admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:37:26 +00:00
parent c1d68f0cad
commit 8d2f6e8a2d
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
49 changed files with 4629 additions and 4629 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
2006/0xxx/CVE-2006-0041.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0041",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2006-0041",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}

240
2006/0xxx/CVE-2006-0106.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0106",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, implement the SETABORTPROC GDI Escape function call for Windows Metafile (WMF) files, which allows attackers to execute arbitrary code, the same vulnerability as CVE-2005-4560 but in a different codebase."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060117 ERRATA: [ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/422128/100/0/threaded"
},
{
"name" : "[Dailydave] 20060105 WMF goes away :<",
"refsource" : "MLIST",
"url" : "http://lists.immunitysec.com/pipermail/dailydave/2006-January/002806.html"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346197",
"refsource" : "MISC",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346197"
},
{
"name" : "DSA-954",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-954"
},
{
"name" : "GLSA-200601-09",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200601-09.xml"
},
{
"name" : "MDKSA-2006:014",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:014"
},
{
"name" : "SUSE-SR:2006:002",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_02_sr.html"
},
{
"name" : "ADV-2006-0098",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0098"
},
{
"name" : "18323",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18323"
},
{
"name" : "18451",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18451"
},
{
"name" : "18549",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18549"
},
{
"name" : "18578",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18578"
},
{
"name" : "win-wmf-execute-code(23846)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23846"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, implement the SETABORTPROC GDI Escape function call for Windows Metafile (WMF) files, which allows attackers to execute arbitrary code, the same vulnerability as CVE-2005-4560 but in a different codebase."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[Dailydave] 20060105 WMF goes away :<",
"refsource": "MLIST",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2006-January/002806.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346197",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346197"
},
{
"name": "ADV-2006-0098",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0098"
},
{
"name": "18578",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18578"
},
{
"name": "18549",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18549"
},
{
"name": "win-wmf-execute-code(23846)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23846"
},
{
"name": "20060117 ERRATA: [ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422128/100/0/threaded"
},
{
"name": "MDKSA-2006:014",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:014"
},
{
"name": "SUSE-SR:2006:002",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_02_sr.html"
},
{
"name": "DSA-954",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-954"
},
{
"name": "18451",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18451"
},
{
"name": "18323",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18323"
},
{
"name": "GLSA-200601-09",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200601-09.xml"
}
]
}
}

250
2006/0xxx/CVE-2006-0677.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0677",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows remote unauthenticated attackers to cause a denial of service (server crash) via unknown vectors that trigger a null dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-0677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[heimdal-discuss] 20060206 Heimdal 0.7.2 and 0.6.6",
"refsource" : "MLIST",
"url" : "http://www.stacken.kth.se/lists/heimdal-discuss/2006-02/msg00028.html"
},
{
"name" : "DSA-977",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-977"
},
{
"name" : "SUSE-SA:2006:011",
"refsource" : "SUSE",
"url" : "http://www.securityfocus.com/archive/1/426043/100/0/threaded"
},
{
"name" : "USN-253-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-253-1"
},
{
"name" : "16676",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16676"
},
{
"name" : "ADV-2006-0456",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0456"
},
{
"name" : "ADV-2006-0628",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0628"
},
{
"name" : "ADV-2006-0653",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0653"
},
{
"name" : "23244",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23244"
},
{
"name" : "18894",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18894"
},
{
"name" : "19005",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19005"
},
{
"name" : "18961",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18961"
},
{
"name" : "449",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/449"
},
{
"name" : "heimdal-telnetd-dos(24763)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24763"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows remote unauthenticated attackers to cause a denial of service (server crash) via unknown vectors that trigger a null dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18894",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18894"
},
{
"name": "19005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19005"
},
{
"name": "ADV-2006-0653",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0653"
},
{
"name": "ADV-2006-0456",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0456"
},
{
"name": "USN-253-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-253-1"
},
{
"name": "18961",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18961"
},
{
"name": "heimdal-telnetd-dos(24763)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24763"
},
{
"name": "449",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/449"
},
{
"name": "16676",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16676"
},
{
"name": "DSA-977",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-977"
},
{
"name": "23244",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23244"
},
{
"name": "ADV-2006-0628",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0628"
},
{
"name": "SUSE-SA:2006:011",
"refsource": "SUSE",
"url": "http://www.securityfocus.com/archive/1/426043/100/0/threaded"
},
{
"name": "[heimdal-discuss] 20060206 Heimdal 0.7.2 and 0.6.6",
"refsource": "MLIST",
"url": "http://www.stacken.kth.se/lists/heimdal-discuss/2006-02/msg00028.html"
}
]
}
}

34
2006/0xxx/CVE-2006-0975.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0975",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0459. Reason: This candidate is a reservation duplicate of CVE-2006-0459. Notes: All CVE users should reference CVE-2006-0459 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2006-0975",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0459. Reason: This candidate is a reservation duplicate of CVE-2006-0459. Notes: All CVE users should reference CVE-2006-0459 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

190
2006/1xxx/CVE-2006-1147.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1147",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Com_sprintf function in q_shared.c in Alien Arena 2006 Gold Edition 5.00 does not properly NULL terminate certain long strings, which allows remote attackers (possibly authenticated) to cause a denial of service (application crash) via a long skin, weapon, or model name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060307 Multiple vulnerabilities in Alien Arena 2006 GE 5.00",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/426984/100/0/threaded"
},
{
"name" : "20060307 Multiple vulnerabilities in Alien Arena 2006 GE 5.00",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/0147.html"
},
{
"name" : "http://aluigi.altervista.org/adv/aa2k6x-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/aa2k6x-adv.txt"
},
{
"name" : "17028",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17028"
},
{
"name" : "ADV-2006-0882",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0882"
},
{
"name" : "23749",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23749"
},
{
"name" : "19144",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19144"
},
{
"name" : "alien-com-sprintf-dos(25201)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25201"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Com_sprintf function in q_shared.c in Alien Arena 2006 Gold Edition 5.00 does not properly NULL terminate certain long strings, which allows remote attackers (possibly authenticated) to cause a denial of service (application crash) via a long skin, weapon, or model name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23749",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23749"
},
{
"name": "20060307 Multiple vulnerabilities in Alien Arena 2006 GE 5.00",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426984/100/0/threaded"
},
{
"name": "http://aluigi.altervista.org/adv/aa2k6x-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/aa2k6x-adv.txt"
},
{
"name": "ADV-2006-0882",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0882"
},
{
"name": "19144",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19144"
},
{
"name": "20060307 Multiple vulnerabilities in Alien Arena 2006 GE 5.00",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/0147.html"
},
{
"name": "17028",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17028"
},
{
"name": "alien-com-sprintf-dos(25201)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25201"
}
]
}
}

700
2006/1xxx/CVE-2006-1735.json
View File

@ -1,352 +1,352 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1735",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with extra privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-1735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-14.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-14.html"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm"
},
{
"name" : "DSA-1044",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1044"
},
{
"name" : "DSA-1046",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1046"
},
{
"name" : "DSA-1051",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1051"
},
{
"name" : "FEDORA-2006-410",
"refsource" : "FEDORA",
"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html"
},
{
"name" : "FEDORA-2006-411",
"refsource" : "FEDORA",
"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html"
},
{
"name" : "FLSA:189137-1",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/436296/100/0/threaded"
},
{
"name" : "FLSA:189137-2",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/436338/100/0/threaded"
},
{
"name" : "GLSA-200604-12",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml"
},
{
"name" : "GLSA-200604-18",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml"
},
{
"name" : "GLSA-200605-09",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml"
},
{
"name" : "HPSBTU02118",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/434524/100/0/threaded"
},
{
"name" : "SSRT061145",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/434524/100/0/threaded"
},
{
"name" : "HPSBUX02122",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/438730/100/0/threaded"
},
{
"name" : "SSRT061158",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/438730/100/0/threaded"
},
{
"name" : "MDKSA-2006:075",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:075"
},
{
"name" : "MDKSA-2006:076",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:076"
},
{
"name" : "MDKSA-2006:078",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078"
},
{
"name" : "RHSA-2006:0328",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0328.html"
},
{
"name" : "RHSA-2006:0329",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0329.html"
},
{
"name" : "RHSA-2006:0330",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0330.html"
},
{
"name" : "SCOSA-2006.26",
"refsource" : "SCO",
"url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt"
},
{
"name" : "20060404-01-U",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc"
},
{
"name" : "102550",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1"
},
{
"name" : "228526",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1"
},
{
"name" : "SUSE-SA:2006:022",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_04_25.html"
},
{
"name" : "SUSE-SA:2006:021",
"refsource" : "SUSE",
"url" : "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html"
},
{
"name" : "USN-275-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/275-1/"
},
{
"name" : "USN-276-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/276-1/"
},
{
"name" : "USN-271-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/271-1/"
},
{
"name" : "TA06-107A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-107A.html"
},
{
"name" : "VU#813230",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/813230"
},
{
"name" : "17516",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17516"
},
{
"name" : "oval:org.mitre.oval:def:10930",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10930"
},
{
"name" : "ADV-2006-1356",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1356"
},
{
"name" : "oval:org.mitre.oval:def:1037",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1037"
},
{
"name" : "19631",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19631"
},
{
"name" : "19759",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19759"
},
{
"name" : "19794",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19794"
},
{
"name" : "19821",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19821"
},
{
"name" : "19811",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19811"
},
{
"name" : "19823",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19823"
},
{
"name" : "19852",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19852"
},
{
"name" : "19862",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19862"
},
{
"name" : "19863",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19863"
},
{
"name" : "19902",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19902"
},
{
"name" : "19950",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19950"
},
{
"name" : "19941",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19941"
},
{
"name" : "19714",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19714"
},
{
"name" : "19721",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19721"
},
{
"name" : "19746",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19746"
},
{
"name" : "21033",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21033"
},
{
"name" : "21622",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21622"
},
{
"name" : "19696",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19696"
},
{
"name" : "19729",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19729"
},
{
"name" : "19780",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19780"
},
{
"name" : "20051",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20051"
},
{
"name" : "mozilla-xbl-code-execution(25815)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25815"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with extra privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-275-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/275-1/"
},
{
"name": "RHSA-2006:0330",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0330.html"
},
{
"name": "SSRT061145",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/434524/100/0/threaded"
},
{
"name": "19902",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19902"
},
{
"name": "20060404-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc"
},
{
"name": "USN-276-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/276-1/"
},
{
"name": "HPSBUX02122",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded"
},
{
"name": "19941",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19941"
},
{
"name": "19780",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19780"
},
{
"name": "RHSA-2006:0328",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0328.html"
},
{
"name": "19821",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19821"
},
{
"name": "VU#813230",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/813230"
},
{
"name": "GLSA-200604-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml"
},
{
"name": "21622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21622"
},
{
"name": "19862",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19862"
},
{
"name": "MDKSA-2006:075",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:075"
},
{
"name": "oval:org.mitre.oval:def:1037",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1037"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm"
},
{
"name": "19823",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19823"
},
{
"name": "http://www.mozilla.org/security/announce/2006/mfsa2006-14.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-14.html"
},
{
"name": "DSA-1051",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1051"
},
{
"name": "FEDORA-2006-410",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html"
},
{
"name": "USN-271-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/271-1/"
},
{
"name": "19714",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19714"
},
{
"name": "RHSA-2006:0329",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0329.html"
},
{
"name": "GLSA-200604-18",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml"
},
{
"name": "19811",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19811"
},
{
"name": "HPSBTU02118",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/434524/100/0/threaded"
},
{
"name": "19794",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19794"
},
{
"name": "19746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19746"
},
{
"name": "21033",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21033"
},
{
"name": "mozilla-xbl-code-execution(25815)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25815"
},
{
"name": "102550",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1"
},
{
"name": "19696",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19696"
},
{
"name": "19759",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19759"
},
{
"name": "SUSE-SA:2006:021",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html"
},
{
"name": "FLSA:189137-2",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/436338/100/0/threaded"
},
{
"name": "ADV-2006-1356",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1356"
},
{
"name": "oval:org.mitre.oval:def:10930",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10930"
},
{
"name": "SSRT061158",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded"
},
{
"name": "MDKSA-2006:078",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078"
},
{
"name": "19729",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19729"
},
{
"name": "20051",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20051"
},
{
"name": "19863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19863"
},
{
"name": "SCOSA-2006.26",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt"
},
{
"name": "TA06-107A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-107A.html"
},
{
"name": "FLSA:189137-1",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/436296/100/0/threaded"
},
{
"name": "17516",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17516"
},
{
"name": "228526",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1"
},
{
"name": "FEDORA-2006-411",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html"
},
{
"name": "19852",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19852"
},
{
"name": "19721",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19721"
},
{
"name": "SUSE-SA:2006:022",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_04_25.html"
},
{
"name": "GLSA-200605-09",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml"
},
{
"name": "19631",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19631"
},
{
"name": "19950",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19950"
},
{
"name": "MDKSA-2006:076",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:076"
},
{
"name": "DSA-1046",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1046"
},
{
"name": "DSA-1044",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1044"
}
]
}
}

170
2006/1xxx/CVE-2006-1964.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1964",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Haberler.asp in ASPSitem 1.83 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060419 ASPSitem <= 1.83 Remote SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/431469/100/0/threaded"
},
{
"name" : "http://www.nukedx.com/?getxpl=23",
"refsource" : "MISC",
"url" : "http://www.nukedx.com/?getxpl=23"
},
{
"name" : "17616",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17616"
},
{
"name" : "ADV-2006-1439",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1439"
},
{
"name" : "19693",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19693"
},
{
"name" : "aspsitem-haberler-sql-injection(25932)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25932"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Haberler.asp in ASPSitem 1.83 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.nukedx.com/?getxpl=23",
"refsource": "MISC",
"url": "http://www.nukedx.com/?getxpl=23"
},
{
"name": "17616",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17616"
},
{
"name": "19693",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19693"
},
{
"name": "aspsitem-haberler-sql-injection(25932)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25932"
},
{
"name": "ADV-2006-1439",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1439"
},
{
"name": "20060419 ASPSitem <= 1.83 Remote SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431469/100/0/threaded"
}
]
}
}

360
2006/4xxx/CVE-2006-4144.json
View File

@ -1,182 +1,182 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4144",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060814 [Overflow.pl] ImageMagick ReadSGIImage() Heap Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/443208/100/0/threaded"
},
{
"name" : "20060816 Re: [Overflow.pl] ImageMagick ReadSGIImage() Heap Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/443362/100/0/threaded"
},
{
"name" : "http://www.overflow.pl/adv/imsgiheap.txt",
"refsource" : "MISC",
"url" : "http://www.overflow.pl/adv/imsgiheap.txt"
},
{
"name" : "https://issues.rpath.com/browse/RPL-605",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-605"
},
{
"name" : "DSA-1213",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1213"
},
{
"name" : "GLSA-200609-14",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200609-14.xml"
},
{
"name" : "MDKSA-2006:155",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:155"
},
{
"name" : "RHSA-2006:0633",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0633.html"
},
{
"name" : "20060901-01-P",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
},
{
"name" : "SUSE-SA:2006:050",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_50_imagemagick.html"
},
{
"name" : "USN-337-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-337-1"
},
{
"name" : "19507",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19507"
},
{
"name" : "oval:org.mitre.oval:def:11129",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11129"
},
{
"name" : "1016699",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016699"
},
{
"name" : "21462",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21462"
},
{
"name" : "21525",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21525"
},
{
"name" : "21679",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21679"
},
{
"name" : "21671",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21671"
},
{
"name" : "21832",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21832"
},
{
"name" : "21621",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21621"
},
{
"name" : "22036",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22036"
},
{
"name" : "22096",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22096"
},
{
"name" : "22998",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22998"
},
{
"name" : "1385",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1385"
},
{
"name" : "imagemagick-readsgiimage-bo(28372)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28372"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21679",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21679"
},
{
"name": "imagemagick-readsgiimage-bo(28372)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28372"
},
{
"name": "19507",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19507"
},
{
"name": "21671",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21671"
},
{
"name": "21832",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21832"
},
{
"name": "http://www.overflow.pl/adv/imsgiheap.txt",
"refsource": "MISC",
"url": "http://www.overflow.pl/adv/imsgiheap.txt"
},
{
"name": "SUSE-SA:2006:050",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_50_imagemagick.html"
},
{
"name": "oval:org.mitre.oval:def:11129",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11129"
},
{
"name": "20060816 Re: [Overflow.pl] ImageMagick ReadSGIImage() Heap Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443362/100/0/threaded"
},
{
"name": "https://issues.rpath.com/browse/RPL-605",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-605"
},
{
"name": "MDKSA-2006:155",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:155"
},
{
"name": "GLSA-200609-14",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200609-14.xml"
},
{
"name": "22096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22096"
},
{
"name": "21621",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21621"
},
{
"name": "20060901-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
},
{
"name": "USN-337-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-337-1"
},
{
"name": "RHSA-2006:0633",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0633.html"
},
{
"name": "21462",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21462"
},
{
"name": "1016699",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016699"
},
{
"name": "22998",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22998"
},
{
"name": "DSA-1213",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1213"
},
{
"name": "1385",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1385"
},
{
"name": "22036",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22036"
},
{
"name": "20060814 [Overflow.pl] ImageMagick ReadSGIImage() Heap Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443208/100/0/threaded"
},
{
"name": "21525",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21525"
}
]
}
}

150
2006/4xxx/CVE-2006-4309.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4309",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not password protected, which allows remote attackers to login and view RDP or Citrix sessions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060822 unauthorized VNC access in AK-Systems Windows Terminals",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/444060/100/0/threaded"
},
{
"name" : "19659",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19659"
},
{
"name" : "1438",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1438"
},
{
"name" : "windows-terminal-vnc-unauth-access(28532)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28532"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not password protected, which allows remote attackers to login and view RDP or Citrix sessions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "windows-terminal-vnc-unauth-access(28532)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28532"
},
{
"name": "20060822 unauthorized VNC access in AK-Systems Windows Terminals",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444060/100/0/threaded"
},
{
"name": "19659",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19659"
},
{
"name": "1438",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1438"
}
]
}
}

640
2006/4xxx/CVE-2006-4334.json
View File

@ -1,322 +1,322 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4334",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-4334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060919 rPSA-2006-0170-1 gzip",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446426/100/0/threaded"
},
{
"name" : "20070330 VMSA-2007-0002 VMware ESX security updates",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/464268/100/0/threaded"
},
{
"name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676",
"refsource" : "MISC",
"url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-218.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-218.htm"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=304829",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name" : "https://issues.rpath.com/browse/RPL-615",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-615"
},
{
"name" : "http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html"
},
{
"name" : "APPLE-SA-2006-11-28",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name" : "DSA-1181",
"refsource" : "DEBIAN",
"url" : "http://www.us.debian.org/security/2006/dsa-1181"
},
{
"name" : "FLSA:211760",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/451324/100/0/threaded"
},
{
"name" : "FreeBSD-SA-06:21",
"refsource" : "FREEBSD",
"url" : "http://security.freebsd.org/advisories/FreeBSD-SA-06:21.gzip.asc"
},
{
"name" : "GLSA-200609-13",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200609-13.xml"
},
{
"name" : "HPSBTU02168",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/450078/100/0/threaded"
},
{
"name" : "SSRT061237",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/450078/100/0/threaded"
},
{
"name" : "HPSBUX02195",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/462007/100/0/threaded"
},
{
"name" : "MDKSA-2006:167",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:167"
},
{
"name" : "OpenPKG-SA-2006.020",
"refsource" : "OPENPKG",
"url" : "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.020-gzip.html"
},
{
"name" : "RHSA-2006:0667",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0667.html"
},
{
"name" : "20061001-01-P",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"
},
{
"name" : "SSA:2006-262",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852"
},
{
"name" : "102766",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102766-1"
},
{
"name" : "SUSE-SA:2006:056",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_56_gzip.html"
},
{
"name" : "2006-0052",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2006/0052/"
},
{
"name" : "USN-349-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-349-1"
},
{
"name" : "TA06-333A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
},
{
"name" : "VU#933712",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/933712"
},
{
"name" : "20101",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20101"
},
{
"name" : "oval:org.mitre.oval:def:10527",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10527"
},
{
"name" : "ADV-2006-4275",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4275"
},
{
"name" : "ADV-2006-4750",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name" : "ADV-2007-0092",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0092"
},
{
"name" : "ADV-2007-0832",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0832"
},
{
"name" : "ADV-2007-1171",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1171"
},
{
"name" : "1016883",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016883"
},
{
"name" : "22002",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22002"
},
{
"name" : "22009",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22009"
},
{
"name" : "22017",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22017"
},
{
"name" : "22033",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22033"
},
{
"name" : "22034",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22034"
},
{
"name" : "22012",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22012"
},
{
"name" : "22043",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22043"
},
{
"name" : "22085",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22085"
},
{
"name" : "22101",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22101"
},
{
"name" : "22027",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22027"
},
{
"name" : "22435",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22435"
},
{
"name" : "22661",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22661"
},
{
"name" : "22487",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22487"
},
{
"name" : "23155",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23155"
},
{
"name" : "21996",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21996"
},
{
"name" : "23679",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23679"
},
{
"name" : "24435",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24435"
},
{
"name" : "24636",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24636"
},
{
"name" : "gzip-huftbuild-code-execution(29038)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29038"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4750",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name": "23679",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23679"
},
{
"name": "24435",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24435"
},
{
"name": "22085",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22085"
},
{
"name": "22043",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22043"
},
{
"name": "SUSE-SA:2006:056",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_56_gzip.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-218.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-218.htm"
},
{
"name": "22487",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22487"
},
{
"name": "https://issues.rpath.com/browse/RPL-615",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-615"
},
{
"name": "22033",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22033"
},
{
"name": "22002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22002"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=304829",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "21996",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21996"
},
{
"name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676",
"refsource": "MISC",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676"
},
{
"name": "22009",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22009"
},
{
"name": "22017",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22017"
},
{
"name": "ADV-2007-0092",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0092"
},
{
"name": "RHSA-2006:0667",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0667.html"
},
{
"name": "ADV-2007-1171",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1171"
},
{
"name": "GLSA-200609-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200609-13.xml"
},
{
"name": "oval:org.mitre.oval:def:10527",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10527"
},
{
"name": "FLSA:211760",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/451324/100/0/threaded"
},
{
"name": "FreeBSD-SA-06:21",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-06:21.gzip.asc"
},
{
"name": "OpenPKG-SA-2006.020",
"refsource": "OPENPKG",
"url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.020-gzip.html"
},
{
"name": "USN-349-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-349-1"
},
{
"name": "http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html"
},
{
"name": "22435",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22435"
},
{
"name": "gzip-huftbuild-code-execution(29038)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29038"
},
{
"name": "20070330 VMSA-2007-0002 VMware ESX security updates",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464268/100/0/threaded"
},
{
"name": "22027",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22027"
},
{
"name": "MDKSA-2006:167",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:167"
},
{
"name": "23155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23155"
},
{
"name": "HPSBUX02195",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/462007/100/0/threaded"
},
{
"name": "20101",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20101"
},
{
"name": "2006-0052",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0052/"
},
{
"name": "102766",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102766-1"
},
{
"name": "HPSBTU02168",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/450078/100/0/threaded"
},
{
"name": "VU#933712",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/933712"
},
{
"name": "APPLE-SA-2006-11-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
},
{
"name": "20060919 rPSA-2006-0170-1 gzip",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446426/100/0/threaded"
},
{
"name": "24636",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24636"
},
{
"name": "22012",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22012"
},
{
"name": "20061001-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"
},
{
"name": "1016883",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016883"
},
{
"name": "SSRT061237",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/450078/100/0/threaded"
},
{
"name": "SSA:2006-262",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852"
},
{
"name": "22034",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22034"
},
{
"name": "22101",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22101"
},
{
"name": "DSA-1181",
"refsource": "DEBIAN",
"url": "http://www.us.debian.org/security/2006/dsa-1181"
},
{
"name": "ADV-2007-0832",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0832"
},
{
"name": "22661",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22661"
},
{
"name": "ADV-2006-4275",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4275"
}
]
}
}

160
2006/4xxx/CVE-2006-4468.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4468",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to unvalidated input, allow attackers to have an unknown impact via unspecified vectors involving the (1) mosMail, (2) JosIsValidEmail, and (3) josSpoofValue functions; (4) the lack of inclusion of globals.php in administrator/index.php; (5) the Admin User Manager; and (6) the poll module."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.joomla.org/content/view/1841/78/",
"refsource" : "CONFIRM",
"url" : "http://www.joomla.org/content/view/1841/78/"
},
{
"name" : "http://www.joomla.org/content/view/1843/74/",
"refsource" : "CONFIRM",
"url" : "http://www.joomla.org/content/view/1843/74/"
},
{
"name" : "ADV-2006-3408",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3408"
},
{
"name" : "21666",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21666"
},
{
"name" : "joomla-email-errors(28628)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28628"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to unvalidated input, allow attackers to have an unknown impact via unspecified vectors involving the (1) mosMail, (2) JosIsValidEmail, and (3) josSpoofValue functions; (4) the lack of inclusion of globals.php in administrator/index.php; (5) the Admin User Manager; and (6) the poll module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3408",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3408"
},
{
"name": "http://www.joomla.org/content/view/1841/78/",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/content/view/1841/78/"
},
{
"name": "21666",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21666"
},
{
"name": "joomla-email-errors(28628)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28628"
},
{
"name": "http://www.joomla.org/content/view/1843/74/",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/content/view/1843/74/"
}
]
}
}

160
2006/4xxx/CVE-2006-4803.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4803",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors involving certain environment variables and \"code injection.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974421.htm",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974421.htm"
},
{
"name" : "20016",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20016"
},
{
"name" : "ADV-2006-3607",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3607"
},
{
"name" : "1016853",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016853"
},
{
"name" : "21888",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21888"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors involving certain environment variables and \"code injection.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3607",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3607"
},
{
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974421.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974421.htm"
},
{
"name": "21888",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21888"
},
{
"name": "1016853",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016853"
},
{
"name": "20016",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20016"
}
]
}
}

200
2006/4xxx/CVE-2006-4968.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4968",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in includes/functions_admin.php in PNphpBB 1.2g allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4968",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060918 AzzCoder => PNphpBB (Latest) Remote File Include",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446267/100/0/threaded"
},
{
"name" : "20060920 Re: AzzCoder => PNphpBB (Latest) Remote File Include",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446568/100/0/threaded"
},
{
"name" : "20060921 Re: AzzCoder => PNphpBB (Latest) Remote File Include",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/446617"
},
{
"name" : "2390",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2390"
},
{
"name" : "http://noc.postnuke.com/frs/download.php/1094/patch_1.2g-1.2i.diff.gz",
"refsource" : "CONFIRM",
"url" : "http://noc.postnuke.com/frs/download.php/1094/patch_1.2g-1.2i.diff.gz"
},
{
"name" : "20097",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20097"
},
{
"name" : "ADV-2006-3671",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3671"
},
{
"name" : "1016912",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016912"
},
{
"name" : "pnphpbb2-functionsadmin-file-include(29014)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29014"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in includes/functions_admin.php in PNphpBB 1.2g allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20097",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20097"
},
{
"name": "20060921 Re: AzzCoder => PNphpBB (Latest) Remote File Include",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446617"
},
{
"name": "2390",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2390"
},
{
"name": "ADV-2006-3671",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3671"
},
{
"name": "http://noc.postnuke.com/frs/download.php/1094/patch_1.2g-1.2i.diff.gz",
"refsource": "CONFIRM",
"url": "http://noc.postnuke.com/frs/download.php/1094/patch_1.2g-1.2i.diff.gz"
},
{
"name": "pnphpbb2-functionsadmin-file-include(29014)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29014"
},
{
"name": "20060918 AzzCoder => PNphpBB (Latest) Remote File Include",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446267/100/0/threaded"
},
{
"name": "20060920 Re: AzzCoder => PNphpBB (Latest) Remote File Include",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446568/100/0/threaded"
},
{
"name": "1016912",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016912"
}
]
}
}

420
2010/2xxx/CVE-2010-2174.json
View File

@ -1,212 +1,212 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2174",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an \"invalid pointer vulnerability\" and the newfunction (0x44) operator, a different vulnerability than CVE-2010-2173."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2174",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100616 VUPEN Security Research - Adobe Flash Player \"newfunction\" Invalid Pointer Vulnerability (CVE-2010-2174)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/511849/100/0/threaded"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-14.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
},
{
"name" : "http://support.apple.com/kb/HT4435",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4435"
},
{
"name" : "APPLE-SA-2010-11-10-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name" : "GLSA-201101-09",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201101-09.xml"
},
{
"name" : "HPSBMA02547",
"refsource" : "HP",
"url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name" : "SSRT100179",
"refsource" : "HP",
"url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name" : "RHSA-2010:0464",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0464.html"
},
{
"name" : "RHSA-2010:0470",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0470.html"
},
{
"name" : "SUSE-SA:2010:024",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html"
},
{
"name" : "SUSE-SR:2010:013",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name" : "TLSA-2010-19",
"refsource" : "TURBO",
"url" : "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt"
},
{
"name" : "TA10-162A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-162A.html"
},
{
"name" : "40759",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40759"
},
{
"name" : "40805",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40805"
},
{
"name" : "oval:org.mitre.oval:def:7528",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7528"
},
{
"name" : "oval:org.mitre.oval:def:15360",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15360"
},
{
"name" : "1024085",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024085"
},
{
"name" : "1024086",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024086"
},
{
"name" : "40144",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40144"
},
{
"name" : "40545",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40545"
},
{
"name" : "43026",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43026"
},
{
"name" : "ADV-2010-1453",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1453"
},
{
"name" : "ADV-2010-1421",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1421"
},
{
"name" : "ADV-2010-1432",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1432"
},
{
"name" : "ADV-2010-1434",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1434"
},
{
"name" : "ADV-2010-1482",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1482"
},
{
"name" : "ADV-2010-1522",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1522"
},
{
"name" : "ADV-2010-1793",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1793"
},
{
"name" : "ADV-2011-0192",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0192"
},
{
"name" : "adobe-fpair-invalidpointer-ce(59323)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59323"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors, related to an \"invalid pointer vulnerability\" and the newfunction (0x44) operator, a different vulnerability than CVE-2010-2173."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0192",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0192"
},
{
"name": "ADV-2010-1421",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1421"
},
{
"name": "http://support.apple.com/kb/HT4435",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "40545",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40545"
},
{
"name": "RHSA-2010:0464",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0464.html"
},
{
"name": "ADV-2010-1793",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1793"
},
{
"name": "43026",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43026"
},
{
"name": "ADV-2010-1432",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1432"
},
{
"name": "GLSA-201101-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201101-09.xml"
},
{
"name": "TA10-162A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-162A.html"
},
{
"name": "APPLE-SA-2010-11-10-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "40759",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40759"
},
{
"name": "1024085",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024085"
},
{
"name": "SUSE-SR:2010:013",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "1024086",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024086"
},
{
"name": "ADV-2010-1434",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1434"
},
{
"name": "40805",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40805"
},
{
"name": "TLSA-2010-19",
"refsource": "TURBO",
"url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt"
},
{
"name": "SSRT100179",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name": "SUSE-SA:2010:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html"
},
{
"name": "adobe-fpair-invalidpointer-ce(59323)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59323"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-14.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-14.html"
},
{
"name": "20100616 VUPEN Security Research - Adobe Flash Player \"newfunction\" Invalid Pointer Vulnerability (CVE-2010-2174)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511849/100/0/threaded"
},
{
"name": "40144",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40144"
},
{
"name": "RHSA-2010:0470",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0470.html"
},
{
"name": "ADV-2010-1482",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1482"
},
{
"name": "oval:org.mitre.oval:def:7528",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7528"
},
{
"name": "HPSBMA02547",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"
},
{
"name": "oval:org.mitre.oval:def:15360",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15360"
},
{
"name": "ADV-2010-1522",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1522"
},
{
"name": "ADV-2010-1453",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1453"
}
]
}
}

150
2010/2xxx/CVE-2010-2742.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2742",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka \"Netlogon RPC Null dereference DOS Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-2742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS10-101",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-101"
},
{
"name" : "TA10-348A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
},
{
"name" : "oval:org.mitre.oval:def:11963",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11963"
},
{
"name" : "1024883",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024883"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka \"Netlogon RPC Null dereference DOS Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA10-348A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html"
},
{
"name": "MS10-101",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-101"
},
{
"name": "oval:org.mitre.oval:def:11963",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11963"
},
{
"name": "1024883",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024883"
}
]
}
}

340
2010/2xxx/CVE-2010-2939.json
View File

@ -1,172 +1,172 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2939",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name" : "20100807 openssl-1.0.0a",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2010/Aug/84"
},
{
"name" : "[openssl-dev] 20100807 Re: openssl-1.0.0a and glibc detected sthg ;)",
"refsource" : "MLIST",
"url" : "http://www.mail-archive.com/openssl-dev@openssl.org/msg28045.html"
},
{
"name" : "[openssl-dev] 20100807 openssl-1.0.0a and glibc detected sthg ;)",
"refsource" : "MLIST",
"url" : "http://www.mail-archive.com/openssl-dev@openssl.org/msg28043.html"
},
{
"name" : "[openssl-dev] 20100808 Re: openssl-1.0.0a and glibc detected sthg ;)",
"refsource" : "MLIST",
"url" : "http://www.mail-archive.com/openssl-dev@openssl.org/msg28049.html"
},
{
"name" : "[oss-security] 20100812 Re: CVE Request: openssl double free",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/08/11/6"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name" : "DSA-2100",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2100"
},
{
"name" : "FreeBSD-SA-10:10",
"refsource" : "FREEBSD",
"url" : "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc"
},
{
"name" : "HPSBMA02662",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=130331363227777&w=2"
},
{
"name" : "SSRT100409",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=130331363227777&w=2"
},
{
"name" : "SSA:2010-326-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668793"
},
{
"name" : "SUSE-SR:2010:021",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
},
{
"name" : "USN-1003-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1003-1"
},
{
"name" : "1024296",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024296"
},
{
"name" : "40906",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40906"
},
{
"name" : "41105",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41105"
},
{
"name" : "42309",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42309"
},
{
"name" : "42413",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42413"
},
{
"name" : "43312",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43312"
},
{
"name" : "ADV-2010-2038",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2038"
},
{
"name" : "ADV-2010-2229",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2229"
},
{
"name" : "ADV-2010-3077",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3077"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSA:2010-326-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668793"
},
{
"name": "[openssl-dev] 20100808 Re: openssl-1.0.0a and glibc detected sthg ;)",
"refsource": "MLIST",
"url": "http://www.mail-archive.com/openssl-dev@openssl.org/msg28049.html"
},
{
"name": "HPSBMA02662",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130331363227777&w=2"
},
{
"name": "42413",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42413"
},
{
"name": "40906",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40906"
},
{
"name": "DSA-2100",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2100"
},
{
"name": "[oss-security] 20100812 Re: CVE Request: openssl double free",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/08/11/6"
},
{
"name": "20100807 openssl-1.0.0a",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2010/Aug/84"
},
{
"name": "ADV-2010-2229",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2229"
},
{
"name": "ADV-2010-2038",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2038"
},
{
"name": "1024296",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024296"
},
{
"name": "USN-1003-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1003-1"
},
{
"name": "SSRT100409",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130331363227777&w=2"
},
{
"name": "42309",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42309"
},
{
"name": "ADV-2010-3077",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3077"
},
{
"name": "FreeBSD-SA-10:10",
"refsource": "FREEBSD",
"url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc"
},
{
"name": "43312",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43312"
},
{
"name": "SUSE-SR:2010:021",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "[openssl-dev] 20100807 openssl-1.0.0a and glibc detected sthg ;)",
"refsource": "MLIST",
"url": "http://www.mail-archive.com/openssl-dev@openssl.org/msg28043.html"
},
{
"name": "[openssl-dev] 20100807 Re: openssl-1.0.0a and glibc detected sthg ;)",
"refsource": "MLIST",
"url": "http://www.mail-archive.com/openssl-dev@openssl.org/msg28045.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "41105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41105"
}
]
}
}

140
2010/3xxx/CVE-2010-3318.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3318",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 transmits passwords in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "PJ37426",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PJ37426"
},
{
"name" : "43136",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43136"
},
{
"name" : "41344",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41344"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 transmits passwords in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43136",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43136"
},
{
"name": "41344",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41344"
},
{
"name": "PJ37426",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PJ37426"
}
]
}
}

170
2010/4xxx/CVE-2010-4415.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4415",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libc."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-4415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name" : "45904",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45904"
},
{
"name" : "1024975",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024975"
},
{
"name" : "42984",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42984"
},
{
"name" : "ADV-2011-0151",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0151"
},
{
"name" : "solaris-libc-privilege-escalation(64803)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64803"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "solaris-libc-privilege-escalation(64803)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64803"
},
{
"name": "42984",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42984"
},
{
"name": "45904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45904"
},
{
"name": "1024975",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024975"
},
{
"name": "ADV-2011-0151",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0151"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
}
]
}
}

120
2010/4xxx/CVE-2010-4889.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4889",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018/"
}
]
}
}

150
2011/1xxx/CVE-2011-1388.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1388",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the TestCompatibilityRecordMode method, which allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21576352",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21576352"
},
{
"name" : "47286",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47286"
},
{
"name" : "47310",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47310"
},
{
"name" : "rr-bcf-code-execution(71694)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71694"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the TestCompatibilityRecordMode method, which allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47286",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47286"
},
{
"name": "rr-bcf-code-execution(71694)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71694"
},
{
"name": "47310",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47310"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21576352",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21576352"
}
]
}
}

170
2011/5xxx/CVE-2011-5048.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5048",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in IBM Web Experience Factory (aka WEF, formerly WebSphere Portlet Factory) 7.0 and 7.0.1 allow remote attackers to inject arbitrary web script or HTML via a (1) text INPUT element or (2) TEXTAREA element, related to an interaction between Smart Refresh and Dojo."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21575083",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21575083"
},
{
"name" : "LO65984",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1LO65984"
},
{
"name" : "LO65985",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1LO65985"
},
{
"name" : "51246",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51246"
},
{
"name" : "1026481",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026481"
},
{
"name" : "wef-input-textarea-xss(72115)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72115"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Web Experience Factory (aka WEF, formerly WebSphere Portlet Factory) 7.0 and 7.0.1 allow remote attackers to inject arbitrary web script or HTML via a (1) text INPUT element or (2) TEXTAREA element, related to an interaction between Smart Refresh and Dojo."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "LO65984",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LO65984"
},
{
"name": "LO65985",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1LO65985"
},
{
"name": "wef-input-textarea-xss(72115)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72115"
},
{
"name": "51246",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51246"
},
{
"name": "1026481",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026481"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21575083",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21575083"
}
]
}
}

220
2014/3xxx/CVE-2014-3575.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3575",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140821 CVE-2014-3575:OpenOffice Targeted Data Exposure Using Crafted OLE Objects",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-08/0115.html"
},
{
"name" : "http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced/",
"refsource" : "CONFIRM",
"url" : "http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced/"
},
{
"name" : "http://www.openoffice.org/security/cves/CVE-2014-3575.html",
"refsource" : "CONFIRM",
"url" : "http://www.openoffice.org/security/cves/CVE-2014-3575.html"
},
{
"name" : "FEDORA-2014-10732",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/137657.html"
},
{
"name" : "GLSA-201603-05",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201603-05"
},
{
"name" : "RHSA-2015:0377",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0377.html"
},
{
"name" : "69354",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69354"
},
{
"name" : "1030754",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030754"
},
{
"name" : "59600",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59600"
},
{
"name" : "59877",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59877"
},
{
"name" : "apache-openoffice-cve20143575-info-disc(95420)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95420"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2014-10732",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/137657.html"
},
{
"name": "69354",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69354"
},
{
"name": "apache-openoffice-cve20143575-info-disc(95420)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95420"
},
{
"name": "http://www.openoffice.org/security/cves/CVE-2014-3575.html",
"refsource": "CONFIRM",
"url": "http://www.openoffice.org/security/cves/CVE-2014-3575.html"
},
{
"name": "http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced/",
"refsource": "CONFIRM",
"url": "http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced/"
},
{
"name": "RHSA-2015:0377",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0377.html"
},
{
"name": "59877",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59877"
},
{
"name": "20140821 CVE-2014-3575:OpenOffice Targeted Data Exposure Using Crafted OLE Objects",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-08/0115.html"
},
{
"name": "GLSA-201603-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-05"
},
{
"name": "59600",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59600"
},
{
"name": "1030754",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030754"
}
]
}
}

240
2014/3xxx/CVE-2014-3610.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3610",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141024 kvm issues",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/10/24/9"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=854e8bb1aa06c578c2c9145fa6bfe3680ef63b23",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=854e8bb1aa06c578c2c9145fa6bfe3680ef63b23"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1144883",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1144883"
},
{
"name" : "https://github.com/torvalds/linux/commit/854e8bb1aa06c578c2c9145fa6bfe3680ef63b23",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/854e8bb1aa06c578c2c9145fa6bfe3680ef63b23"
},
{
"name" : "DSA-3060",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3060"
},
{
"name" : "RHSA-2015:0869",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0869.html"
},
{
"name" : "SUSE-SU-2015:0481",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
},
{
"name" : "openSUSE-SU-2015:0566",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
},
{
"name" : "USN-2394-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2394-1"
},
{
"name" : "USN-2417-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2417-1"
},
{
"name" : "USN-2418-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2418-1"
},
{
"name" : "USN-2491-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2491-1"
},
{
"name" : "70742",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70742"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1144883",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144883"
},
{
"name": "USN-2491-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2491-1"
},
{
"name": "USN-2418-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2418-1"
},
{
"name": "70742",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70742"
},
{
"name": "USN-2417-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2417-1"
},
{
"name": "https://github.com/torvalds/linux/commit/854e8bb1aa06c578c2c9145fa6bfe3680ef63b23",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/854e8bb1aa06c578c2c9145fa6bfe3680ef63b23"
},
{
"name": "DSA-3060",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3060"
},
{
"name": "RHSA-2015:0869",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0869.html"
},
{
"name": "SUSE-SU-2015:0481",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
},
{
"name": "openSUSE-SU-2015:0566",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
},
{
"name": "USN-2394-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2394-1"
},
{
"name": "[oss-security] 20141024 kvm issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/10/24/9"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=854e8bb1aa06c578c2c9145fa6bfe3680ef63b23",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=854e8bb1aa06c578c2c9145fa6bfe3680ef63b23"
}
]
}
}

180
2014/3xxx/CVE-2014-3857.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3857",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) x_16 or (2) x_17 parameter to print.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140630 Kerio Control <= 8.3.1 Boolean-based blind SQL Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/532607/100/0/threaded"
},
{
"name" : "33954",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/33954"
},
{
"name" : "http://fereidani.com/articles/show/76_kerio_control_8_3_1_boolean_based_blind_sql_injection",
"refsource" : "MISC",
"url" : "http://fereidani.com/articles/show/76_kerio_control_8_3_1_boolean_based_blind_sql_injection"
},
{
"name" : "http://packetstormsecurity.com/files/127320/Kerio-Control-8.3.1-Blind-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127320/Kerio-Control-8.3.1-Blind-SQL-Injection.html"
},
{
"name" : "http://www.kerio.com/support/kerio-control/release-history",
"refsource" : "CONFIRM",
"url" : "http://www.kerio.com/support/kerio-control/release-history"
},
{
"name" : "108584",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/show/osvdb/108584"
},
{
"name" : "59215",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59215"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) x_16 or (2) x_17 parameter to print.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "59215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59215"
},
{
"name": "33954",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/33954"
},
{
"name": "http://www.kerio.com/support/kerio-control/release-history",
"refsource": "CONFIRM",
"url": "http://www.kerio.com/support/kerio-control/release-history"
},
{
"name": "http://packetstormsecurity.com/files/127320/Kerio-Control-8.3.1-Blind-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127320/Kerio-Control-8.3.1-Blind-SQL-Injection.html"
},
{
"name": "20140630 Kerio Control <= 8.3.1 Boolean-based blind SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532607/100/0/threaded"
},
{
"name": "http://fereidani.com/articles/show/76_kerio_control_8_3_1_boolean_based_blind_sql_injection",
"refsource": "MISC",
"url": "http://fereidani.com/articles/show/76_kerio_control_8_3_1_boolean_based_blind_sql_injection"
},
{
"name": "108584",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/108584"
}
]
}
}

190
2014/3xxx/CVE-2014-3994.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3994",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140606 Re: Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q2/498"
},
{
"name" : "[oss-security] 20140606 Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q2/494"
},
{
"name" : "https://code.google.com/p/reviewboard/issues/detail?id=3406",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/reviewboard/issues/detail?id=3406"
},
{
"name" : "https://github.com/djblets/djblets/commit/50000d0bbb983fa8c097b588d06b64df8df483bd",
"refsource" : "CONFIRM",
"url" : "https://github.com/djblets/djblets/commit/50000d0bbb983fa8c097b588d06b64df8df483bd"
},
{
"name" : "https://github.com/djblets/djblets/commit/77a68c03cd619a0996f3f37337b8c39ca6643d6e",
"refsource" : "CONFIRM",
"url" : "https://github.com/djblets/djblets/commit/77a68c03cd619a0996f3f37337b8c39ca6643d6e"
},
{
"name" : "https://github.com/djblets/djblets/commit/e2c79117efd925636acd871a5f473512602243cf",
"refsource" : "CONFIRM",
"url" : "https://github.com/djblets/djblets/commit/e2c79117efd925636acd871a5f473512602243cf"
},
{
"name" : "67932",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67932"
},
{
"name" : "58691",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58691"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140606 Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/494"
},
{
"name": "[oss-security] 20140606 Re: Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers)",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/498"
},
{
"name": "67932",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67932"
},
{
"name": "https://code.google.com/p/reviewboard/issues/detail?id=3406",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/reviewboard/issues/detail?id=3406"
},
{
"name": "https://github.com/djblets/djblets/commit/77a68c03cd619a0996f3f37337b8c39ca6643d6e",
"refsource": "CONFIRM",
"url": "https://github.com/djblets/djblets/commit/77a68c03cd619a0996f3f37337b8c39ca6643d6e"
},
{
"name": "58691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58691"
},
{
"name": "https://github.com/djblets/djblets/commit/e2c79117efd925636acd871a5f473512602243cf",
"refsource": "CONFIRM",
"url": "https://github.com/djblets/djblets/commit/e2c79117efd925636acd871a5f473512602243cf"
},
{
"name": "https://github.com/djblets/djblets/commit/50000d0bbb983fa8c097b588d06b64df8df483bd",
"refsource": "CONFIRM",
"url": "https://github.com/djblets/djblets/commit/50000d0bbb983fa8c097b588d06b64df8df483bd"
}
]
}
}

140
2014/7xxx/CVE-2014-7038.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7038",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Al Jazeera (aka com.Al.Jazeera.net) application 6.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#763865",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/763865"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Al Jazeera (aka com.Al.Jazeera.net) application 6.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#763865",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/763865"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

34
2014/7xxx/CVE-2014-7304.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7304",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7304",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/7xxx/CVE-2014-7792.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7792",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-7792",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

140
2014/7xxx/CVE-2014-7893.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7893",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCheckScanner.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2507."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2014-7893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBHF03279",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185"
},
{
"name" : "SSRT101691",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185"
},
{
"name" : "1031840",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031840"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCheckScanner.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2507."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031840",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031840"
},
{
"name": "SSRT101691",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185"
},
{
"name": "HPSBHF03279",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185"
}
]
}
}

140
2014/8xxx/CVE-2014-8074.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8074",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the SetLogFile method in Foxit.FoxitPDFSDKProCtrl.5 in Foxit PDF SDK ActiveX 2.3 through 5.0.1820 before 5.0.2.924 allows remote attackers to execute arbitrary code via a long string, related to global variables."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-362/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-362/"
},
{
"name" : "http://www.foxitsoftware.com/support/security_bulletins.php#FRD-22",
"refsource" : "CONFIRM",
"url" : "http://www.foxitsoftware.com/support/security_bulletins.php#FRD-22"
},
{
"name" : "70608",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70608"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the SetLogFile method in Foxit.FoxitPDFSDKProCtrl.5 in Foxit PDF SDK ActiveX 2.3 through 5.0.1820 before 5.0.2.924 allows remote attackers to execute arbitrary code via a long string, related to global variables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.foxitsoftware.com/support/security_bulletins.php#FRD-22",
"refsource": "CONFIRM",
"url": "http://www.foxitsoftware.com/support/security_bulletins.php#FRD-22"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-362/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-362/"
},
{
"name": "70608",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70608"
}
]
}
}

320
2014/8xxx/CVE-2014-8137.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8137",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ocert.org/advisories/ocert-2014-012.html",
"refsource" : "MISC",
"url" : "https://www.ocert.org/advisories/ocert-2014-012.html"
},
{
"name" : "http://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.html"
},
{
"name" : "http://advisories.mageia.org/MGASA-2014-0539.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2014-0539.html"
},
{
"name" : "DSA-3106",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3106"
},
{
"name" : "MDVSA-2015:012",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:012"
},
{
"name" : "MDVSA-2015:159",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:159"
},
{
"name" : "RHSA-2014:2021",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-2021.html"
},
{
"name" : "RHSA-2015:0698",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0698.html"
},
{
"name" : "RHSA-2015:1713",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1713.html"
},
{
"name" : "SSA:2015-302-02",
"refsource" : "SLACKWARE",
"url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606"
},
{
"name" : "openSUSE-SU-2015:0038",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-01/msg00013.html"
},
{
"name" : "openSUSE-SU-2015:0039",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-01/msg00014.html"
},
{
"name" : "openSUSE-SU-2015:0042",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-01/msg00017.html"
},
{
"name" : "USN-2483-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2483-1"
},
{
"name" : "USN-2483-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2483-2"
},
{
"name" : "71742",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71742"
},
{
"name" : "1033459",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033459"
},
{
"name" : "61747",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61747"
},
{
"name" : "62311",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62311"
},
{
"name" : "62615",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62615"
},
{
"name" : "62619",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62619"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2015:012",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:012"
},
{
"name": "DSA-3106",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3106"
},
{
"name": "62619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62619"
},
{
"name": "openSUSE-SU-2015:0038",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00013.html"
},
{
"name": "openSUSE-SU-2015:0042",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00017.html"
},
{
"name": "61747",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61747"
},
{
"name": "http://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129660/JasPer-1.900.1-Double-Free-Heap-Overflow.html"
},
{
"name": "USN-2483-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2483-2"
},
{
"name": "USN-2483-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2483-1"
},
{
"name": "https://www.ocert.org/advisories/ocert-2014-012.html",
"refsource": "MISC",
"url": "https://www.ocert.org/advisories/ocert-2014-012.html"
},
{
"name": "62615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62615"
},
{
"name": "1033459",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033459"
},
{
"name": "RHSA-2015:0698",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0698.html"
},
{
"name": "openSUSE-SU-2015:0039",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00014.html"
},
{
"name": "62311",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62311"
},
{
"name": "RHSA-2014:2021",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-2021.html"
},
{
"name": "71742",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71742"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0539.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0539.html"
},
{
"name": "SSA:2015-302-02",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606"
},
{
"name": "MDVSA-2015:159",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:159"
},
{
"name": "RHSA-2015:1713",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1713.html"
}
]
}
}

170
2014/8xxx/CVE-2014-8311.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8311",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141008 [Onapsis Security Advisory 2014-031] SAP Business Objects Information Disclosure via CORBA",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/533648/100/0/threaded"
},
{
"name" : "20141008 [Onapsis Security Advisory 2014-031] SAP Business Objects Information Disclosure via CORBA",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Oct/39"
},
{
"name" : "http://packetstormsecurity.com/files/128601/SAP-Business-Objects-Information-Disclosure-Via-CORBA.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128601/SAP-Business-Objects-Information-Disclosure-Via-CORBA.html"
},
{
"name" : "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-031",
"refsource" : "MISC",
"url" : "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-031"
},
{
"name" : "https://service.sap.com/sap/support/notes/1998990",
"refsource" : "CONFIRM",
"url" : "https://service.sap.com/sap/support/notes/1998990"
},
{
"name" : "sap-businessobjects-corba-info-disc(96876)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96876"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sap-businessobjects-corba-info-disc(96876)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96876"
},
{
"name": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-031",
"refsource": "MISC",
"url": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-031"
},
{
"name": "20141008 [Onapsis Security Advisory 2014-031] SAP Business Objects Information Disclosure via CORBA",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533648/100/0/threaded"
},
{
"name": "20141008 [Onapsis Security Advisory 2014-031] SAP Business Objects Information Disclosure via CORBA",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/39"
},
{
"name": "https://service.sap.com/sap/support/notes/1998990",
"refsource": "CONFIRM",
"url": "https://service.sap.com/sap/support/notes/1998990"
},
{
"name": "http://packetstormsecurity.com/files/128601/SAP-Business-Objects-Information-Disclosure-Via-CORBA.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128601/SAP-Business-Objects-Information-Disclosure-Via-CORBA.html"
}
]
}
}

220
2014/8xxx/CVE-2014-8439.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8439",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2014-8439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://helpx.adobe.com/security/products/flash-player/apsb14-22.html",
"refsource" : "CONFIRM",
"url" : "http://helpx.adobe.com/security/products/flash-player/apsb14-22.html"
},
{
"name" : "http://helpx.adobe.com/security/products/flash-player/apsb14-26.html",
"refsource" : "CONFIRM",
"url" : "http://helpx.adobe.com/security/products/flash-player/apsb14-26.html"
},
{
"name" : "https://www.f-secure.com/weblog/archives/00002768.html",
"refsource" : "CONFIRM",
"url" : "https://www.f-secure.com/weblog/archives/00002768.html"
},
{
"name" : "RHSA-2014:1915",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1915.html"
},
{
"name" : "openSUSE-SU-2014:1508",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00020.html"
},
{
"name" : "SUSE-SU-2014:1545",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00001.html"
},
{
"name" : "openSUSE-SU-2014:1562",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00004.html"
},
{
"name" : "71289",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71289"
},
{
"name" : "1031259",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031259"
},
{
"name" : "60217",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60217"
},
{
"name" : "adobe-flash-cve20148439-code-exec(98932)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98932"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "adobe-flash-cve20148439-code-exec(98932)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98932"
},
{
"name": "https://www.f-secure.com/weblog/archives/00002768.html",
"refsource": "CONFIRM",
"url": "https://www.f-secure.com/weblog/archives/00002768.html"
},
{
"name": "1031259",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031259"
},
{
"name": "openSUSE-SU-2014:1562",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00004.html"
},
{
"name": "71289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71289"
},
{
"name": "60217",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60217"
},
{
"name": "SUSE-SU-2014:1545",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00001.html"
},
{
"name": "openSUSE-SU-2014:1508",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00020.html"
},
{
"name": "RHSA-2014:1915",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1915.html"
},
{
"name": "http://helpx.adobe.com/security/products/flash-player/apsb14-22.html",
"refsource": "CONFIRM",
"url": "http://helpx.adobe.com/security/products/flash-player/apsb14-22.html"
},
{
"name": "http://helpx.adobe.com/security/products/flash-player/apsb14-26.html",
"refsource": "CONFIRM",
"url": "http://helpx.adobe.com/security/products/flash-player/apsb14-26.html"
}
]
}
}

34
2014/8xxx/CVE-2014-8938.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8938",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8938",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/9xxx/CVE-2014-9234.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9234",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141117 Vulnerabilities in D-Link DCS-2103",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Nov/42"
},
{
"name" : "http://packetstormsecurity.com/files/129138/D-Link-DCS-2103-Directory-Traversal.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129138/D-Link-DCS-2103-Directory-Traversal.html"
},
{
"name" : "http://websecurity.com.ua/7250/",
"refsource" : "MISC",
"url" : "http://websecurity.com.ua/7250/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141117 Vulnerabilities in D-Link DCS-2103",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Nov/42"
},
{
"name": "http://websecurity.com.ua/7250/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/7250/"
},
{
"name": "http://packetstormsecurity.com/files/129138/D-Link-DCS-2103-Directory-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129138/D-Link-DCS-2103-Directory-Traversal.html"
}
]
}
}

120
2014/9xxx/CVE-2014-9406.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9406",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier has a default password of password for the admin account, which makes it easier for remote attackers to obtain access via a request to home_loggedout.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141216 CVE-2014-5437: Arris TG862G - Cross-site Request Forgery (CSRF)",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Dec/57"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier has a default password of password for the admin account, which makes it easier for remote attackers to obtain access via a request to home_loggedout.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141216 CVE-2014-5437: Arris TG862G - Cross-site Request Forgery (CSRF)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/57"
}
]
}
}

160
2014/9xxx/CVE-2014-9813.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9813",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20141224 Imagemagick fuzzing bug",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/12/24/1"
},
{
"name" : "[oss-security] 20160602 Re: ImageMagick CVEs",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=35aa01dd5511a2616a6427f7d5d49de0132aeb5f",
"refsource" : "CONFIRM",
"url" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=35aa01dd5511a2616a6427f7d5d49de0132aeb5f"
},
{
"name" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=ae8e15370f269a529623b762c1355ab1dbab712e",
"refsource" : "CONFIRM",
"url" : "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=ae8e15370f269a529623b762c1355ab1dbab712e"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343469",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1343469"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=35aa01dd5511a2616a6427f7d5d49de0132aeb5f",
"refsource": "CONFIRM",
"url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=35aa01dd5511a2616a6427f7d5d49de0132aeb5f"
},
{
"name": "[oss-security] 20160602 Re: ImageMagick CVEs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/02/13"
},
{
"name": "[oss-security] 20141224 Imagemagick fuzzing bug",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/12/24/1"
},
{
"name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=ae8e15370f269a529623b762c1355ab1dbab712e",
"refsource": "CONFIRM",
"url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=ae8e15370f269a529623b762c1355ab1dbab712e"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343469",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343469"
}
]
}
}

140
2016/2xxx/CVE-2016-2087.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2087",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "39656",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/39656/"
},
{
"name" : "http://packetstormsecurity.com/files/136564/Hexchat-IRC-Client-2.11.0-Directory-Traversal.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/136564/Hexchat-IRC-Client-2.11.0-Directory-Traversal.html"
},
{
"name" : "95881",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95881"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39656",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39656/"
},
{
"name": "95881",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95881"
},
{
"name": "http://packetstormsecurity.com/files/136564/Hexchat-IRC-Client-2.11.0-Directory-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/136564/Hexchat-IRC-Client-2.11.0-Directory-Traversal.html"
}
]
}
}

130
2016/2xxx/CVE-2016-2446.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2446",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27441354."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-2446",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-05-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-05-01.html"
},
{
"name" : "1036763",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036763"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27441354."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-05-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-05-01.html"
},
{
"name": "1036763",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036763"
}
]
}
}

34
2016/2xxx/CVE-2016-2717.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2717",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2717",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/2xxx/CVE-2016-2757.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2757",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2757",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

300
2016/2xxx/CVE-2016-2836.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2836",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-2836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-62.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-62.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1154923",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1154923"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1249578",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1249578"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1257765",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1257765"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1258079",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1258079"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1268626",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1268626"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1282502",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1282502"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1283823",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1283823"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=822081",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=822081"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name" : "DSA-3640",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3640"
},
{
"name" : "GLSA-201701-15",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-15"
},
{
"name" : "RHSA-2016:1809",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1809.html"
},
{
"name" : "RHSA-2016:1551",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1551.html"
},
{
"name" : "openSUSE-SU-2016:1964",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html"
},
{
"name" : "openSUSE-SU-2016:2026",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html"
},
{
"name" : "USN-3044-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3044-1"
},
{
"name" : "92261",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92261"
},
{
"name" : "1036508",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036508"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:1809",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1809.html"
},
{
"name": "DSA-3640",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3640"
},
{
"name": "1036508",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036508"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1257765",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1257765"
},
{
"name": "USN-3044-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3044-1"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1282502",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1282502"
},
{
"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-62.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-62.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1268626",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1268626"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1283823",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1283823"
},
{
"name": "RHSA-2016:1551",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1551.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1249578",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1249578"
},
{
"name": "GLSA-201701-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1258079",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1258079"
},
{
"name": "openSUSE-SU-2016:1964",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html"
},
{
"name": "92261",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92261"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1154923",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1154923"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=822081",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=822081"
},
{
"name": "openSUSE-SU-2016:2026",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html"
}
]
}
}

160
2016/6xxx/CVE-2016-6044.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-6044",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Tivoli Storage Manager Extended Edition",
"version" : {
"version_data" : [
{
"version_value" : "6.4"
},
{
"version_value" : "7.1"
},
{
"version_value" : "7.1.1"
},
{
"version_value" : "6.1"
},
{
"version_value" : "6.2"
},
{
"version_value" : "6.3"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Tivoli Storage Manager Extended Edition",
"version": {
"version_data": [
{
"version_value": "6.4"
},
{
"version_value": "7.1"
},
{
"version_value": "7.1.1"
},
{
"version_value": "6.1"
},
{
"version_value": "6.2"
},
{
"version_value": "6.3"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21995754",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21995754"
},
{
"name" : "95091",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95091"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95091",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95091"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21995754",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995754"
}
]
}
}

210
2016/6xxx/CVE-2016-6255.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6255",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "40589",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40589/"
},
{
"name" : "[oss-security] 20160718 libupnp write files via POST",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/07/18/13"
},
{
"name" : "[oss-security] 20160720 Re: libupnp write files via POST",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/07/20/5"
},
{
"name" : "https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd",
"refsource" : "MISC",
"url" : "https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd"
},
{
"name" : "https://twitter.com/mjg59/status/755062278513319936",
"refsource" : "MISC",
"url" : "https://twitter.com/mjg59/status/755062278513319936"
},
{
"name" : "https://www.tenable.com/security/research/tra-2017-10",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2017-10"
},
{
"name" : "https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog",
"refsource" : "CONFIRM",
"url" : "https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog"
},
{
"name" : "DSA-3736",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3736"
},
{
"name" : "GLSA-201701-52",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-52"
},
{
"name" : "92050",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92050"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160720 Re: libupnp write files via POST",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/20/5"
},
{
"name": "https://twitter.com/mjg59/status/755062278513319936",
"refsource": "MISC",
"url": "https://twitter.com/mjg59/status/755062278513319936"
},
{
"name": "https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd",
"refsource": "MISC",
"url": "https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd"
},
{
"name": "https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog"
},
{
"name": "GLSA-201701-52",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-52"
},
{
"name": "40589",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40589/"
},
{
"name": "https://www.tenable.com/security/research/tra-2017-10",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2017-10"
},
{
"name": "[oss-security] 20160718 libupnp write files via POST",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/18/13"
},
{
"name": "DSA-3736",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3736"
},
{
"name": "92050",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92050"
}
]
}
}

160
2016/6xxx/CVE-2016-6724.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2016-6724",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android-4.4.4"
},
{
"version_value" : "Android-5.0.2"
},
{
"version_value" : "Android-5.1.1"
},
{
"version_value" : "Android-6.0"
},
{
"version_value" : "Android-6.0.1"
},
{
"version_value" : "Android-7.0"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A denial of service vulnerability in the Input Manager Service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to cause the device to continually reboot. This issue is rated as Moderate because it is a temporary denial of service that requires a factory reset to fix. Android ID: A-30568284."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of service"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-6724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-4.4.4"
},
{
"version_value": "Android-5.0.2"
},
{
"version_value": "Android-5.1.1"
},
{
"version_value": "Android-6.0"
},
{
"version_value": "Android-6.0.1"
},
{
"version_value": "Android-7.0"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name" : "94180",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94180"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability in the Input Manager Service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to cause the device to continually reboot. This issue is rated as Moderate because it is a temporary denial of service that requires a factory reset to fix. Android ID: A-30568284."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94180",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94180"
},
{
"name": "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-11-01.html"
}
]
}
}

160
2016/6xxx/CVE-2016-6981.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6981",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-6987."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-6981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html"
},
{
"name" : "GLSA-201610-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201610-10"
},
{
"name" : "RHSA-2016:2057",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2057.html"
},
{
"name" : "93492",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93492"
},
{
"name" : "1036985",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036985"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-6987."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201610-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-10"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html"
},
{
"name": "93492",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93492"
},
{
"name": "RHSA-2016:2057",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2057.html"
},
{
"name": "1036985",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036985"
}
]
}
}

150
2016/7xxx/CVE-2016-7385.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@nvidia.com",
"ID" : "CVE-2016-7385",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Quadro, NVS, and GeForce (all versions)",
"version" : {
"version_data" : [
{
"version_value" : "Quadro, NVS, and GeForce (all versions)"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x700010d where a value passed from a user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Overflow"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2016-7385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Quadro, NVS, and GeForce (all versions)",
"version": {
"version_data": [
{
"version_value": "Quadro, NVS, and GeForce (all versions)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "40657",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40657/"
},
{
"name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4247",
"refsource" : "CONFIRM",
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4247"
},
{
"name" : "https://support.lenovo.com/us/en/solutions/LEN-10822",
"refsource" : "CONFIRM",
"url" : "https://support.lenovo.com/us/en/solutions/LEN-10822"
},
{
"name" : "93981",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93981"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x700010d where a value passed from a user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-10822",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-10822"
},
{
"name": "40657",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40657/"
},
{
"name": "93981",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93981"
},
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4247",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4247"
}
]
}
}

200
2016/7xxx/CVE-2016-7878.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2016-7878",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the PSDK's MediaPlayer class. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use After Free"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-7878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier",
"version": {
"version_data": [
{
"version_value": "Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-16-620",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-16-620"
},
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html"
},
{
"name" : "GLSA-201701-17",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-17"
},
{
"name" : "MS16-154",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154"
},
{
"name" : "RHSA-2016:2947",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2947.html"
},
{
"name" : "SUSE-SU-2016:3148",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html"
},
{
"name" : "openSUSE-SU-2016:3160",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html"
},
{
"name" : "94873",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94873"
},
{
"name" : "1037442",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037442"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the PSDK's MediaPlayer class. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-620",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-620"
},
{
"name": "SUSE-SU-2016:3148",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html"
},
{
"name": "MS16-154",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154"
},
{
"name": "GLSA-201701-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-17"
},
{
"name": "94873",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94873"
},
{
"name": "1037442",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037442"
},
{
"name": "RHSA-2016:2947",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2947.html"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-39.html"
},
{
"name": "openSUSE-SU-2016:3160",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html"
}
]
}
}

150
2017/5xxx/CVE-2017-5974.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-5974",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the __zzip_get32 function in fetch.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170214 Re: A note about the multiple crashes in zziplib",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/02/14/3"
},
{
"name" : "https://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-__zzip_get32-fetch-c/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-__zzip_get32-fetch-c/"
},
{
"name" : "DSA-3878",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3878"
},
{
"name" : "96268",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96268"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the __zzip_get32 function in fetch.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-__zzip_get32-fetch-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-__zzip_get32-fetch-c/"
},
{
"name": "[oss-security] 20170214 Re: A note about the multiple crashes in zziplib",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/14/3"
},
{
"name": "96268",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96268"
},
{
"name": "DSA-3878",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3878"
}
]
}
}