admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:10:11 +00:00
parent 3ec7bb6ed8
commit 8ee02677a4
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
57 changed files with 4425 additions and 4425 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

278
2006/0xxx/CVE-2006-0321.json
View File

@ -1,142 +1,142 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0321", "ID": "CVE-2006-0321",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service (crash) via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060122 fetchmail security announcement fetchmail-SA-2006-01 (CVE-2006-0321)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/422936/100/0/threaded" "lang": "eng",
}, "value": "fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service (crash) via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster."
{ }
"name" : "http://fetchmail.berlios.de/fetchmail-SA-2006-01.txt", ]
"refsource" : "CONFIRM", },
"url" : "http://fetchmail.berlios.de/fetchmail-SA-2006-01.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348747", "description": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348747" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://developer.berlios.de/project/shownotes.php?release_id=8784", ]
"refsource" : "CONFIRM", }
"url" : "http://developer.berlios.de/project/shownotes.php?release_id=8784" ]
}, },
{ "references": {
"name" : "APPLE-SA-2006-08-01", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html" "name": "APPLE-SA-2006-08-01",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
"name" : "SSA:2006-045-01", },
"refsource" : "SLACKWARE", {
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.443499" "name": "16365",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/16365"
"name" : "TA06-214A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-214A.html" "name": "http://developer.berlios.de/project/shownotes.php?release_id=8784",
}, "refsource": "CONFIRM",
{ "url": "http://developer.berlios.de/project/shownotes.php?release_id=8784"
"name" : "16365", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16365" "name": "fetchmail-message-bounce-dos(24265)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24265"
"name" : "19289", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/19289" "name": "20060122 fetchmail security announcement fetchmail-SA-2006-01 (CVE-2006-0321)",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/422936/100/0/threaded"
"name" : "ADV-2006-0300", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0300" "name": "http://fetchmail.berlios.de/fetchmail-SA-2006-01.txt",
}, "refsource": "CONFIRM",
{ "url": "http://fetchmail.berlios.de/fetchmail-SA-2006-01.txt"
"name" : "ADV-2006-3101", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3101" "name": "ADV-2006-3101",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3101"
"name" : "22691", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22691" "name": "21253",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21253"
"name" : "1015527", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015527" "name": "18571",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18571"
"name" : "18571", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18571" "name": "SSA:2006-045-01",
}, "refsource": "SLACKWARE",
{ "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.443499"
"name" : "18895", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18895" "name": "ADV-2006-0300",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/0300"
"name" : "21253", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21253" "name": "19289",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/19289"
"name" : "fetchmail-message-bounce-dos(24265)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24265" "name": "TA06-214A",
} "refsource": "CERT",
] "url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
} },
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348747",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348747"
},
{
"name": "22691",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22691"
},
{
"name": "1015527",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015527"
},
{
"name": "18895",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18895"
}
]
}
} }

198
2006/0xxx/CVE-2006-0816.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0816", "ID": "CVE-2006-0816",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot) and (2) space characters in the extension of a URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060323 Secunia Research: Orion Application Server JSP Source DisclosureVulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/428601/100/0/threaded" "lang": "eng",
}, "value": "Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot) and (2) space characters in the extension of a URL."
{ }
"name" : "20060323 Secunia Research: Orion Application Server JSP Source Disclosure Vulnerability", ]
"refsource" : "FULLDISC", },
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1455.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://secunia.com/secunia_research/2006-11/advisory/", "description": [
"refsource" : "MISC", {
"url" : "http://secunia.com/secunia_research/2006-11/advisory/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "17204", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/17204" ]
}, },
{ "references": {
"name" : "ADV-2006-1055", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1055" "name": "http://secunia.com/secunia_research/2006-11/advisory/",
}, "refsource": "MISC",
{ "url": "http://secunia.com/secunia_research/2006-11/advisory/"
"name" : "24053", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/24053" "name": "17204",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/17204"
"name" : "1015823", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015823" "name": "20060323 Secunia Research: Orion Application Server JSP Source DisclosureVulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/428601/100/0/threaded"
"name" : "18950", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18950" "name": "1015823",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1015823"
"name" : "orion-jsp-source-disclosure(25405)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25405" "name": "ADV-2006-1055",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/1055"
} },
{
"name": "24053",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24053"
},
{
"name": "20060323 Secunia Research: Orion Application Server JSP Source Disclosure Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1455.html"
},
{
"name": "orion-jsp-source-disclosure(25405)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25405"
},
{
"name": "18950",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18950"
}
]
}
} }

178
2006/0xxx/CVE-2006-0860.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-0860", "ID": "CVE-2006-0860",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer Guestbox 0.6, and other versions before 0.8, allow remote attackers to inject arbitrary web script or HTML via (1) HTML tags that follow a \"http://\" string, which bypasses a regular expression check, and (2) other unspecified attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060220 Guestbox XSS/an admin bypass", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/425495/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer Guestbox 0.6, and other versions before 0.8, allow remote attackers to inject arbitrary web script or HTML via (1) HTML tags that follow a \"http://\" string, which bypasses a regular expression check, and (2) other unspecified attack vectors."
{ }
"name" : "20060302 Re: Guestbox XSS/an admin bypass", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/426663/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16751", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16751" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-0675", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/0675" ]
}, },
{ "references": {
"name" : "23375", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/23375" "name": "20060302 Re: Guestbox XSS/an admin bypass",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/426663/100/0/threaded"
"name" : "18946", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18946" "name": "20060220 Guestbox XSS/an admin bypass",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/425495/100/0/threaded"
"name" : "guestbox-gbshow-xss(24798)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24798" "name": "ADV-2006-0675",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/0675"
} },
{
"name": "16751",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16751"
},
{
"name": "18946",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18946"
},
{
"name": "guestbox-gbshow-xss(24798)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24798"
},
{
"name": "23375",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23375"
}
]
}
} }

168
2006/1xxx/CVE-2006-1039.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1039", "ID": "CVE-2006-1039",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a \";%20\" followed by encoded HTTP headers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060301 SAP Web Application Server http request url parsing vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/426449/100/0/threaded" "lang": "eng",
}, "value": "SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a \";%20\" followed by encoded HTTP headers."
{ }
"name" : "18006", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/18006" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-0810", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0810" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1015702", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1015702" ]
}, },
{ "references": {
"name" : "19085", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19085" "name": "1015702",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1015702"
"name" : "sap-was-url-obtain-information(25003)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25003" "name": "sap-was-url-obtain-information(25003)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25003"
} },
{
"name": "19085",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19085"
},
{
"name": "18006",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18006"
},
{
"name": "20060301 SAP Web Application Server http request url parsing vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426449/100/0/threaded"
},
{
"name": "ADV-2006-0810",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0810"
}
]
}
} }

148
2006/1xxx/CVE-2006-1433.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-1433", "ID": "CVE-2006-1433",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Annuaire (Directory) 1.0 allows remote attackers to obtain sensitive information via a direct request to include/lang-en.php, which reveals the full installation path."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://osvdb.org/ref/24/24302-annuaire_directory.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://osvdb.org/ref/24/24302-annuaire_directory.txt" "lang": "eng",
}, "value": "Annuaire (Directory) 1.0 allows remote attackers to obtain sensitive information via a direct request to include/lang-en.php, which reveals the full installation path."
{ }
"name" : "24302", ]
"refsource" : "OSVDB", },
"url" : "http://www.osvdb.org/24302" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "19548", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19548" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "annuaire-includelangen-path-disclosure(25668)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25668" ]
} },
] "references": {
} "reference_data": [
{
"name": "24302",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24302"
},
{
"name": "annuaire-includelangen-path-disclosure(25668)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25668"
},
{
"name": "http://osvdb.org/ref/24/24302-annuaire_directory.txt",
"refsource": "MISC",
"url": "http://osvdb.org/ref/24/24302-annuaire_directory.txt"
},
{
"name": "19548",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19548"
}
]
}
} }

148
2006/3xxx/CVE-2006-3022.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3022", "ID": "CVE-2006-3022",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in zoom.php in fipsGallery 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels0.blogspot.com/2006/06/fipsgallery-vuln.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels0.blogspot.com/2006/06/fipsgallery-vuln.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in zoom.php in fipsGallery 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter."
{ }
"name" : "ADV-2006-2294", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2006/2294" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20559", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20559" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "fipsgallery-zoom-xss(27077)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27077" ]
} },
] "references": {
} "reference_data": [
{
"name": "ADV-2006-2294",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2294"
},
{
"name": "http://pridels0.blogspot.com/2006/06/fipsgallery-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/06/fipsgallery-vuln.html"
},
{
"name": "fipsgallery-zoom-xss(27077)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27077"
},
{
"name": "20559",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20559"
}
]
}
} }

158
2006/3xxx/CVE-2006-3053.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3053", "ID": "CVE-2006-3053",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter. NOTE: this issue has been disputed by the vendor, who states \"common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum.\" CVE analysis concurs with the vendor."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060611 # MHG Security Team --- PHORUM 5.1.13 Remote File Inc.", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/436863/100/0/threaded" "lang": "eng",
}, "value": "** DISPUTED ** PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter. NOTE: this issue has been disputed by the vendor, who states \"common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum.\" CVE analysis concurs with the vendor."
{ }
"name" : "20060619 Re: # MHG Security Team --- PHORUM 5.1.13 Remote File Inc.", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/437988/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16977", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16977" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1103", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/1103" ]
}, },
{ "references": {
"name" : "phorum-common-file-include(27064)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27064" "name": "1103",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/1103"
} },
{
"name": "16977",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16977"
},
{
"name": "phorum-common-file-include(27064)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27064"
},
{
"name": "20060619 Re: # MHG Security Team --- PHORUM 5.1.13 Remote File Inc.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437988/100/0/threaded"
},
{
"name": "20060611 # MHG Security Team --- PHORUM 5.1.13 Remote File Inc.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436863/100/0/threaded"
}
]
}
} }

208
2006/3xxx/CVE-2006-3102.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3102", "ID": "CVE-2006-3102",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060617 bitweaver <= v1.3 multiple vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/437491/100/0/threaded" "lang": "eng",
}, "value": "Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory."
{ }
"name" : "1918", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/1918" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://retrogod.altervista.org/bitweaver_13_xpl.html", "description": [
"refsource" : "MISC", {
"url" : "http://retrogod.altervista.org/bitweaver_13_xpl.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358", ]
"refsource" : "CONFIRM", }
"url" : "http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358" ]
}, },
{ "references": {
"name" : "http://www.bitweaver.org/articles/45", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.bitweaver.org/articles/45" "name": "http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358",
}, "refsource": "CONFIRM",
{ "url": "http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358"
"name" : "ADV-2006-2405", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2405" "name": "http://retrogod.altervista.org/bitweaver_13_xpl.html",
}, "refsource": "MISC",
{ "url": "http://retrogod.altervista.org/bitweaver_13_xpl.html"
"name" : "26587", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/26587" "name": "bitweaver-modmime-file-upload(27215)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27215"
"name" : "20695", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20695" "name": "1918",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/1918"
"name" : "1115", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1115" "name": "26587",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/26587"
"name" : "bitweaver-modmime-file-upload(27215)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27215" "name": "20695",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/20695"
} },
{
"name": "http://www.bitweaver.org/articles/45",
"refsource": "CONFIRM",
"url": "http://www.bitweaver.org/articles/45"
},
{
"name": "1115",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1115"
},
{
"name": "ADV-2006-2405",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2405"
},
{
"name": "20060617 bitweaver <= v1.3 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437491/100/0/threaded"
}
]
}
} }

178
2006/3xxx/CVE-2006-3734.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3734", "ID": "CVE-2006-3734",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the Command Line Interface (CLI) for Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allow local CS-MARS administrators to execute arbitrary commands as root."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060719 Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS)", "description_data": [
"refsource" : "CISCO", {
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in the Command Line Interface (CLI) for Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allow local CS-MARS administrators to execute arbitrary commands as root."
{ }
"name" : "19071", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/19071" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "19077", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/19077" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-2887", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/2887" ]
}, },
{ "references": {
"name" : "1016537", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016537" "name": "19071",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/19071"
"name" : "21118", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21118" "name": "20060719 Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS)",
}, "refsource": "CISCO",
{ "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml"
"name" : "cisco-cli-command-execution(27812)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27812" "name": "21118",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/21118"
} },
{
"name": "ADV-2006-2887",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2887"
},
{
"name": "19077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19077"
},
{
"name": "cisco-cli-command-execution(27812)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27812"
},
{
"name": "1016537",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016537"
}
]
}
} }

188
2006/3xxx/CVE-2006-3900.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-3900", "ID": "CVE-2006-3900",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in guestbook.php in TP-Book 1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060725 TP-Book <= 1.00 Cross Site Scripting Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/441192/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in guestbook.php in TP-Book 1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter."
{ }
"name" : "20060725 TP-Book <= 1.00 Cross Site Scripting", ]
"refsource" : "FULLDISC", },
"url" : "http://marc.info/?l=full-disclosure&m=115385461709949&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "19159", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/19159" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-2980", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/2980" ]
}, },
{ "references": {
"name" : "27515", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/displayvuln.php?osvdb_id=27515" "name": "1016583",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016583"
"name" : "1016583", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016583" "name": "20060725 TP-Book <= 1.00 Cross Site Scripting",
}, "refsource": "FULLDISC",
{ "url": "http://marc.info/?l=full-disclosure&m=115385461709949&w=2"
"name" : "21205", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21205" "name": "27515",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/displayvuln.php?osvdb_id=27515"
"name" : "tpbook-guestbook-xss(27964)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27964" "name": "21205",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/21205"
} },
{
"name": "20060725 TP-Book <= 1.00 Cross Site Scripting Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441192/100/0/threaded"
},
{
"name": "19159",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19159"
},
{
"name": "tpbook-guestbook-xss(27964)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27964"
},
{
"name": "ADV-2006-2980",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2980"
}
]
}
} }

198
2006/4xxx/CVE-2006-4006.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4006", "ID": "CVE-2006-4006",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The do_gameinfo function in BomberClone 0.11.6 and earlier, and possibly other functions, does not reset the packet data size, which causes the send_pkg function (packets.c) to use this data size when sending a reply, and allows remote attackers to read portions of server memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://aluigi.altervista.org/adv/bcloneboom-adv.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://aluigi.altervista.org/adv/bcloneboom-adv.txt" "lang": "eng",
}, "value": "The do_gameinfo function in BomberClone 0.11.6 and earlier, and possibly other functions, does not reset the packet data size, which causes the send_pkg function (packets.c) to use this data size when sending a reply, and allows remote attackers to read portions of server memory."
{ }
"name" : "http://aluigi.org/poc/bcloneboom.zip", ]
"refsource" : "MISC", },
"url" : "http://aluigi.org/poc/bcloneboom.zip" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-1180", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1180" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "19255", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/19255" ]
}, },
{ "references": {
"name" : "ADV-2006-3067", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3067" "name": "bomberclone-sendpkg-information-disclosure(28092)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28092"
"name" : "27648", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/27648" "name": "21303",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21303"
"name" : "21303", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21303" "name": "19255",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/19255"
"name" : "21985", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21985" "name": "DSA-1180",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1180"
"name" : "bomberclone-sendpkg-information-disclosure(28092)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28092" "name": "http://aluigi.org/poc/bcloneboom.zip",
} "refsource": "MISC",
] "url": "http://aluigi.org/poc/bcloneboom.zip"
} },
{
"name": "http://aluigi.altervista.org/adv/bcloneboom-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/bcloneboom-adv.txt"
},
{
"name": "ADV-2006-3067",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3067"
},
{
"name": "27648",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27648"
},
{
"name": "21985",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21985"
}
]
}
} }

178
2006/4xxx/CVE-2006-4025.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4025", "ID": "CVE-2006-4025",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in profile.php in XennoBB 2.1.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) bday_day, (2) bday_month, and (3) bday_year parameters in the personal section."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060806 XennoBB <= 2.1.0 \"birthday\" SQL injection", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/442423/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in profile.php in XennoBB 2.1.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) bday_day, (2) bday_month, and (3) bday_year parameters in the personal section."
{ }
"name" : "19374", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/19374" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-3190", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3190" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1016643", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1016643" ]
}, },
{ "references": {
"name" : "21409", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21409" "name": "xennobb-birthday-sql-injection(28257)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28257"
"name" : "1344", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1344" "name": "21409",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21409"
"name" : "xennobb-birthday-sql-injection(28257)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28257" "name": "19374",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/19374"
} },
{
"name": "1016643",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016643"
},
{
"name": "20060806 XennoBB <= 2.1.0 \"birthday\" SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442423/100/0/threaded"
},
{
"name": "ADV-2006-3190",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3190"
},
{
"name": "1344",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1344"
}
]
}
} }

138
2006/4xxx/CVE-2006-4083.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4083", "ID": "CVE-2006-4083",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in viewevent.php in myWebland myEvent 1.x allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter, a different vector than CVE-2006-4040. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "ADV-2006-1384", "description_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1384" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in viewevent.php in myWebland myEvent 1.x allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter, a different vector than CVE-2006-4040. NOTE: the provenance of this information is unknown; the details are obtained from third party information."
{ }
"name" : "19680", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/19680" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "myevent-myevent-file-include(28347)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28347" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "19680",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19680"
},
{
"name": "myevent-myevent-file-include(28347)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28347"
},
{
"name": "ADV-2006-1384",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1384"
}
]
}
} }

278
2006/4xxx/CVE-2006-4262.json
View File

@ -1,142 +1,142 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4262", "ID": "CVE-2006-4262",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple vectors including (1) a long pathname that is not properly handled during file list parsing, (2) long pathnames that result from path variable expansion such as tilde expansion for the HOME environment variable, and (3) a long -f (aka reffile) command line argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sourceforge.net/mailarchive/forum.php?thread_id=30266761&forum_id=33500", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/mailarchive/forum.php?thread_id=30266761&forum_id=33500" "lang": "eng",
}, "value": "Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple vectors including (1) a long pathname that is not properly handled during file list parsing, (2) long pathnames that result from path variable expansion such as tilde expansion for the HOME environment variable, and (3) a long -f (aka reffile) command line argument."
{ }
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203645", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203645" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://sourceforge.net/mailarchive/forum.php?thread_id=30266760&forum_id=33500", "description": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/mailarchive/forum.php?thread_id=30266760&forum_id=33500" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-1186", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2006/dsa-1186" ]
}, },
{ "references": {
"name" : "GLSA-200610-08", "reference_data": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200610-08.xml" "name": "DSA-1186",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1186"
"name" : "RHSA-2009:1101", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1101.html" "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203645",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203645"
"name" : "19686", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/19686" "name": "21601",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21601"
"name" : "19687", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/19687" "name": "cscope-cscopelists-bo(28545)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28545"
"name" : "oval:org.mitre.oval:def:9661", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9661" "name": "RHSA-2009:1101",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2009-1101.html"
"name" : "ADV-2006-3374", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3374" "name": "28135",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/28135"
"name" : "28135", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/28135" "name": "http://sourceforge.net/mailarchive/forum.php?thread_id=30266761&forum_id=33500",
}, "refsource": "CONFIRM",
{ "url": "http://sourceforge.net/mailarchive/forum.php?thread_id=30266761&forum_id=33500"
"name" : "28136", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/28136" "name": "22239",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22239"
"name" : "21601", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21601" "name": "22515",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22515"
"name" : "22239", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22239" "name": "ADV-2006-3374",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3374"
"name" : "22515", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22515" "name": "oval:org.mitre.oval:def:9661",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9661"
"name" : "cscope-reffile-bo(28546)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28546" "name": "http://sourceforge.net/mailarchive/forum.php?thread_id=30266760&forum_id=33500",
}, "refsource": "CONFIRM",
{ "url": "http://sourceforge.net/mailarchive/forum.php?thread_id=30266760&forum_id=33500"
"name" : "cscope-cscopelists-bo(28545)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28545" "name": "19686",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/19686"
} },
{
"name": "19687",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19687"
},
{
"name": "GLSA-200610-08",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200610-08.xml"
},
{
"name": "28136",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28136"
},
{
"name": "cscope-reffile-bo(28546)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28546"
}
]
}
} }

208
2006/4xxx/CVE-2006-4403.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-4403", "ID": "CVE-2006-4403",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote attackers to cause a denial of service (crash) and enumerate valid usernames."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://docs.info.apple.com/article.html?artnum=304829", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://docs.info.apple.com/article.html?artnum=304829" "lang": "eng",
}, "value": "The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote attackers to cause a denial of service (crash) and enumerate valid usernames."
{ }
"name" : "APPLE-SA-2006-11-28", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "TA06-333A", "description": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "VU#371648", ]
"refsource" : "CERT-VN", }
"url" : "http://www.kb.cert.org/vuls/id/371648" ]
}, },
{ "references": {
"name" : "21335", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/21335" "name": "30734",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/30734"
"name" : "ADV-2006-4750", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4750" "name": "ADV-2006-4750",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/4750"
"name" : "30734", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/30734" "name": "1017303",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1017303"
"name" : "1017303", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1017303" "name": "http://docs.info.apple.com/article.html?artnum=304829",
}, "refsource": "CONFIRM",
{ "url": "http://docs.info.apple.com/article.html?artnum=304829"
"name" : "23155", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23155" "name": "21335",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/21335"
"name" : "macos-ftp-server-login-dos(30621)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30621" "name": "macos-ftp-server-login-dos(30621)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30621"
} },
{
"name": "23155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23155"
},
{
"name": "VU#371648",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/371648"
},
{
"name": "APPLE-SA-2006-11-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
}
]
}
} }

32
2010/2xxx/CVE-2010-2194.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2194", "ID": "CVE-2010-2194",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

138
2010/2xxx/CVE-2010-2319.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2319", "ID": "CVE-2010-2319",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in IDevSpot TextAds 2.08 allows remote attackers to execute arbitrary SQL commands via the page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.exploit-db.com/exploits/13749/", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.exploit-db.com/exploits/13749/" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php in IDevSpot TextAds 2.08 allows remote attackers to execute arbitrary SQL commands via the page parameter."
{ }
"name" : "40592", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/40592" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2010-1357", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1357" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.exploit-db.com/exploits/13749/",
"refsource": "MISC",
"url": "http://www.exploit-db.com/exploits/13749/"
},
{
"name": "40592",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40592"
},
{
"name": "ADV-2010-1357",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1357"
}
]
}
} }

118
2010/2xxx/CVE-2010-2400.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2010-2400", "ID": "CVE-2010-2400",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Solaris 9 and 10, and OpenSolaris, allows local users to affect availability via unknown vectors related to Kernel/Filesystem."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" "lang": "eng",
} "value": "Unspecified vulnerability in Oracle Solaris 9 and 10, and OpenSolaris, allows local users to affect availability via unknown vectors related to Kernel/Filesystem."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
}
]
}
} }

158
2010/2xxx/CVE-2010-2445.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2445", "ID": "CVE-2010-2445",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the (1) os, (2) io, (3) package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8) require modules or functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20100610 CVE requests: maradns, freeciv, rbot, gitolite, gource, shib, kvirc", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2010/06/09/4" "lang": "eng",
}, "value": "freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the (1) os, (2) io, (3) package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8) require modules or functions."
{ }
"name" : "[oss-security] 20100624 Re: CVE requests: maradns, freeciv, rbot, gitolite, gource, shib, kvirc", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2010/06/24/5" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://gna.org/bugs/?15624", "description": [
"refsource" : "CONFIRM", {
"url" : "http://gna.org/bugs/?15624" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MDVSA-2010:205", ]
"refsource" : "MANDRIVA", }
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:205" ]
}, },
{ "references": {
"name" : "65192", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/65192" "name": "[oss-security] 20100624 Re: CVE requests: maradns, freeciv, rbot, gitolite, gource, shib, kvirc",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2010/06/24/5"
} },
{
"name": "MDVSA-2010:205",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:205"
},
{
"name": "http://gna.org/bugs/?15624",
"refsource": "CONFIRM",
"url": "http://gna.org/bugs/?15624"
},
{
"name": "[oss-security] 20100610 CVE requests: maradns, freeciv, rbot, gitolite, gource, shib, kvirc",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/06/09/4"
},
{
"name": "65192",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/65192"
}
]
}
} }

198
2010/2xxx/CVE-2010-2542.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-2542", "ID": "CVE-2010-2542",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20100721 CVE request: git", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2010/07/22/1" "lang": "eng",
}, "value": "Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy."
{ }
"name" : "[oss-security] 20100722 Re: CVE request: git", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2010/07/22/4" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://git.kernel.org/?p=git/git.git;a=commit;h=3c9d0414ed2db0167e6c828b547be8fc9f88fccc", "description": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/?p=git/git.git;a=commit;h=3c9d0414ed2db0167e6c828b547be8fc9f88fccc" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.7.2.1.txt", ]
"refsource" : "CONFIRM", }
"url" : "http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.7.2.1.txt" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=618108", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=618108" "name": "43457",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43457"
"name" : "SUSE-SR:2011:004", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=618108",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=618108"
"name" : "41891", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/41891" "name": "[oss-security] 20100722 Re: CVE request: git",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2010/07/22/4"
"name" : "43457", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43457" "name": "http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.7.2.1.txt",
}, "refsource": "CONFIRM",
{ "url": "http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.7.2.1.txt"
"name" : "ADV-2011-0464", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0464" "name": "SUSE-SR:2011:004",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html"
} },
{
"name": "[oss-security] 20100721 CVE request: git",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/07/22/1"
},
{
"name": "ADV-2011-0464",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0464"
},
{
"name": "41891",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41891"
},
{
"name": "http://git.kernel.org/?p=git/git.git;a=commit;h=3c9d0414ed2db0167e6c828b547be8fc9f88fccc",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=git/git.git;a=commit;h=3c9d0414ed2db0167e6c828b547be8fc9f88fccc"
}
]
}
} }

32
2010/2xxx/CVE-2010-2592.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-2592", "ID": "CVE-2010-2592",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

258
2010/3xxx/CVE-2010-3563.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2010-3563", "ID": "CVE-2010-3563",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to \"how Web Start retrieves security policies,\" BasicServiceImpl, and forged policies that bypass sandbox restrictions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-202/", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-202/" "lang": "eng",
}, "value": "Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to \"how Web Start retrieves security policies,\" BasicServiceImpl, and forged policies that bypass sandbox restrictions."
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.avaya.com/css/P8/documents/100114315", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/css/P8/documents/100114315" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.avaya.com/css/P8/documents/100123193", ]
"refsource" : "CONFIRM", }
"url" : "http://support.avaya.com/css/P8/documents/100123193" ]
}, },
{ "references": {
"name" : "HPSBUX02608", "reference_data": [
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" "name": "http://support.avaya.com/css/P8/documents/100114315",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/css/P8/documents/100114315"
"name" : "SSRT100333", },
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748" "name": "HPSBMU02799",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
"name" : "HPSBMU02799", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" "name": "RHSA-2010:0770",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"
"name" : "RHSA-2010:0770", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0770.html" "name": "SSRT100333",
}, "refsource": "HP",
{ "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748"
"name" : "RHSA-2010:0987", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0987.html" "name": "RHSA-2010:0987",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"
"name" : "RHSA-2011:0880", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0880.html" "name": "44954",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/44954"
"name" : "SUSE-SR:2010:019", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" "name": "oval:org.mitre.oval:def:12181",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12181"
"name" : "43999", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/43999" "name": "RHSA-2011:0880",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"
"name" : "oval:org.mitre.oval:def:12181", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12181" "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
"name" : "oval:org.mitre.oval:def:12554", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12554" "name": "HPSBUX02608",
}, "refsource": "HP",
{ "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748"
"name" : "44954", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/44954" "name": "http://support.avaya.com/css/P8/documents/100123193",
} "refsource": "CONFIRM",
] "url": "http://support.avaya.com/css/P8/documents/100123193"
} },
{
"name": "43999",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43999"
},
{
"name": "SUSE-SR:2010:019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-202/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-202/"
},
{
"name": "oval:org.mitre.oval:def:12554",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12554"
}
]
}
} }

178
2010/3xxx/CVE-2010-3779.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2010-3779", "ID": "CVE-2010-3779",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[dovecot] 20101002 ACL handling bugs in v1.2.8+ and v2.0", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.dovecot.org/list/dovecot/2010-October/053452.html" "lang": "eng",
}, "value": "Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox."
{ }
"name" : "[dovecot] 20101002 v1.2.15 released", ]
"refsource" : "MLIST", },
"url" : "http://www.dovecot.org/list/dovecot/2010-October/053450.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MDVSA-2010:217", "description": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:217" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "USN-1059-1", ]
"refsource" : "UBUNTU", }
"url" : "http://www.ubuntu.com/usn/USN-1059-1" ]
}, },
{ "references": {
"name" : "43220", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43220" "name": "USN-1059-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1059-1"
"name" : "ADV-2010-2840", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2840" "name": "MDVSA-2010:217",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:217"
"name" : "ADV-2011-0301", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0301" "name": "43220",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/43220"
} },
{
"name": "ADV-2011-0301",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0301"
},
{
"name": "[dovecot] 20101002 v1.2.15 released",
"refsource": "MLIST",
"url": "http://www.dovecot.org/list/dovecot/2010-October/053450.html"
},
{
"name": "[dovecot] 20101002 ACL handling bugs in v1.2.8+ and v2.0",
"refsource": "MLIST",
"url": "http://www.dovecot.org/list/dovecot/2010-October/053452.html"
},
{
"name": "ADV-2010-2840",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2840"
}
]
}
} }

178
2010/3xxx/CVE-2010-3787.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2010-3787", "ID": "CVE-2010-3787",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT4435", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4435" "lang": "eng",
}, "value": "Heap-based buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image."
{ }
"name" : "http://support.apple.com/kb/HT4447", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT4447" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2010-11-10-1", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2010-12-07-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html" ]
}, },
{ "references": {
"name" : "VU#309873", "reference_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/309873" "name": "http://support.apple.com/kb/HT4435",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4435"
"name" : "44798", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/44798" "name": "1024729",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1024729"
"name" : "1024729", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1024729" "name": "APPLE-SA-2010-12-07-1",
} "refsource": "APPLE",
] "url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html"
} },
{
"name": "APPLE-SA-2010-11-10-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT4447",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4447"
},
{
"name": "44798",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44798"
},
{
"name": "VU#309873",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/309873"
}
]
}
} }

328
2010/3xxx/CVE-2010-3812.json
View File

@ -1,167 +1,167 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2010-3812", "ID": "CVE-2010-3812",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Text objects."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-257/", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-257/" "lang": "eng",
}, "value": "Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Text objects."
{ }
"name" : "http://trac.webkit.org/changeset/68705", ]
"refsource" : "MISC", },
"url" : "http://trac.webkit.org/changeset/68705" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugs.webkit.org/show_bug.cgi?id=46848", "description": [
"refsource" : "MISC", {
"url" : "https://bugs.webkit.org/show_bug.cgi?id=46848" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.apple.com/kb/HT4455", ]
"refsource" : "CONFIRM", }
"url" : "http://support.apple.com/kb/HT4455" ]
}, },
{ "references": {
"name" : "http://support.apple.com/kb/HT4456", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4456" "name": "MDVSA-2011:039",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=667022", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=667022" "name": "FEDORA-2011-0121",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html"
"name" : "APPLE-SA-2010-11-18-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html" "name": "43068",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43068"
"name" : "APPLE-SA-2010-11-22-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html" "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-257/",
}, "refsource": "MISC",
{ "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-257/"
"name" : "FEDORA-2011-0121", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052906.html" "name": "http://support.apple.com/kb/HT4455",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4455"
"name" : "MDVSA-2011:039", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039" "name": "ADV-2011-0212",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0212"
"name" : "RHSA-2011:0177", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0177.html" "name": "ADV-2010-3046",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/3046"
"name" : "SUSE-SR:2011:002", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" "name": "44960",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/44960"
"name" : "44960", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/44960" "name": "ADV-2011-0216",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0216"
"name" : "oval:org.mitre.oval:def:11689", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11689" "name": "oval:org.mitre.oval:def:11689",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11689"
"name" : "42314", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42314" "name": "43086",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43086"
"name" : "43068", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43068" "name": "SUSE-SR:2011:002",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
"name" : "43086", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43086" "name": "APPLE-SA-2010-11-18-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html"
"name" : "ADV-2010-3046", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/3046" "name": "42314",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42314"
"name" : "ADV-2011-0212", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0212" "name": "RHSA-2011:0177",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0177.html"
"name" : "ADV-2011-0216", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0216" "name": "ADV-2011-0552",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0552"
"name" : "ADV-2011-0552", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0552" "name": "safari-text-objects-code-execution(63350)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63350"
"name" : "safari-text-objects-code-execution(63350)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63350" "name": "http://support.apple.com/kb/HT4456",
} "refsource": "CONFIRM",
] "url": "http://support.apple.com/kb/HT4456"
} },
{
"name": "https://bugs.webkit.org/show_bug.cgi?id=46848",
"refsource": "MISC",
"url": "https://bugs.webkit.org/show_bug.cgi?id=46848"
},
{
"name": "http://trac.webkit.org/changeset/68705",
"refsource": "MISC",
"url": "http://trac.webkit.org/changeset/68705"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=667022",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=667022"
},
{
"name": "APPLE-SA-2010-11-22-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
]
}
} }

258
2010/3xxx/CVE-2010-3860.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-3860", "ID": "CVE-2010-3860",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://icedtea.classpath.org/hg/release/icedtea6-1.9/rev/9aa0018d8c28", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://icedtea.classpath.org/hg/release/icedtea6-1.9/rev/9aa0018d8c28" "lang": "eng",
}, "value": "IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=645843", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=645843" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://blog.fuseyism.com/index.php/2010/11/24/icedtea6-176-183-and-192-released/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://blog.fuseyism.com/index.php/2010/11/24/icedtea6-176-183-and-192-released/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2010-18393", ]
"refsource" : "FEDORA", }
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051711.html" ]
}, },
{ "references": {
"name" : "GLSA-201406-32", "reference_data": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" "name": "GLSA-201406-32",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
"name" : "RHSA-2011:0176", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0176.html" "name": "FEDORA-2010-18393",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051711.html"
"name" : "SUSE-SR:2010:023", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html" "name": "43085",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43085"
"name" : "USN-1024-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1024-1" "name": "ADV-2011-0215",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0215"
"name" : "45114", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/45114" "name": "USN-1024-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1024-1"
"name" : "42412", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42412" "name": "SUSE-SR:2010:023",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
"name" : "42417", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42417" "name": "42412",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42412"
"name" : "43085", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43085" "name": "ADV-2010-3090",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/3090"
"name" : "ADV-2010-3090", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/3090" "name": "http://blog.fuseyism.com/index.php/2010/11/24/icedtea6-176-183-and-192-released/",
}, "refsource": "CONFIRM",
{ "url": "http://blog.fuseyism.com/index.php/2010/11/24/icedtea6-176-183-and-192-released/"
"name" : "ADV-2010-3108", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/3108" "name": "ADV-2010-3108",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/3108"
"name" : "ADV-2011-0215", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0215" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=645843",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.redhat.com/show_bug.cgi?id=645843"
} },
{
"name": "42417",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42417"
},
{
"name": "45114",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45114"
},
{
"name": "http://icedtea.classpath.org/hg/release/icedtea6-1.9/rev/9aa0018d8c28",
"refsource": "CONFIRM",
"url": "http://icedtea.classpath.org/hg/release/icedtea6-1.9/rev/9aa0018d8c28"
},
{
"name": "RHSA-2011:0176",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0176.html"
}
]
}
} }

258
2010/4xxx/CVE-2010-4248.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2010-4248", "ID": "CVE-2010-4248",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the __exit_signal function in kernel/exit.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors related to multithreaded exec, the use of a thread group leader in kernel/posix-cpu-timers.c, and the selection of a new thread group leader in the de_thread function in fs/exec.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded" "lang": "eng",
}, "value": "Race condition in the __exit_signal function in kernel/exit.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors related to multithreaded exec, the use of a thread group leader in kernel/posix-cpu-timers.c, and the selection of a new thread group leader in the de_thread function in fs/exec.c."
{ }
"name" : "[oss-security] 20101123 CVE request: kernel: posix-cpu-timers: workaround to suppress the problems with mt exec", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2010/11/23/2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20101124 Re: CVE request: kernel: posix-cpu-timers: workaround to suppress the problems with mt exec", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2010/11/24/9" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e0a70217107e6f9844628120412cb27bb4cea194", ]
"refsource" : "CONFIRM", }
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e0a70217107e6f9844628120412cb27bb4cea194" ]
}, },
{ "references": {
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2" "name": "42789",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/42789"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=656264", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=656264" "name": "ADV-2011-0024",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0024"
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" "name": "RHSA-2011:0004",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0004.html"
"name" : "MDVSA-2011:029", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029" "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"
"name" : "RHSA-2011:0004", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0004.html" "name": "46397",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/46397"
"name" : "RHSA-2011:0007", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0007.html" "name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2",
}, "refsource": "CONFIRM",
{ "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc2"
"name" : "45028", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/45028" "name": "RHSA-2011:0007",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0007.html"
"name" : "42789", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42789" "name": "45028",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/45028"
"name" : "42890", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/42890" "name": "[oss-security] 20101124 Re: CVE request: kernel: posix-cpu-timers: workaround to suppress the problems with mt exec",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2010/11/24/9"
"name" : "46397", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/46397" "name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"
"name" : "ADV-2011-0024", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0024" "name": "42890",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/42890"
} },
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e0a70217107e6f9844628120412cb27bb4cea194",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e0a70217107e6f9844628120412cb27bb4cea194"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=656264",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=656264"
},
{
"name": "MDVSA-2011:029",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:029"
},
{
"name": "[oss-security] 20101123 CVE request: kernel: posix-cpu-timers: workaround to suppress the problems with mt exec",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/11/23/2"
}
]
}
} }

218
2011/0xxx/CVE-2011-0075.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-0075", "ID": "CVE-2011-0075",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0077, and CVE-2011-0078."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0077, and CVE-2011-0078."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=635977", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=635977" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://downloads.avaya.com/css/P8/documents/100134543", "description": [
"refsource" : "CONFIRM", {
"url" : "http://downloads.avaya.com/css/P8/documents/100134543" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://downloads.avaya.com/css/P8/documents/100144158", ]
"refsource" : "CONFIRM", }
"url" : "http://downloads.avaya.com/css/P8/documents/100144158" ]
}, },
{ "references": {
"name" : "DSA-2227", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2227" "name": "47647",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/47647"
"name" : "DSA-2228", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2228" "name": "DSA-2228",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2011/dsa-2228"
"name" : "DSA-2235", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2235" "name": "MDVSA-2011:079",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079"
"name" : "MDVSA-2011:080", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:080" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=635977",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=635977"
"name" : "MDVSA-2011:079", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079" "name": "DSA-2235",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2011/dsa-2235"
"name" : "47647", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/47647" "name": "oval:org.mitre.oval:def:14086",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14086"
"name" : "oval:org.mitre.oval:def:14086", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14086" "name": "http://downloads.avaya.com/css/P8/documents/100134543",
} "refsource": "CONFIRM",
] "url": "http://downloads.avaya.com/css/P8/documents/100134543"
} },
{
"name": "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2011/mfsa2011-12.html"
},
{
"name": "MDVSA-2011:080",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:080"
},
{
"name": "DSA-2227",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2227"
},
{
"name": "http://downloads.avaya.com/css/P8/documents/100144158",
"refsource": "CONFIRM",
"url": "http://downloads.avaya.com/css/P8/documents/100144158"
}
]
}
} }

168
2011/1xxx/CVE-2011-1613.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2011-1613", "ID": "CVE-2011-1613",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 6.0 before 6.0.200.0, 7.0 before 7.0.98.216, and 7.0.1xx before 7.0.112.0 allows remote attackers to cause a denial of service (device reload) via a sequence of ICMP packets, aka Bug ID CSCth74426."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110427 Cisco Wireless LAN Controllers Denial of Service Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7950e.shtml" "lang": "eng",
}, "value": "Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 6.0 before 6.0.200.0, 7.0 before 7.0.98.216, and 7.0.1xx before 7.0.112.0 allows remote attackers to cause a denial of service (device reload) via a sequence of ICMP packets, aka Bug ID CSCth74426."
{ }
"name" : "47606", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/47606" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1025448", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1025448" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "44384", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/44384" ]
}, },
{ "references": {
"name" : "ADV-2011-1123", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/1123" "name": "47606",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/47606"
"name" : "wlc-icmp-dos(67128)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67128" "name": "20110427 Cisco Wireless LAN Controllers Denial of Service Vulnerability",
} "refsource": "CISCO",
] "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7950e.shtml"
} },
{
"name": "1025448",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025448"
},
{
"name": "44384",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44384"
},
{
"name": "wlc-icmp-dos(67128)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67128"
},
{
"name": "ADV-2011-1123",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1123"
}
]
}
} }

32
2011/1xxx/CVE-2011-1694.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-1694", "ID": "CVE-2011-1694",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

158
2011/1xxx/CVE-2011-1983.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2011-1983", "ID": "CVE-2011-1983",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka \"Word Use After Free Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS11-089", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-089" "lang": "eng",
}, "value": "Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka \"Word Use After Free Vulnerability.\""
{ }
"name" : "TA11-347A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-347A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:14197", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14197" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:14558", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14558" ]
}, },
{ "references": {
"name" : "1026409", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026409" "name": "oval:org.mitre.oval:def:14558",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14558"
} },
{
"name": "TA11-347A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-347A.html"
},
{
"name": "MS11-089",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-089"
},
{
"name": "1026409",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026409"
},
{
"name": "oval:org.mitre.oval:def:14197",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14197"
}
]
}
} }

128
2011/5xxx/CVE-2011-5112.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-5112", "ID": "CVE-2011-5112",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "18058", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/18058" "lang": "eng",
}, "value": "SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php."
{ }
"name" : "http://www.blueflyingfish.com/alameda/index.php?option=com_content&view=article&id=7:security-releases&catid=5:security-releases&Itemid=28", ]
"refsource" : "CONFIRM", },
"url" : "http://www.blueflyingfish.com/alameda/index.php?option=com_content&view=article&id=7:security-releases&catid=5:security-releases&Itemid=28" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18058",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18058"
},
{
"name": "http://www.blueflyingfish.com/alameda/index.php?option=com_content&view=article&id=7:security-releases&catid=5:security-releases&Itemid=28",
"refsource": "CONFIRM",
"url": "http://www.blueflyingfish.com/alameda/index.php?option=com_content&view=article&id=7:security-releases&catid=5:security-releases&Itemid=28"
}
]
}
} }

118
2011/5xxx/CVE-2011-5314.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-5314", "ID": "CVE-2011-5314",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "templates/default/index.php in Redaxscript 0.3.2 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.htbridge.com/advisory/HTB22804", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.htbridge.com/advisory/HTB22804" "lang": "eng",
} "value": "templates/default/index.php in Redaxscript 0.3.2 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.com/advisory/HTB22804",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB22804"
}
]
}
} }

158
2014/3xxx/CVE-2014-3282.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2014-3282", "ID": "CVE-2014-3282",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive number-translation information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum76930."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34382", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34382" "lang": "eng",
}, "value": "The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive number-translation information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum76930."
{ }
"name" : "20140527 Cisco Unified Communications Domain Manager Admin Number Translation Information Disclosure Vulnerability", ]
"refsource" : "CISCO", },
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3282" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "67666", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/67666" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1030306", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1030306" ]
}, },
{ "references": {
"name" : "58400", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/58400" "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34382",
} "refsource": "CONFIRM",
] "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34382"
} },
{
"name": "1030306",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030306"
},
{
"name": "20140527 Cisco Unified Communications Domain Manager Admin Number Translation Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3282"
},
{
"name": "67666",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67666"
},
{
"name": "58400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58400"
}
]
}
} }

168
2014/3xxx/CVE-2014-3374.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2014-3374", "ID": "CVE-2014-3374",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36295", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=36295" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582."
{ }
"name" : "20141030 Cisco Unified Communications Manager Admin Interface Reflected Cross-Site Scripting Vulnerability", ]
"refsource" : "CISCO", },
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3374" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "70849", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/70849" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1031162", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1031162" ]
}, },
{ "references": {
"name" : "59696", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/59696" "name": "cisco-ucm-cve20143374-xss(98407)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98407"
"name" : "cisco-ucm-cve20143374-xss(98407)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98407" "name": "70849",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/70849"
} },
{
"name": "20141030 Cisco Unified Communications Manager Admin Interface Reflected Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3374"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36295",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=36295"
},
{
"name": "1031162",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031162"
},
{
"name": "59696",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59696"
}
]
}
} }

148
2014/6xxx/CVE-2014-6409.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-6409", "ID": "CVE-2014-6409",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that change user passwords via the fullname and password parameters to /admin/users/update."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "34718", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/34718" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that change user passwords via the fullname and password parameters to /admin/users/update."
{ }
"name" : "20140919 M/Monit - Account hijacking via CSRF", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2014/Sep/71" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://packetstormsecurity.com/files/128321/M-Monit-3.2.2-Cross-Site-Request-Forgery.html", "description": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/128321/M-Monit-3.2.2-Cross-Site-Request-Forgery.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "mmonit-cve20146409-csrf(96122)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96122" ]
} },
] "references": {
} "reference_data": [
{
"name": "mmonit-cve20146409-csrf(96122)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96122"
},
{
"name": "20140919 M/Monit - Account hijacking via CSRF",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Sep/71"
},
{
"name": "34718",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/34718"
},
{
"name": "http://packetstormsecurity.com/files/128321/M-Monit-3.2.2-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128321/M-Monit-3.2.2-Cross-Site-Request-Forgery.html"
}
]
}
} }

138
2014/6xxx/CVE-2014-6740.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-6740", "ID": "CVE-2014-6740",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The XD Forum (aka com.tapatalk.xdforumcomforum) application 3.9.17 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The XD Forum (aka com.tapatalk.xdforumcomforum) application 3.9.17 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#582497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/582497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#952009", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/952009" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#952009",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/952009"
}
]
}
} }

138
2014/7xxx/CVE-2014-7462.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2014-7462", "ID": "CVE-2014-7462",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Fashion Story: Neon 90's (aka com.teamlava.fashionstory39) application 1.5.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", "description_data": [
"refsource" : "MISC", {
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" "lang": "eng",
}, "value": "The Fashion Story: Neon 90's (aka com.teamlava.fashionstory39) application 1.5.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "VU#582497", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/582497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#642073", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/642073" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#642073",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/642073"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
} }

32
2014/7xxx/CVE-2014-7855.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-7855", "ID": "CVE-2014-7855",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2014/8xxx/CVE-2014-8271.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8271", "ID": "CVE-2014-8271",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

188
2014/8xxx/CVE-2014-8316.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8316", "ID": "CVE-2014-8316",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an explorationSpaceUpdate request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20141010 SAP Security Note 1908531 - XXE in BusinessObjects Explorer", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/533673/100/0/threaded" "lang": "eng",
}, "value": "XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an explorationSpaceUpdate request."
{ }
"name" : "20141010 SAP Security Note 1908531 - XXE in BusinessObjects Explorer", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2014/Oct/50" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://packetstormsecurity.com/files/128633/SAP-BusinessObjects-Explorer-14.0.5-XXE-Injection.html", "description": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/128633/SAP-BusinessObjects-Explorer-14.0.5-XXE-Injection.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.csnc.ch/misc/files/advisories/CSNC-2013-018_SAP_BusinessObjects_Explorer_XXE.txt", ]
"refsource" : "MISC", }
"url" : "http://www.csnc.ch/misc/files/advisories/CSNC-2013-018_SAP_BusinessObjects_Explorer_XXE.txt" ]
}, },
{ "references": {
"name" : "http://scn.sap.com/docs/DOC-55451", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://scn.sap.com/docs/DOC-55451" "name": "20141010 SAP Security Note 1908531 - XXE in BusinessObjects Explorer",
}, "refsource": "FULLDISC",
{ "url": "http://seclists.org/fulldisclosure/2014/Oct/50"
"name" : "https://service.sap.com/sap/support/notes/1908531", },
"refsource" : "CONFIRM", {
"url" : "https://service.sap.com/sap/support/notes/1908531" "name": "sap-businessobjects-xml-info-disc(96933)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96933"
"name" : "70384", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/70384" "name": "http://scn.sap.com/docs/DOC-55451",
}, "refsource": "CONFIRM",
{ "url": "http://scn.sap.com/docs/DOC-55451"
"name" : "sap-businessobjects-xml-info-disc(96933)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96933" "name": "http://packetstormsecurity.com/files/128633/SAP-BusinessObjects-Explorer-14.0.5-XXE-Injection.html",
} "refsource": "MISC",
] "url": "http://packetstormsecurity.com/files/128633/SAP-BusinessObjects-Explorer-14.0.5-XXE-Injection.html"
} },
{
"name": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-018_SAP_BusinessObjects_Explorer_XXE.txt",
"refsource": "MISC",
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-018_SAP_BusinessObjects_Explorer_XXE.txt"
},
{
"name": "20141010 SAP Security Note 1908531 - XXE in BusinessObjects Explorer",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533673/100/0/threaded"
},
{
"name": "70384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70384"
},
{
"name": "https://service.sap.com/sap/support/notes/1908531",
"refsource": "CONFIRM",
"url": "https://service.sap.com/sap/support/notes/1908531"
}
]
}
} }

128
2014/8xxx/CVE-2014-8672.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-8672", "ID": "CVE-2014-8672",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the RewardingYourself application for Android and BlackBerry OS allows remote attackers to inject arbitrary web script or HTML via a crafted QR code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://arxiv.org/abs/1410.7756", "description_data": [
"refsource" : "MISC", {
"url" : "http://arxiv.org/abs/1410.7756" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the RewardingYourself application for Android and BlackBerry OS allows remote attackers to inject arbitrary web script or HTML via a crafted QR code."
{ }
"name" : "http://arxiv.org/pdf/1410.7756v1.pdf", ]
"refsource" : "MISC", },
"url" : "http://arxiv.org/pdf/1410.7756v1.pdf" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://arxiv.org/pdf/1410.7756v1.pdf",
"refsource": "MISC",
"url": "http://arxiv.org/pdf/1410.7756v1.pdf"
},
{
"name": "http://arxiv.org/abs/1410.7756",
"refsource": "MISC",
"url": "http://arxiv.org/abs/1410.7756"
}
]
}
} }

128
2014/8xxx/CVE-2014-8888.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2014-8888", "ID": "CVE-2014-8888",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an \"HTTP command injection issue.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.03.B02_EN.PDF", "description_data": [
"refsource" : "CONFIRM", {
"url" : "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.03.B02_EN.PDF" "lang": "eng",
}, "value": "The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an \"HTTP command injection issue.\""
{ }
"name" : "dlink-dir815-cve20148888-command-exec(110755)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/110755" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "dlink-dir815-cve20148888-command-exec(110755)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/110755"
},
{
"name": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.03.B02_EN.PDF",
"refsource": "CONFIRM",
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.03.B02_EN.PDF"
}
]
}
} }

178
2014/9xxx/CVE-2014-9756.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-9756", "ID": "CVE-2014-9756",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20141224 libsndfile DoS/divide-by-zero", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2014/12/24/3" "lang": "eng",
}, "value": "The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable."
{ }
"name" : "[oss-security] 20151103 Re: libsndfile DoS/divide-by-zero", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2015/11/03/9" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/erikd/libsndfile/issues/92", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/erikd/libsndfile/issues/92" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2015:1995", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00077.html" "name": "openSUSE-SU-2015:1995",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00077.html"
"name" : "openSUSE-SU-2015:2119", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00145.html" "name": "https://github.com/erikd/libsndfile/issues/92",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/erikd/libsndfile/issues/92"
"name" : "USN-2832-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2832-1" "name": "[oss-security] 20141224 libsndfile DoS/divide-by-zero",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2014/12/24/3"
} },
{
"name": "[oss-security] 20151103 Re: libsndfile DoS/divide-by-zero",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/11/03/9"
},
{
"name": "USN-2832-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2832-1"
},
{
"name": "https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6",
"refsource": "CONFIRM",
"url": "https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6"
},
{
"name": "openSUSE-SU-2015:2119",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00145.html"
}
]
}
} }

32
2016/2xxx/CVE-2016-2719.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2016-2719", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2016-2719",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
} }
] ]
} }
} }

368
2016/2xxx/CVE-2016-2799.json
View File

@ -1,187 +1,187 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2016-2799", "ID": "CVE-2016-2799",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html" "lang": "eng",
}, "value": "Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1249081", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1249081" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-3510", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2016/dsa-3510" ]
}, },
{ "references": {
"name" : "DSA-3515", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2016/dsa-3515" "name": "openSUSE-SU-2016:0894",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html"
"name" : "DSA-3520", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2016/dsa-3520" "name": "84222",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/84222"
"name" : "GLSA-201605-06", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201605-06" "name": "SUSE-SU-2016:0820",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
"name" : "GLSA-201701-63", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201701-63" "name": "openSUSE-SU-2016:1767",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html"
"name" : "openSUSE-SU-2016:0894", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html" "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
"name" : "openSUSE-SU-2016:1767", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html" "name": "openSUSE-SU-2016:0731",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
"name" : "openSUSE-SU-2016:1769", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html" "name": "SUSE-SU-2016:0727",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
"name" : "openSUSE-SU-2016:1778", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html" "name": "openSUSE-SU-2016:1778",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html"
"name" : "SUSE-SU-2016:0909", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html" "name": "openSUSE-SU-2016:0876",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html"
"name" : "SUSE-SU-2016:0727", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html" "name": "USN-2917-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2917-1"
"name" : "SUSE-SU-2016:0777", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html" "name": "USN-2927-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2927-1"
"name" : "openSUSE-SU-2016:0731", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html" "name": "DSA-3520",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2016/dsa-3520"
"name" : "openSUSE-SU-2016:0733", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html" "name": "openSUSE-SU-2016:1769",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html"
"name" : "SUSE-SU-2016:0820", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html" "name": "SUSE-SU-2016:0909",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
"name" : "openSUSE-SU-2016:0876", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html" "name": "DSA-3510",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2016/dsa-3510"
"name" : "USN-2917-2", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2917-2" "name": "openSUSE-SU-2016:0733",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
"name" : "USN-2917-3", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2917-3" "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-37.html"
"name" : "USN-2934-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2934-1" "name": "1035215",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1035215"
"name" : "USN-2917-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2917-1" "name": "SUSE-SU-2016:0777",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
"name" : "USN-2927-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2927-1" "name": "GLSA-201605-06",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201605-06"
"name" : "84222", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/84222" "name": "DSA-3515",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2016/dsa-3515"
"name" : "1035215", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1035215" "name": "USN-2934-1",
} "refsource": "UBUNTU",
] "url": "http://www.ubuntu.com/usn/USN-2934-1"
} },
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1249081",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1249081"
},
{
"name": "GLSA-201701-63",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-63"
},
{
"name": "USN-2917-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-2"
},
{
"name": "USN-2917-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2917-3"
}
]
}
} }

32
2016/6xxx/CVE-2016-6141.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6141", "ID": "CVE-2016-6141",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2016/6xxx/CVE-2016-6208.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6208", "ID": "CVE-2016-6208",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

128
2016/6xxx/CVE-2016-6238.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2016-6238", "ID": "CVE-2016-6238",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The write_ujpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds read) via a crafted jpeg file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160717 Re: multiple memory corruption issues in lepton", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/07/17/6" "lang": "eng",
}, "value": "The write_ujpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds read) via a crafted jpeg file."
{ }
"name" : "https://github.com/dropbox/lepton/issues/26", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/dropbox/lepton/issues/26" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dropbox/lepton/issues/26",
"refsource": "CONFIRM",
"url": "https://github.com/dropbox/lepton/issues/26"
},
{
"name": "[oss-security] 20160717 Re: multiple memory corruption issues in lepton",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/17/6"
}
]
}
} }

148
2016/6xxx/CVE-2016-6385.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2016-6385", "ID": "CVE-2016-6385",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in the Smart Install client implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.2 through 3.8 allows remote attackers to cause a denial of service (memory consumption) via crafted image-list parameters, aka Bug ID CSCuy82367."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04" "lang": "eng",
}, "value": "Memory leak in the Smart Install client implementation in Cisco IOS 12.2 and 15.0 through 15.2 and IOS XE 3.2 through 3.8 allows remote attackers to cause a denial of service (memory consumption) via crafted image-list parameters, aka Bug ID CSCuy82367."
{ }
"name" : "20160928 Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability", ]
"refsource" : "CISCO", },
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-smi" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "93203", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/93203" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1036914", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1036914" ]
} },
] "references": {
} "reference_data": [
{
"name": "93203",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93203"
},
{
"name": "1036914",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036914"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-04"
},
{
"name": "20160928 Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-smi"
}
]
}
} }

158
2016/6xxx/CVE-2016-6986.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2016-6986", "ID": "CVE-2016-6986",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6989, and CVE-2016-6990."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html" "lang": "eng",
}, "value": "Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6989, and CVE-2016-6990."
{ }
"name" : "GLSA-201610-10", ]
"refsource" : "GENTOO", },
"url" : "https://security.gentoo.org/glsa/201610-10" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2016:2057", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2057.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "93490", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/93490" ]
}, },
{ "references": {
"name" : "1036985", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1036985" "name": "GLSA-201610-10",
} "refsource": "GENTOO",
] "url": "https://security.gentoo.org/glsa/201610-10"
} },
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html"
},
{
"name": "93490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93490"
},
{
"name": "RHSA-2016:2057",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2057.html"
},
{
"name": "1036985",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036985"
}
]
}
} }

138
2017/18xxx/CVE-2017-18186.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-18186", "ID": "CVE-2017-18186",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/qpdf/qpdf/commit/85f05cc57ffa0a863d9d9b23e73acea9410b2937", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/qpdf/qpdf/commit/85f05cc57ffa0a863d9d9b23e73acea9410b2937" "lang": "eng",
}, "value": "An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc."
{ }
"name" : "https://github.com/qpdf/qpdf/issues/149", ]
"refsource" : "MISC", },
"url" : "https://github.com/qpdf/qpdf/issues/149" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "USN-3638-1", "description": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3638-1/" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3638-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3638-1/"
},
{
"name": "https://github.com/qpdf/qpdf/commit/85f05cc57ffa0a863d9d9b23e73acea9410b2937",
"refsource": "MISC",
"url": "https://github.com/qpdf/qpdf/commit/85f05cc57ffa0a863d9d9b23e73acea9410b2937"
},
{
"name": "https://github.com/qpdf/qpdf/issues/149",
"refsource": "MISC",
"url": "https://github.com/qpdf/qpdf/issues/149"
}
]
}
} }

128
2017/5xxx/CVE-2017-5228.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@rapid7.com", "ASSIGNER": "cve@rapid7.com",
"ID" : "CVE-2017-5228", "ID": "CVE-2017-5228",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Metasploit", "product_name": "Metasploit",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions prior to version 4.13.0-2017020701" "version_value": "All versions prior to version 4.13.0-2017020701"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Rapid7" "vendor_name": "Rapid7"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Directory Traversal"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products" "lang": "eng",
}, "value": "All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance."
{ }
"name" : "96954", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96954" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96954",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96954"
},
{
"name": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products",
"refsource": "CONFIRM",
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
}
]
}
} }

118
2017/5xxx/CVE-2017-5257.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@rapid7.com", "ASSIGNER": "cve@rapid7.com",
"ID" : "CVE-2017-5257", "ID": "CVE-2017-5257",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "ePMP", "product_name": "ePMP",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "3.5 and prior" "version_value": "3.5 and prior"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Cambium Networks" "vendor_name": "Cambium Networks"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows (or guesses) the SNMP read/write (RW) community string can insert XSS strings in certain SNMP OIDs which will execute in the context of the currently-logged on user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/", "description_data": [
"refsource" : "MISC", {
"url" : "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/" "lang": "eng",
} "value": "In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows (or guesses) the SNMP read/write (RW) community string can insert XSS strings in certain SNMP OIDs which will execute in the context of the currently-logged on user."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/"
}
]
}
} }

32
2017/5xxx/CVE-2017-5560.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5560", "ID": "CVE-2017-5560",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2017/5xxx/CVE-2017-5582.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5582", "ID": "CVE-2017-5582",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

148
2017/5xxx/CVE-2017-5946.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-5946", "ID": "CVE-2017-5946",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses \"../\" pathname substrings to write arbitrary files to the filesystem."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/rubyzip/rubyzip/issues/315", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/rubyzip/rubyzip/issues/315" "lang": "eng",
}, "value": "The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses \"../\" pathname substrings to write arbitrary files to the filesystem."
{ }
"name" : "https://github.com/rubyzip/rubyzip/releases", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/rubyzip/rubyzip/releases" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-3801", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3801" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "96445", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/96445" ]
} },
] "references": {
} "reference_data": [
{
"name": "https://github.com/rubyzip/rubyzip/releases",
"refsource": "CONFIRM",
"url": "https://github.com/rubyzip/rubyzip/releases"
},
{
"name": "96445",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96445"
},
{
"name": "https://github.com/rubyzip/rubyzip/issues/315",
"refsource": "CONFIRM",
"url": "https://github.com/rubyzip/rubyzip/issues/315"
},
{
"name": "DSA-3801",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3801"
}
]
}
} }