",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
},
{
"name" : "openSUSE-SU-2016:1778",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
},
{
"name" : "SUSE-SU-2016:0909",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name" : "SUSE-SU-2016:0727",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"name" : "SUSE-SU-2016:0777",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"name" : "openSUSE-SU-2016:0731",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name" : "openSUSE-SU-2016:0733",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name" : "SUSE-SU-2016:0820",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name" : "openSUSE-SU-2016:0876",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
},
{
"name" : "USN-2917-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2917-2"
},
{
"name" : "USN-2917-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2917-3"
},
{
"name" : "USN-2934-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2934-1"
},
{
"name" : "USN-2917-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2917-1"
},
{
"name" : "USN-2927-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2927-1"
},
{
"name" : "84222",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/84222"
},
{
"name" : "1035215",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035215"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:0894",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
},
{
"name": "84222",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84222"
},
{
"name": "SUSE-SU-2016:0820",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"name": "openSUSE-SU-2016:1767",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "openSUSE-SU-2016:0731",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"name": "SUSE-SU-2016:0727",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"name": "openSUSE-SU-2016:1778",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
},
{
"name": "openSUSE-SU-2016:0876",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
},
{
"name": "USN-2917-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-1"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243482",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1243482"
},
{
"name": "USN-2927-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2927-1"
},
{
"name": "DSA-3520",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3520"
},
{
"name": "openSUSE-SU-2016:1769",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
},
{
"name": "SUSE-SU-2016:0909",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"name": "DSA-3510",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3510"
},
{
"name": "openSUSE-SU-2016:0733",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html"
},
{
"name": "1035215",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035215"
},
{
"name": "SUSE-SU-2016:0777",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"name": "GLSA-201605-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"name": "DSA-3515",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3515"
},
{
"name": "USN-2934-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2934-1"
},
{
"name": "GLSA-201701-63",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-63"
},
{
"name": "USN-2917-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-2"
},
{
"name": "USN-2917-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-3"
}
]
}
}

130
2016/2xxx/CVE-2016-2875.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2875",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security QRadar SIEM 7.1.x and 7.2.x before 7.2.7 allows remote authenticated users to execute arbitrary OS commands as root via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988094",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988094"
},
{
"name" : "92333",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92333"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security QRadar SIEM 7.1.x and 7.2.x before 7.2.7 allows remote authenticated users to execute arbitrary OS commands as root via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92333",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92333"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21988094",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988094"
}
]
}
}

130
2016/6xxx/CVE-2016-6716.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2016-6716",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android-7.0"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the AOSP Launcher in Android 7.0 before 2016-11-01 could allow a local malicious application to create shortcuts that have elevated privileges without the user's consent. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission). Android ID: A-30778130."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-6716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-7.0"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name" : "94171",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94171"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the AOSP Launcher in Android 7.0 before 2016-11-01 could allow a local malicious application to create shortcuts that have elevated privileges without the user's consent. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission). Android ID: A-30778130."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94171",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94171"
},
{
"name": "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-11-01.html"
}
]
}
}

140
2017/18xxx/CVE-2017-18184.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18184",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in QPDF before 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/qpdf/qpdf/commit/dea704f0ab7f625e1e7b3f9a1110b45b63157317",
"refsource" : "MISC",
"url" : "https://github.com/qpdf/qpdf/commit/dea704f0ab7f625e1e7b3f9a1110b45b63157317"
},
{
"name" : "https://github.com/qpdf/qpdf/issues/147",
"refsource" : "MISC",
"url" : "https://github.com/qpdf/qpdf/issues/147"
},
{
"name" : "USN-3638-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3638-1/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in QPDF before 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3638-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3638-1/"
},
{
"name": "https://github.com/qpdf/qpdf/commit/dea704f0ab7f625e1e7b3f9a1110b45b63157317",
"refsource": "MISC",
"url": "https://github.com/qpdf/qpdf/commit/dea704f0ab7f625e1e7b3f9a1110b45b63157317"
},
{
"name": "https://github.com/qpdf/qpdf/issues/147",
"refsource": "MISC",
"url": "https://github.com/qpdf/qpdf/issues/147"
}
]
}
}

120
2017/18xxx/CVE-2017-18212.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-18212",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex function in lit/lit-char-helpers.c via a RegExp(\"[\\x0\"); payload."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/jerryscript-project/jerryscript/issues/2140",
"refsource" : "MISC",
"url" : "https://github.com/jerryscript-project/jerryscript/issues/2140"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex function in lit/lit-char-helpers.c via a RegExp(\"[\\x0\"); payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jerryscript-project/jerryscript/issues/2140",
"refsource": "MISC",
"url": "https://github.com/jerryscript-project/jerryscript/issues/2140"
}
]
}
}

34
2017/1xxx/CVE-2017-1044.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-1044",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1044",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

178
2017/1xxx/CVE-2017-1202.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-10-30T00:00:00",
"ID" : "CVE-2017-1202",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BigFix Compliance",
"version" : {
"version_data" : [
{
"version_value" : "1.7"
},
{
"version_value" : "1.9.91"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 123677."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "L",
"S" : "C",
"SCORE" : "5.400",
"UI" : "R"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-10-30T00:00:00",
"ID": "CVE-2017-1202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BigFix Compliance",
"version": {
"version_data": [
{
"version_value": "1.7"
},
{
"version_value": "1.9.91"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10737581",
"refsource" : "CONFIRM",
"url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10737581"
},
{
"name" : "ibm-bigfix-cve20171202-html-injection(123677)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123677"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 123677."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"SCORE": "5.400",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=ibm10737581",
"refsource": "CONFIRM",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10737581"
},
{
"name": "ibm-bigfix-cve20171202-html-injection(123677)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123677"
}
]
}
}

130
2017/1xxx/CVE-2017-1205.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2017-1205",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Spectrum LSF",
"version" : {
"version_data" : [
{
"version_value" : "10.1"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Platform LSF 10.1 contains an unspecified vulnerability that could allow a local user to escalate their privileges and obtain root access. IBM X-Force ID: 123741."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2017-1205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum LSF",
"version": {
"version_data": [
{
"version_value": "10.1"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=isg3T1025091",
"refsource" : "MISC",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg3T1025091"
},
{
"name" : "97528",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97528"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Platform LSF 10.1 contains an unspecified vulnerability that could allow a local user to escalate their privileges and obtain root access. IBM X-Force ID: 123741."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=isg3T1025091",
"refsource": "MISC",
"url": "http://www.ibm.com/support/docview.wss?uid=isg3T1025091"
},
{
"name": "97528",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97528"
}
]
}
}

170
2017/1xxx/CVE-2017-1267.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-07-18T00:00:00",
"ID" : "CVE-2017-1267",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Guardium",
"version" : {
"version_data" : [
{
"version_value" : "10.0"
},
{
"version_value" : "10.0.1"
},
{
"version_value" : "10.1"
},
{
"version_value" : "10.1.2"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Guardium 10.0 and 10.1 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 124742."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-07-18T00:00:00",
"ID": "CVE-2017-1267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Guardium",
"version": {
"version_data": [
{
"version_value": "10.0"
},
{
"version_value": "10.0.1"
},
{
"version_value": "10.1"
},
{
"version_value": "10.1.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124742",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124742"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22004424",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22004424"
},
{
"name" : "99896",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99896"
},
{
"name" : "1038984",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038984"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Guardium 10.0 and 10.1 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 124742."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038984",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038984"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124742",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124742"
},
{
"name": "99896",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99896"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22004424",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22004424"
}
]
}
}

154
2017/1xxx/CVE-2017-1670.json
View File

@ -1,79 +1,79 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-01-05T00:00:00",
"ID" : "CVE-2017-1670",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Key Lifecycle Manager",
"version" : {
"version_data" : [
{
"version_value" : "2.5"
},
{
"version_value" : "2.6"
},
{
"version_value" : "2.7"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 133637."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Data Manipulation"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-01-05T00:00:00",
"ID": "CVE-2017-1670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Key Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "2.5"
},
{
"version_value": "2.6"
},
{
"version_value": "2.7"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/133637",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/133637"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22012009",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22012009"
},
{
"name" : "102429",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102429"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 133637."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data Manipulation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102429",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102429"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012009",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012009"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133637",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133637"
}
]
}
}

170
2017/5xxx/CVE-2017-5340.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5340",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5340",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.php.net/bug.php?id=73832",
"refsource" : "CONFIRM",
"url" : "https://bugs.php.net/bug.php?id=73832"
},
{
"name" : "https://github.com/php/php-src/commit/4cc0286f2f3780abc6084bcdae5dce595daa3c12",
"refsource" : "CONFIRM",
"url" : "https://github.com/php/php-src/commit/4cc0286f2f3780abc6084bcdae5dce595daa3c12"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180112-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180112-0001/"
},
{
"name" : "RHSA-2018:1296",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1296"
},
{
"name" : "95371",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95371"
},
{
"name" : "1037659",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037659"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/php/php-src/commit/4cc0286f2f3780abc6084bcdae5dce595daa3c12",
"refsource": "CONFIRM",
"url": "https://github.com/php/php-src/commit/4cc0286f2f3780abc6084bcdae5dce595daa3c12"
},
{
"name": "RHSA-2018:1296",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1296"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180112-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180112-0001/"
},
{
"name": "95371",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95371"
},
{
"name": "https://bugs.php.net/bug.php?id=73832",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=73832"
},
{
"name": "1037659",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037659"
}
]
}
}

150
2017/5xxx/CVE-2017-5563.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5563",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2664",
"refsource" : "MISC",
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2664"
},
{
"name" : "GLSA-201709-27",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201709-27"
},
{
"name" : "USN-3606-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3606-1/"
},
{
"name" : "95705",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95705"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2664",
"refsource": "MISC",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2664"
},
{
"name": "GLSA-201709-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-27"
},
{
"name": "USN-3606-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3606-1/"
},
{
"name": "95705",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95705"
}
]
}
}

160
2017/5xxx/CVE-2017-5969.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5969",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states \"I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161105 CVE request: Null pointer derefence parsing xml file using libxml 2.9.4 (in recover mode)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/11/05/3"
},
{
"name" : "[oss-security] 20170213 CVE-2017-5969: Null pointer derefence parsing xml file using libxml 2.9.4 (in recover mode)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/02/13/1"
},
{
"name" : "https://bugzilla.gnome.org/show_bug.cgi?id=778519",
"refsource" : "MISC",
"url" : "https://bugzilla.gnome.org/show_bug.cgi?id=778519"
},
{
"name" : "GLSA-201711-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201711-01"
},
{
"name" : "96188",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96188"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states \"I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=778519",
"refsource": "MISC",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=778519"
},
{
"name": "[oss-security] 20170213 CVE-2017-5969: Null pointer derefence parsing xml file using libxml 2.9.4 (in recover mode)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/13/1"
},
{
"name": "[oss-security] 20161105 CVE request: Null pointer derefence parsing xml file using libxml 2.9.4 (in recover mode)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/05/3"
},
{
"name": "GLSA-201711-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201711-01"
},
{
"name": "96188",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96188"
}
]
}
}