admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:42:29 +00:00
parent e2f2e8a6fc
commit 8fd74352d1
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 4214 additions and 4214 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2006/0xxx/CVE-2006-0451.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0451",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple memory leaks in the LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service (memory consumption) via invalid BER packets that trigger an error, which might prevent memory from being freed if it was allocated during the ber_scanf call, as demonstrated using the ProtoVer LDAP test suite."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-0451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179135",
"refsource" : "CONFIRM",
"url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179135"
},
{
"name" : "16677",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16677"
},
{
"name" : "18960",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18960"
},
{
"name" : "fedora-ber-memory-leak-dos(24794)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24794"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple memory leaks in the LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service (memory consumption) via invalid BER packets that trigger an error, which might prevent memory from being freed if it was allocated during the ber_scanf call, as demonstrated using the ProtoVer LDAP test suite."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18960",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18960"
},
{
"name": "16677",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16677"
},
{
"name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179135",
"refsource": "CONFIRM",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179135"
},
{
"name": "fedora-ber-memory-leak-dos(24794)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24794"
}
]
}
}

180
2006/1xxx/CVE-2006-1067.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1067",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Linksys WRT54G routers version 5 (running VXWorks) allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to the masquerading code for NAT environments, and as demonstrated via (1) a DCC SEND with a single long argument, or (2) a DCC SEND with IP, port, and filesize arguments with a 0 value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060303 linksys router + irc DoS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/426761/100/0/threaded"
},
{
"name" : "20060306 Re: linksys router + irc DoS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/426863/100/0/threaded"
},
{
"name" : "20060306 RE: linksys router + irc DoS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/426934/100/0/threaded"
},
{
"name" : "20060304 Various router DoS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/426756/100/0/threaded"
},
{
"name" : "http://www.hm2k.org/news/1141413208.html",
"refsource" : "MISC",
"url" : "http://www.hm2k.org/news/1141413208.html"
},
{
"name" : "16954",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16954"
},
{
"name" : "multiple-vendor-dccsend-dos(25230)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25230"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linksys WRT54G routers version 5 (running VXWorks) allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to the masquerading code for NAT environments, and as demonstrated via (1) a DCC SEND with a single long argument, or (2) a DCC SEND with IP, port, and filesize arguments with a 0 value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "multiple-vendor-dccsend-dos(25230)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25230"
},
{
"name": "20060306 Re: linksys router + irc DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426863/100/0/threaded"
},
{
"name": "http://www.hm2k.org/news/1141413208.html",
"refsource": "MISC",
"url": "http://www.hm2k.org/news/1141413208.html"
},
{
"name": "20060304 Various router DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426756/100/0/threaded"
},
{
"name": "20060303 linksys router + irc DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426761/100/0/threaded"
},
{
"name": "16954",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16954"
},
{
"name": "20060306 RE: linksys router + irc DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426934/100/0/threaded"
}
]
}
}

140
2006/1xxx/CVE-2006-1220.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1220",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which leads to a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.felinemenace.org/~nemo/",
"refsource" : "MISC",
"url" : "http://www.felinemenace.org/~nemo/"
},
{
"name" : "17056",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17056"
},
{
"name" : "28453",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/28453"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which leads to a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17056",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17056"
},
{
"name": "28453",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28453"
},
{
"name": "http://www.felinemenace.org/~nemo/",
"refsource": "MISC",
"url": "http://www.felinemenace.org/~nemo/"
}
]
}
}

540
2006/1xxx/CVE-2006-1517.json
View File

@ -1,272 +1,272 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1517",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-1517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060502 MySQL COM_TABLE_DUMP Information Leakage and Arbitrary commandexecution.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/432734/100/0/threaded"
},
{
"name" : "20060516 UPDATE: [ GLSA 200605-13 ] MySQL: Information leakage",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/434164/100/0/threaded"
},
{
"name" : "http://www.wisec.it/vulns.php?page=8",
"refsource" : "MISC",
"url" : "http://www.wisec.it/vulns.php?page=8"
},
{
"name" : "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html",
"refsource" : "CONFIRM",
"url" : "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365939",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365939"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=305214",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"name" : "APPLE-SA-2007-03-13",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"name" : "DSA-1071",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1071"
},
{
"name" : "DSA-1073",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1073"
},
{
"name" : "DSA-1079",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1079"
},
{
"name" : "GLSA-200605-13",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200605-13.xml"
},
{
"name" : "MDKSA-2006:084",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:084"
},
{
"name" : "RHSA-2006:0544",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0544.html"
},
{
"name" : "SSA:2006-155-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.599377"
},
{
"name" : "236703",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-236703-1"
},
{
"name" : "SUSE-SR:2006:012",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006-06-02.html"
},
{
"name" : "SUSE-SA:2006:036",
"refsource" : "SUSE",
"url" : "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0011.html"
},
{
"name" : "2006-0028",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2006/0028"
},
{
"name" : "USN-283-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/283-1/"
},
{
"name" : "TA07-072A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"name" : "17780",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17780"
},
{
"name" : "oval:org.mitre.oval:def:11036",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11036"
},
{
"name" : "ADV-2006-1633",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1633"
},
{
"name" : "ADV-2007-0930",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0930"
},
{
"name" : "ADV-2008-1326",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1326/references"
},
{
"name" : "25228",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25228"
},
{
"name" : "1016016",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016016"
},
{
"name" : "19929",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19929"
},
{
"name" : "20002",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20002"
},
{
"name" : "20073",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20073"
},
{
"name" : "20076",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20076"
},
{
"name" : "20223",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20223"
},
{
"name" : "20241",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20241"
},
{
"name" : "20253",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20253"
},
{
"name" : "20333",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20333"
},
{
"name" : "20424",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20424"
},
{
"name" : "20457",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20457"
},
{
"name" : "20625",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20625"
},
{
"name" : "20762",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20762"
},
{
"name" : "24479",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24479"
},
{
"name" : "29847",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29847"
},
{
"name" : "839",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/839"
},
{
"name" : "mysql-sqlparcecc-information-disclosure(26228)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26228"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060502 MySQL COM_TABLE_DUMP Information Leakage and Arbitrary commandexecution.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432734/100/0/threaded"
},
{
"name": "2006-0028",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0028"
},
{
"name": "19929",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19929"
},
{
"name": "20073",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20073"
},
{
"name": "http://www.wisec.it/vulns.php?page=8",
"refsource": "MISC",
"url": "http://www.wisec.it/vulns.php?page=8"
},
{
"name": "TA07-072A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
},
{
"name": "DSA-1079",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1079"
},
{
"name": "ADV-2006-1633",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1633"
},
{
"name": "20060516 UPDATE: [ GLSA 200605-13 ] MySQL: Information leakage",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434164/100/0/threaded"
},
{
"name": "20424",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20424"
},
{
"name": "GLSA-200605-13",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-13.xml"
},
{
"name": "APPLE-SA-2007-03-13",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305214",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305214"
},
{
"name": "oval:org.mitre.oval:def:11036",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11036"
},
{
"name": "SUSE-SA:2006:036",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0011.html"
},
{
"name": "839",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/839"
},
{
"name": "25228",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25228"
},
{
"name": "SUSE-SR:2006:012",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006-06-02.html"
},
{
"name": "17780",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17780"
},
{
"name": "MDKSA-2006:084",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:084"
},
{
"name": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html",
"refsource": "CONFIRM",
"url": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html"
},
{
"name": "20241",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20241"
},
{
"name": "20762",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20762"
},
{
"name": "236703",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-236703-1"
},
{
"name": "SSA:2006-155-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.599377"
},
{
"name": "20333",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20333"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365939",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365939"
},
{
"name": "20002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20002"
},
{
"name": "20223",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20223"
},
{
"name": "20076",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20076"
},
{
"name": "1016016",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016016"
},
{
"name": "DSA-1071",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1071"
},
{
"name": "ADV-2008-1326",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1326/references"
},
{
"name": "ADV-2007-0930",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0930"
},
{
"name": "20253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20253"
},
{
"name": "USN-283-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/283-1/"
},
{
"name": "20457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20457"
},
{
"name": "DSA-1073",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1073"
},
{
"name": "mysql-sqlparcecc-information-disclosure(26228)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26228"
},
{
"name": "29847",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29847"
},
{
"name": "20625",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20625"
},
{
"name": "RHSA-2006:0544",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0544.html"
},
{
"name": "24479",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24479"
}
]
}
}

180
2006/1xxx/CVE-2006-1554.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1554",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in VSNS Lemon 3.2.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter while adding a comment."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060406 [eVuln] VSNS Lemon Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/430345/100/0/threaded"
},
{
"name" : "http://evuln.com/vulns/106/description.html",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/106/description.html"
},
{
"name" : "17395",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17395"
},
{
"name" : "24212",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24212"
},
{
"name" : "1015836",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015836"
},
{
"name" : "19420",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19420"
},
{
"name" : "vsns-lemon-name-xss(25457)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25457"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in VSNS Lemon 3.2.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter while adding a comment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015836",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015836"
},
{
"name": "20060406 [eVuln] VSNS Lemon Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430345/100/0/threaded"
},
{
"name": "24212",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24212"
},
{
"name": "http://evuln.com/vulns/106/description.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/106/description.html"
},
{
"name": "17395",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17395"
},
{
"name": "19420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19420"
},
{
"name": "vsns-lemon-name-xss(25457)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25457"
}
]
}
}

210
2006/5xxx/CVE-2006-5240.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5240",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in engine/require.php in Docmint 2.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the MY_ENV[BASE_ENGINE_LOC] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061009 [ECHO_ADV_51$2006] docmint <= 2.0 (MY_ENV[BASE_ENGINE_LOC]) Remote File Inclusion Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/448013/100/0/threaded"
},
{
"name" : "2493",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2493"
},
{
"name" : "http://advisories.echo.or.id/adv/adv51-K-159-2006.txt",
"refsource" : "MISC",
"url" : "http://advisories.echo.or.id/adv/adv51-K-159-2006.txt"
},
{
"name" : "http://www.docmint.net/index.php?id=54",
"refsource" : "CONFIRM",
"url" : "http://www.docmint.net/index.php?id=54"
},
{
"name" : "20409",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20409"
},
{
"name" : "ADV-2006-3968",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3968"
},
{
"name" : "1017026",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017026"
},
{
"name" : "22343",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22343"
},
{
"name" : "1709",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1709"
},
{
"name" : "docmint-engine-file-include(29390)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29390"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in engine/require.php in Docmint 2.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the MY_ENV[BASE_ENGINE_LOC] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1017026",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017026"
},
{
"name": "1709",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1709"
},
{
"name": "docmint-engine-file-include(29390)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29390"
},
{
"name": "http://advisories.echo.or.id/adv/adv51-K-159-2006.txt",
"refsource": "MISC",
"url": "http://advisories.echo.or.id/adv/adv51-K-159-2006.txt"
},
{
"name": "20409",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20409"
},
{
"name": "20061009 [ECHO_ADV_51$2006] docmint <= 2.0 (MY_ENV[BASE_ENGINE_LOC]) Remote File Inclusion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448013/100/0/threaded"
},
{
"name": "22343",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22343"
},
{
"name": "http://www.docmint.net/index.php?id=54",
"refsource": "CONFIRM",
"url": "http://www.docmint.net/index.php?id=54"
},
{
"name": "2493",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2493"
},
{
"name": "ADV-2006-3968",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3968"
}
]
}
}

130
2006/5xxx/CVE-2006-5899.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5899",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** PHP remote file inclusion vulnerability in install.php3 in @cid stats 2.3 allows remote attackers to execute arbitrary PHP code via a URL in the repertoire parameter. NOTE: this issue has been disputed by a third party, who states that install.php3 is supposed to be deleted after installation and, if not deleted, intentionally allows setting repertoire without an inclusion attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061105 @cid stats v2.3 File Include",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/450676/100/0/threaded"
},
{
"name" : "20061106 Re: @cid stats v2.3 File Include",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/450685/100/0/threaded"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** PHP remote file inclusion vulnerability in install.php3 in @cid stats 2.3 allows remote attackers to execute arbitrary PHP code via a URL in the repertoire parameter. NOTE: this issue has been disputed by a third party, who states that install.php3 is supposed to be deleted after installation and, if not deleted, intentionally allows setting repertoire without an inclusion attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061105 @cid stats v2.3 File Include",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450676/100/0/threaded"
},
{
"name": "20061106 Re: @cid stats v2.3 File Include",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450685/100/0/threaded"
}
]
}
}

170
2007/2xxx/CVE-2007-2041.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2041",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070412 Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
},
{
"name" : "23461",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23461"
},
{
"name" : "ADV-2007-1368",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1368"
},
{
"name" : "34138",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/34138"
},
{
"name" : "1017908",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017908"
},
{
"name" : "cisco-wlc-acl-weak-security(33611)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33611"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-wlc-acl-weak-security(33611)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33611"
},
{
"name": "ADV-2007-1368",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1368"
},
{
"name": "20070412 Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml"
},
{
"name": "1017908",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017908"
},
{
"name": "23461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23461"
},
{
"name": "34138",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/34138"
}
]
}
}

130
2007/2xxx/CVE-2007-2385.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2385",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Yahoo! UI framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf",
"refsource" : "MISC",
"url" : "http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf"
},
{
"name" : "43324",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/43324"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Yahoo! UI framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf",
"refsource": "MISC",
"url": "http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf"
},
{
"name": "43324",
"refsource": "OSVDB",
"url": "http://osvdb.org/43324"
}
]
}
}

730
2007/2xxx/CVE-2007-2867.json
View File

@ -1,367 +1,367 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2867",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2007-2867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070531 FLEA-2007-0023-1: firefox",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/470172/100/200/threaded"
},
{
"name" : "20070620 FLEA-2007-0027-1: thunderbird",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/471842/100/0/threaded"
},
{
"name" : "http://www.mozilla.org/security/announce/2007/mfsa2007-12.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2007/mfsa2007-12.html"
},
{
"name" : "https://issues.rpath.com/browse/RPL-1424",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-1424"
},
{
"name" : "DSA-1300",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2007/dsa-1300"
},
{
"name" : "DSA-1306",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2007/dsa-1306"
},
{
"name" : "DSA-1308",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2007/dsa-1308"
},
{
"name" : "DSA-1305",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2007/dsa-1305"
},
{
"name" : "FEDORA-2007-308",
"refsource" : "FEDORA",
"url" : "http://fedoranews.org/cms/node/2747"
},
{
"name" : "FEDORA-2007-309",
"refsource" : "FEDORA",
"url" : "http://fedoranews.org/cms/node/2749"
},
{
"name" : "GLSA-200706-06",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200706-06.xml"
},
{
"name" : "HPSBUX02153",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name" : "HPSBUX02156",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
},
{
"name" : "SSRT061181",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name" : "SSRT061236",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
},
{
"name" : "MDKSA-2007:119",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:119"
},
{
"name" : "MDKSA-2007:120",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:120"
},
{
"name" : "MDKSA-2007:131",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:131"
},
{
"name" : "MDKSA-2007:126",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:126"
},
{
"name" : "RHSA-2007:0400",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0400.html"
},
{
"name" : "RHSA-2007:0401",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0401.html"
},
{
"name" : "RHSA-2007:0402",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0402.html"
},
{
"name" : "SSA:2007-066-04",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947"
},
{
"name" : "SSA:2007-152-02",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857"
},
{
"name" : "103136",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103136-1"
},
{
"name" : "201532",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201532-1"
},
{
"name" : "SUSE-SA:2007:036",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_36_mozilla.html"
},
{
"name" : "USN-468-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-468-1"
},
{
"name" : "USN-469-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-469-1"
},
{
"name" : "TA07-151A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-151A.html"
},
{
"name" : "VU#751636",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/751636"
},
{
"name" : "24242",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24242"
},
{
"name" : "35134",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35134"
},
{
"name" : "oval:org.mitre.oval:def:10066",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10066"
},
{
"name" : "ADV-2007-1994",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1994"
},
{
"name" : "ADV-2007-3664",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3664"
},
{
"name" : "ADV-2008-0082",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0082"
},
{
"name" : "1018151",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018151"
},
{
"name" : "1018153",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018153"
},
{
"name" : "25476",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25476"
},
{
"name" : "25533",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25533"
},
{
"name" : "25496",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25496"
},
{
"name" : "25559",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25559"
},
{
"name" : "25635",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25635"
},
{
"name" : "25644",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25644"
},
{
"name" : "25647",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25647"
},
{
"name" : "25685",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25685"
},
{
"name" : "24406",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24406"
},
{
"name" : "24456",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24456"
},
{
"name" : "25534",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25534"
},
{
"name" : "25664",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25664"
},
{
"name" : "25469",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25469"
},
{
"name" : "25488",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25488"
},
{
"name" : "25489",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25489"
},
{
"name" : "25490",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25490"
},
{
"name" : "25491",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25491"
},
{
"name" : "25492",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25492"
},
{
"name" : "25750",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25750"
},
{
"name" : "25858",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25858"
},
{
"name" : "27423",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27423"
},
{
"name" : "28363",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28363"
},
{
"name" : "mozilla-layoutengine-dos(34604)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34604"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25496",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25496"
},
{
"name": "1018153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018153"
},
{
"name": "FEDORA-2007-308",
"refsource": "FEDORA",
"url": "http://fedoranews.org/cms/node/2747"
},
{
"name": "DSA-1308",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1308"
},
{
"name": "mozilla-layoutengine-dos(34604)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34604"
},
{
"name": "1018151",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018151"
},
{
"name": "http://www.mozilla.org/security/announce/2007/mfsa2007-12.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-12.html"
},
{
"name": "HPSBUX02156",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
},
{
"name": "MDKSA-2007:120",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:120"
},
{
"name": "27423",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27423"
},
{
"name": "20070531 FLEA-2007-0023-1: firefox",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470172/100/200/threaded"
},
{
"name": "24406",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24406"
},
{
"name": "25647",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25647"
},
{
"name": "25469",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25469"
},
{
"name": "HPSBUX02153",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "35134",
"refsource": "OSVDB",
"url": "http://osvdb.org/35134"
},
{
"name": "SUSE-SA:2007:036",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_36_mozilla.html"
},
{
"name": "25491",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25491"
},
{
"name": "GLSA-200706-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200706-06.xml"
},
{
"name": "25635",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25635"
},
{
"name": "25534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25534"
},
{
"name": "ADV-2007-1994",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1994"
},
{
"name": "RHSA-2007:0400",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0400.html"
},
{
"name": "FEDORA-2007-309",
"refsource": "FEDORA",
"url": "http://fedoranews.org/cms/node/2749"
},
{
"name": "SSA:2007-152-02",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857"
},
{
"name": "USN-469-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-469-1"
},
{
"name": "MDKSA-2007:131",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:131"
},
{
"name": "DSA-1305",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1305"
},
{
"name": "25533",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25533"
},
{
"name": "oval:org.mitre.oval:def:10066",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10066"
},
{
"name": "SSRT061236",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
},
{
"name": "DSA-1306",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1306"
},
{
"name": "https://issues.rpath.com/browse/RPL-1424",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1424"
},
{
"name": "VU#751636",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/751636"
},
{
"name": "25664",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25664"
},
{
"name": "MDKSA-2007:119",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:119"
},
{
"name": "SSA:2007-066-04",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947"
},
{
"name": "103136",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103136-1"
},
{
"name": "24456",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24456"
},
{
"name": "25644",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25644"
},
{
"name": "25858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25858"
},
{
"name": "USN-468-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-468-1"
},
{
"name": "ADV-2008-0082",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0082"
},
{
"name": "RHSA-2007:0401",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0401.html"
},
{
"name": "25476",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25476"
},
{
"name": "MDKSA-2007:126",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:126"
},
{
"name": "201532",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201532-1"
},
{
"name": "SSRT061181",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "24242",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24242"
},
{
"name": "25750",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25750"
},
{
"name": "ADV-2007-3664",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3664"
},
{
"name": "25489",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25489"
},
{
"name": "DSA-1300",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1300"
},
{
"name": "25559",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25559"
},
{
"name": "28363",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28363"
},
{
"name": "25490",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25490"
},
{
"name": "25488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25488"
},
{
"name": "25492",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25492"
},
{
"name": "RHSA-2007:0402",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0402.html"
},
{
"name": "TA07-151A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-151A.html"
},
{
"name": "25685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25685"
},
{
"name": "20070620 FLEA-2007-0027-1: thunderbird",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471842/100/0/threaded"
}
]
}
}

34
2010/0xxx/CVE-2010-0259.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0259",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2010-0259",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}

34
2010/0xxx/CVE-2010-0368.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0368",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0368",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2010/0xxx/CVE-2010-0399.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0399",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0399",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2010/0xxx/CVE-2010-0548.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0548",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the Network Controller and Web Server in Xerox WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, and 5687 allow remote attackers to (1) access mailboxes via unknown vectors that bypass Scan to Mailbox authorization or (2) read device configuration information via via unknown vectors that bypass web server authorization."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX10-002_v1.0.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX10-002_v1.0.pdf"
},
{
"name" : "38139",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38139"
},
{
"name" : "ADV-2010-0209",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0209"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the Network Controller and Web Server in Xerox WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, and 5687 allow remote attackers to (1) access mailboxes via unknown vectors that bypass Scan to Mailbox authorization or (2) read device configuration information via via unknown vectors that bypass web server authorization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-0209",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0209"
},
{
"name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX10-002_v1.0.pdf",
"refsource": "CONFIRM",
"url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX10-002_v1.0.pdf"
},
{
"name": "38139",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38139"
}
]
}
}

140
2010/0xxx/CVE-2010-0617.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0617",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in ajax.php in evalSMSI 2.1.03 allows remote attackers to inject arbitrary web script or HTML via the return parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "62179",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/62179"
},
{
"name" : "38478",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38478"
},
{
"name" : "evalsmsi-ajax-xss(56157)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56157"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ajax.php in evalSMSI 2.1.03 allows remote attackers to inject arbitrary web script or HTML via the return parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62179",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/62179"
},
{
"name": "38478",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38478"
},
{
"name": "evalsmsi-ajax-xss(56157)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56157"
}
]
}
}

150
2010/0xxx/CVE-2010-0653.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0653",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera before 10.10 permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=9877",
"refsource" : "MISC",
"url" : "http://code.google.com/p/chromium/issues/detail?id=9877"
},
{
"name" : "http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html",
"refsource" : "MISC",
"url" : "http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html"
},
{
"name" : "http://websec.sv.cmu.edu/css/css.pdf",
"refsource" : "MISC",
"url" : "http://websec.sv.cmu.edu/css/css.pdf"
},
{
"name" : "SUSE-SR:2010:014",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera before 10.10 permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html",
"refsource": "MISC",
"url": "http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html"
},
{
"name": "http://websec.sv.cmu.edu/css/css.pdf",
"refsource": "MISC",
"url": "http://websec.sv.cmu.edu/css/css.pdf"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=9877",
"refsource": "MISC",
"url": "http://code.google.com/p/chromium/issues/detail?id=9877"
}
]
}
}

130
2010/1xxx/CVE-2010-1019.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1019",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name" : "38796",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38796"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-006/"
},
{
"name": "38796",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38796"
}
]
}
}

160
2010/1xxx/CVE-2010-1303.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1303",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Filter module 6.x before 6.x-1.1 for Drupal allow remote authenticated users, with administer taxonomy permissions or create node permissions when free tagging is enabled, to inject arbitrary web script or HTML via vocabulary (1) names, (2) terms, and (3) filter menus."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/622096",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/622096"
},
{
"name" : "http://drupal.org/node/758756",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/758756"
},
{
"name" : "63425",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/63425"
},
{
"name" : "39220",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39220"
},
{
"name" : "taxonomy-names-xss(57445)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57445"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Filter module 6.x before 6.x-1.1 for Drupal allow remote authenticated users, with administer taxonomy permissions or create node permissions when free tagging is enabled, to inject arbitrary web script or HTML via vocabulary (1) names, (2) terms, and (3) filter menus."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/622096",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/622096"
},
{
"name": "http://drupal.org/node/758756",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/758756"
},
{
"name": "63425",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/63425"
},
{
"name": "39220",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39220"
},
{
"name": "taxonomy-names-xss(57445)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57445"
}
]
}
}

270
2010/1xxx/CVE-2010-1311.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1311",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96",
"refsource" : "CONFIRM",
"url" : "http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96"
},
{
"name" : "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771",
"refsource" : "CONFIRM",
"url" : "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771"
},
{
"name" : "http://support.apple.com/kb/HT4312",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4312"
},
{
"name" : "APPLE-SA-2010-08-24-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html"
},
{
"name" : "MDVSA-2010:082",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:082"
},
{
"name" : "SUSE-SR:2010:010",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html"
},
{
"name" : "USN-926-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-926-1"
},
{
"name" : "39262",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/39262"
},
{
"name" : "39329",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39329"
},
{
"name" : "39293",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39293"
},
{
"name" : "39656",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39656"
},
{
"name" : "ADV-2010-0827",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0827"
},
{
"name" : "ADV-2010-0832",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0832"
},
{
"name" : "ADV-2010-0909",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0909"
},
{
"name" : "ADV-2010-1001",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1001"
},
{
"name" : "ADV-2010-1206",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1206"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771"
},
{
"name": "ADV-2010-1206",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1206"
},
{
"name": "39656",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39656"
},
{
"name": "MDVSA-2010:082",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:082"
},
{
"name": "USN-926-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-926-1"
},
{
"name": "ADV-2010-0827",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0827"
},
{
"name": "APPLE-SA-2010-08-24-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html"
},
{
"name": "SUSE-SR:2010:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html"
},
{
"name": "http://support.apple.com/kb/HT4312",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4312"
},
{
"name": "http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96",
"refsource": "CONFIRM",
"url": "http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96"
},
{
"name": "ADV-2010-0909",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0909"
},
{
"name": "39293",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39293"
},
{
"name": "ADV-2010-0832",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0832"
},
{
"name": "39329",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39329"
},
{
"name": "39262",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39262"
},
{
"name": "ADV-2010-1001",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1001"
}
]
}
}

160
2010/1xxx/CVE-2010-1549.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1549",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 and HP Performance Center before 9.50 allows remote attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2010-1549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "43411",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43411/"
},
{
"name" : "HPSBMA02201",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/511146/100/0/threaded"
},
{
"name" : "SSRT071328",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/511146/100/0/threaded"
},
{
"name" : "HPSBMA02528",
"refsource" : "HP",
"url" : "http://seclists.org/bugtraq/2010/May/69"
},
{
"name" : "SSRT100106",
"refsource" : "HP",
"url" : "http://seclists.org/bugtraq/2010/May/69"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 and HP Performance Center before 9.50 allows remote attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT071328",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/511146/100/0/threaded"
},
{
"name": "HPSBMA02201",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/511146/100/0/threaded"
},
{
"name": "HPSBMA02528",
"refsource": "HP",
"url": "http://seclists.org/bugtraq/2010/May/69"
},
{
"name": "SSRT100106",
"refsource": "HP",
"url": "http://seclists.org/bugtraq/2010/May/69"
},
{
"name": "43411",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43411/"
}
]
}
}

140
2010/1xxx/CVE-2010-1685.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1685",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in CursorArts ZipWrangler 1.20 allows user-assisted remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-031-zip-wrangler-1-20-buffer-overflow/",
"refsource" : "MISC",
"url" : "http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-031-zip-wrangler-1-20-buffer-overflow/"
},
{
"name" : "64079",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/64079"
},
{
"name" : "39575",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39575"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in CursorArts ZipWrangler 1.20 allows user-assisted remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64079",
"refsource": "OSVDB",
"url": "http://osvdb.org/64079"
},
{
"name": "39575",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39575"
},
{
"name": "http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-031-zip-wrangler-1-20-buffer-overflow/",
"refsource": "MISC",
"url": "http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-031-zip-wrangler-1-20-buffer-overflow/"
}
]
}
}

170
2010/4xxx/CVE-2010-4102.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4102",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP Insight Recovery before 6.2 allows remote attackers to read arbitrary files via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2010-4102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMA02604",
"refsource" : "HP",
"url" : "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02571464"
},
{
"name" : "SSRT100320",
"refsource" : "HP",
"url" : "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02571464"
},
{
"name" : "44542",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44542"
},
{
"name" : "1024673",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024673"
},
{
"name" : "42037",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42037"
},
{
"name" : "ADV-2010-2830",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2830"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP Insight Recovery before 6.2 allows remote attackers to read arbitrary files via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42037",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42037"
},
{
"name": "ADV-2010-2830",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2830"
},
{
"name": "1024673",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024673"
},
{
"name": "44542",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44542"
},
{
"name": "HPSBMA02604",
"refsource": "HP",
"url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02571464"
},
{
"name": "SSRT100320",
"refsource": "HP",
"url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02571464"
}
]
}
}

150
2010/4xxx/CVE-2010-4667.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4667",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.4.27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110608 CVE Request -- Coppermine Photo Gallery -- cpg1.4.27 / cpg1.5.12 -- XSS flaw",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/06/08/2"
},
{
"name" : "[oss-security] 20110608 Re: CVE Request -- Coppermine Photo Gallery -- cpg1.4.27 / cpg1.5.12 -- XSS flaw",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/06/08/6"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=347287",
"refsource" : "CONFIRM",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=347287"
},
{
"name" : "http://forum.coppermine-gallery.net/index.php/topic,65023.msg322935.html",
"refsource" : "CONFIRM",
"url" : "http://forum.coppermine-gallery.net/index.php/topic,65023.msg322935.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.4.27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110608 CVE Request -- Coppermine Photo Gallery -- cpg1.4.27 / cpg1.5.12 -- XSS flaw",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/08/2"
},
{
"name": "[oss-security] 20110608 Re: CVE Request -- Coppermine Photo Gallery -- cpg1.4.27 / cpg1.5.12 -- XSS flaw",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/08/6"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=347287",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=347287"
},
{
"name": "http://forum.coppermine-gallery.net/index.php/topic,65023.msg322935.html",
"refsource": "CONFIRM",
"url": "http://forum.coppermine-gallery.net/index.php/topic,65023.msg322935.html"
}
]
}
}

120
2010/4xxx/CVE-2010-4946.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4946",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in product_info.php in ALLPC 2.5 allows remote attackers to execute arbitrary SQL commands via the products_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15128",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15128"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in product_info.php in ALLPC 2.5 allows remote attackers to execute arbitrary SQL commands via the products_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15128",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15128"
}
]
}
}

130
2014/0xxx/CVE-2014-0307.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0307",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a certain sequence of manipulations of a TextRange element, aka \"Internet Explorer Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-0307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "32438",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/32438"
},
{
"name" : "MS14-012",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-012"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a certain sequence of manipulations of a TextRange element, aka \"Internet Explorer Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32438",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/32438"
},
{
"name": "MS14-012",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-012"
}
]
}
}

170
2014/0xxx/CVE-2014-0380.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0380",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to MultiChannel Framework (MCF)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-0380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name" : "64758",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64758"
},
{
"name" : "64865",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64865"
},
{
"name" : "102037",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102037"
},
{
"name" : "1029623",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029623"
},
{
"name" : "56478",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56478"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to MultiChannel Framework (MCF)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102037",
"refsource": "OSVDB",
"url": "http://osvdb.org/102037"
},
{
"name": "56478",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56478"
},
{
"name": "64865",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64865"
},
{
"name": "1029623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029623"
},
{
"name": "64758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64758"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
}
]
}
}

34
2014/456xxx/CVE-2014-456132.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-456132",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This ID is frequently used as an example of the 2014 CVE-ID syntax change, which allows more than 4 digits in the sequence number. Notes: See references."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-456132",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This ID is frequently used as an example of the 2014 CVE-ID syntax change, which allows more than 4 digits in the sequence number. Notes: See references."
}
]
}
}

130
2014/4xxx/CVE-2014-4190.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4190",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple heap-based buffer overflows in Huawei Campus Series Switches S3700HI, S5700, S6700, S3300HI, S5300, S6300, S9300, S7700, and LSW S9700 with software V200R001 before V200R001SPH013; S5700, S6700, S5300, and S6300 with software V200R002 before V200R002SPH005; S7700, S9300, S9300E, S5300, S5700, S6300, S6700, S2350, S2750, and LSW S9700 with software V200R003 before V200R003SPH005; and S7700, S9300, S9300E, and LSW S9700 with software V200R005 before V200R005C00SPC300 allow remote attackers to cause a denial of service (device restart) via a crafted length field in a packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-343218.htm",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-343218.htm"
},
{
"name" : "67907",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67907"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in Huawei Campus Series Switches S3700HI, S5700, S6700, S3300HI, S5300, S6300, S9300, S7700, and LSW S9700 with software V200R001 before V200R001SPH013; S5700, S6700, S5300, and S6300 with software V200R002 before V200R002SPH005; S7700, S9300, S9300E, S5300, S5700, S6300, S6700, S2350, S2750, and LSW S9700 with software V200R003 before V200R003SPH005; and S7700, S9300, S9300E, and LSW S9700 with software V200R005 before V200R005C00SPC300 allow remote attackers to cause a denial of service (device restart) via a crafted length field in a packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "67907",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67907"
},
{
"name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-343218.htm",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-343218.htm"
}
]
}
}

130
2014/4xxx/CVE-2014-4825.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4825",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not properly implement secure connections, which allows man-in-the-middle attackers to discover cleartext credentials via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-4825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686478",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21686478"
},
{
"name" : "ibm-qvm-cve20144825-mitm(95575)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95575"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not properly implement secure connections, which allows man-in-the-middle attackers to discover cleartext credentials via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-qvm-cve20144825-mitm(95575)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95575"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686478",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686478"
}
]
}
}

130
2014/4xxx/CVE-2014-4855.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4855",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Polylang plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a user description. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://wordpress.org/plugins/polylang/changelog",
"refsource" : "CONFIRM",
"url" : "http://wordpress.org/plugins/polylang/changelog"
},
{
"name" : "59357",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59357"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Polylang plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a user description. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wordpress.org/plugins/polylang/changelog",
"refsource": "CONFIRM",
"url": "http://wordpress.org/plugins/polylang/changelog"
},
{
"name": "59357",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59357"
}
]
}
}

140
2014/4xxx/CVE-2014-4904.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4904",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Crossmo Calendar (aka com.crossmo.calendar) application 1.7.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-4904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#430345",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/430345"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Crossmo Calendar (aka com.crossmo.calendar) application 1.7.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#430345",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/430345"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

140
2014/8xxx/CVE-2014-8954.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8954",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in phpSound 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Description fields in a playlist or the (3) filter parameter in an explore action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "35198",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/35198"
},
{
"name" : "http://packetstormsecurity.com/files/129104/phpSound-Music-Sharing-Platform-1.0.5-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129104/phpSound-Music-Sharing-Platform-1.0.5-Cross-Site-Scripting.html"
},
{
"name" : "71172",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71172"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in phpSound 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Description fields in a playlist or the (3) filter parameter in an explore action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "71172",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71172"
},
{
"name": "35198",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35198"
},
{
"name": "http://packetstormsecurity.com/files/129104/phpSound-Music-Sharing-Platform-1.0.5-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129104/phpSound-Music-Sharing-Platform-1.0.5-Cross-Site-Scripting.html"
}
]
}
}

140
2014/9xxx/CVE-2014-9387.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9387",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141216 [Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534249/100/0/threaded"
},
{
"name" : "20141216 [Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Dec/60"
},
{
"name" : "http://www.onapsis.com/research/security-advisories/sap-business-objects-search-token-privilege-escalation-via-corba",
"refsource" : "MISC",
"url" : "http://www.onapsis.com/research/security-advisories/sap-business-objects-search-token-privilege-escalation-via-corba"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.onapsis.com/research/security-advisories/sap-business-objects-search-token-privilege-escalation-via-corba",
"refsource": "MISC",
"url": "http://www.onapsis.com/research/security-advisories/sap-business-objects-search-token-privilege-escalation-via-corba"
},
{
"name": "20141216 [Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/60"
},
{
"name": "20141216 [Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534249/100/0/threaded"
}
]
}
}

260
2014/9xxx/CVE-2014-9664.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9664",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/google-security-research/issues/detail?id=183",
"refsource" : "MISC",
"url" : "http://code.google.com/p/google-security-research/issues/detail?id=183"
},
{
"name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=73be9f9ab67842cfbec36ee99e8d2301434c84ca",
"refsource" : "CONFIRM",
"url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=73be9f9ab67842cfbec36ee99e8d2301434c84ca"
},
{
"name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=dd89710f0f643eb0f99a3830e0712d26c7642acd",
"refsource" : "CONFIRM",
"url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=dd89710f0f643eb0f99a3830e0712d26c7642acd"
},
{
"name" : "http://advisories.mageia.org/MGASA-2015-0083.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2015-0083.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name" : "DSA-3188",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3188"
},
{
"name" : "FEDORA-2015-2216",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html"
},
{
"name" : "FEDORA-2015-2237",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html"
},
{
"name" : "GLSA-201503-05",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201503-05"
},
{
"name" : "MDVSA-2015:055",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:055"
},
{
"name" : "RHSA-2015:0696",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0696.html"
},
{
"name" : "openSUSE-SU-2015:0627",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html"
},
{
"name" : "USN-2510-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2510-1"
},
{
"name" : "USN-2739-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2739-1"
},
{
"name" : "72986",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72986"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=dd89710f0f643eb0f99a3830e0712d26c7642acd",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=dd89710f0f643eb0f99a3830e0712d26c7642acd"
},
{
"name": "DSA-3188",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3188"
},
{
"name": "GLSA-201503-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-05"
},
{
"name": "72986",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72986"
},
{
"name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=73be9f9ab67842cfbec36ee99e8d2301434c84ca",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=73be9f9ab67842cfbec36ee99e8d2301434c84ca"
},
{
"name": "USN-2739-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2739-1"
},
{
"name": "openSUSE-SU-2015:0627",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0083.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0083.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "RHSA-2015:0696",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0696.html"
},
{
"name": "FEDORA-2015-2216",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html"
},
{
"name": "MDVSA-2015:055",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:055"
},
{
"name": "USN-2510-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2510-1"
},
{
"name": "http://code.google.com/p/google-security-research/issues/detail?id=183",
"refsource": "MISC",
"url": "http://code.google.com/p/google-security-research/issues/detail?id=183"
},
{
"name": "FEDORA-2015-2237",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html"
}
]
}
}

142
2014/9xxx/CVE-2014-9955.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2017-06-05T00:00:00",
"ID" : "CVE-2014-9955",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android kernel"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384686."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2017-06-05T00:00:00",
"ID": "CVE-2014-9955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-06-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name" : "98874",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98874"
},
{
"name" : "1038623",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038623"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384686."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-06-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "98874",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98874"
},
{
"name": "1038623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038623"
}
]
}
}

142
2014/9xxx/CVE-2014-9956.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2017-06-05T00:00:00",
"ID" : "CVE-2014-9956",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android kernel"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36389611."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2017-06-05T00:00:00",
"ID": "CVE-2014-9956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-06-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name" : "98874",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98874"
},
{
"name" : "1038623",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038623"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36389611."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-06-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "98874",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98874"
},
{
"name": "1038623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038623"
}
]
}
}

200
2016/3xxx/CVE-2016-3111.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3111",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before later modifying the permissions, which might allow local users to read the generated RSA keys via reading the key files while the installation process is running."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160519 Pulp 2.8.3 Released to address multiple CVEs",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/05/20/1"
},
{
"name" : "http://pkgs.fedoraproject.org/cgit/rpms/pulp.git/tree/pulp.spec#n317",
"refsource" : "MISC",
"url" : "http://pkgs.fedoraproject.org/cgit/rpms/pulp.git/tree/pulp.spec#n317"
},
{
"name" : "http://pkgs.fedoraproject.org/cgit/rpms/pulp.git/tree/pulp.spec#n620",
"refsource" : "MISC",
"url" : "http://pkgs.fedoraproject.org/cgit/rpms/pulp.git/tree/pulp.spec#n620"
},
{
"name" : "https://bugzilla.redhat.com/attachment.cgi?id=1146522",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/attachment.cgi?id=1146522"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1326251",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1326251"
},
{
"name" : "https://github.com/pulp/pulp/blob/master/pulp.spec#L473-L486",
"refsource" : "CONFIRM",
"url" : "https://github.com/pulp/pulp/blob/master/pulp.spec#L473-L486"
},
{
"name" : "https://github.com/pulp/pulp/blob/master/pulp.spec#L894-L903",
"refsource" : "CONFIRM",
"url" : "https://github.com/pulp/pulp/blob/master/pulp.spec#L894-L903"
},
{
"name" : "https://pulp.plan.io/issues/1837",
"refsource" : "CONFIRM",
"url" : "https://pulp.plan.io/issues/1837"
},
{
"name" : "RHBA-2016:1501",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHBA-2016:1501"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before later modifying the permissions, which might allow local users to read the generated RSA keys via reading the key files while the installation process is running."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pkgs.fedoraproject.org/cgit/rpms/pulp.git/tree/pulp.spec#n620",
"refsource": "MISC",
"url": "http://pkgs.fedoraproject.org/cgit/rpms/pulp.git/tree/pulp.spec#n620"
},
{
"name": "http://pkgs.fedoraproject.org/cgit/rpms/pulp.git/tree/pulp.spec#n317",
"refsource": "MISC",
"url": "http://pkgs.fedoraproject.org/cgit/rpms/pulp.git/tree/pulp.spec#n317"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1326251",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326251"
},
{
"name": "https://bugzilla.redhat.com/attachment.cgi?id=1146522",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/attachment.cgi?id=1146522"
},
{
"name": "RHBA-2016:1501",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2016:1501"
},
{
"name": "https://pulp.plan.io/issues/1837",
"refsource": "CONFIRM",
"url": "https://pulp.plan.io/issues/1837"
},
{
"name": "https://github.com/pulp/pulp/blob/master/pulp.spec#L894-L903",
"refsource": "CONFIRM",
"url": "https://github.com/pulp/pulp/blob/master/pulp.spec#L894-L903"
},
{
"name": "[oss-security] 20160519 Pulp 2.8.3 Released to address multiple CVEs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/20/1"
},
{
"name": "https://github.com/pulp/pulp/blob/master/pulp.spec#L473-L486",
"refsource": "CONFIRM",
"url": "https://github.com/pulp/pulp/blob/master/pulp.spec#L473-L486"
}
]
}
}

140
2016/3xxx/CVE-2016-3439.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3439",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle CRM Wireless component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Call Phone Number Page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.onapsis.com/research/security-advisories/oracle-e-business-suite-cross-site-scripting-xss-cve-2016-3439",
"refsource" : "MISC",
"url" : "https://www.onapsis.com/research/security-advisories/oracle-e-business-suite-cross-site-scripting-xss-cve-2016-3439"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name" : "1035603",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035603"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle CRM Wireless component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Call Phone Number Page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.onapsis.com/research/security-advisories/oracle-e-business-suite-cross-site-scripting-xss-cve-2016-3439",
"refsource": "MISC",
"url": "https://www.onapsis.com/research/security-advisories/oracle-e-business-suite-cross-site-scripting-xss-cve-2016-3439"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "1035603",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035603"
}
]
}
}

150
2016/3xxx/CVE-2016-3470.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3470",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.4.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to Install."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3470",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name" : "91787",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91787"
},
{
"name" : "91979",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91979"
},
{
"name" : "1036402",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036402"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.4.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to Install."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "91979",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91979"
},
{
"name": "1036402",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036402"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
}
]
}
}

150
2016/3xxx/CVE-2016-3483.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3483",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality and availability via vectors related to File Processing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name" : "91787",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91787"
},
{
"name" : "91849",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91849"
},
{
"name" : "1036404",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036404"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality and availability via vectors related to File Processing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036404",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036404"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "91849",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91849"
}
]
}
}

150
2016/3xxx/CVE-2016-3621.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3621",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the \"-c lzw\" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160407 CVE-2016-3621 libtiff: Out-of-bounds Read in the bmp2tiff tool",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/04/07/3"
},
{
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2565",
"refsource" : "MISC",
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2565"
},
{
"name" : "GLSA-201701-16",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-16"
},
{
"name" : "1035508",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035508"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the \"-c lzw\" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035508",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035508"
},
{
"name": "[oss-security] 20160407 CVE-2016-3621 libtiff: Out-of-bounds Read in the bmp2tiff tool",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/07/3"
},
{
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2565",
"refsource": "MISC",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2565"
},
{
"name": "GLSA-201701-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-16"
}
]
}
}

170
2016/3xxx/CVE-2016-3623.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3623",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3623",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160408 CVE-2016-3623 libtiff: Divide By Zero in the rgb2ycbcr tool",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/04/08/3"
},
{
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2569",
"refsource" : "CONFIRM",
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2569"
},
{
"name" : "DSA-3762",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3762"
},
{
"name" : "GLSA-201701-16",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-16"
},
{
"name" : "openSUSE-SU-2016:2275",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-09/msg00039.html"
},
{
"name" : "85952",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/85952"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "85952",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/85952"
},
{
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2569",
"refsource": "CONFIRM",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2569"
},
{
"name": "GLSA-201701-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-16"
},
{
"name": "openSUSE-SU-2016:2275",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00039.html"
},
{
"name": "[oss-security] 20160408 CVE-2016-3623 libtiff: Divide By Zero in the rgb2ycbcr tool",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/08/3"
},
{
"name": "DSA-3762",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3762"
}
]
}
}

140
2016/3xxx/CVE-2016-3901.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3901",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in drivers/crypto/msm/qcedev.c in the Qualcomm cryptographic engine driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29999161 and Qualcomm internal bug CR 1046434."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-10-01.html"
},
{
"name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=5f69ccf3b011c1d14a1b1b00dbaacf74307c9132",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=5f69ccf3b011c1d14a1b1b00dbaacf74307c9132"
},
{
"name" : "93327",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93327"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in drivers/crypto/msm/qcedev.c in the Qualcomm cryptographic engine driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29999161 and Qualcomm internal bug CR 1046434."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93327",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93327"
},
{
"name": "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-10-01.html"
},
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=5f69ccf3b011c1d14a1b1b00dbaacf74307c9132",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=5f69ccf3b011c1d14a1b1b00dbaacf74307c9132"
}
]
}
}

240
2016/6xxx/CVE-2016-6128.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6128",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-6128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160629 Re: CVE Request: libgd: Invalid color index is not properly handled leading to denial of service (crash)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/06/30/1"
},
{
"name" : "https://bugs.php.net/72494",
"refsource" : "CONFIRM",
"url" : "https://bugs.php.net/72494"
},
{
"name" : "https://github.com/libgd/libgd/commit/1ccfe21e14c4d18336f9da8515cd17db88c3de61",
"refsource" : "CONFIRM",
"url" : "https://github.com/libgd/libgd/commit/1ccfe21e14c4d18336f9da8515cd17db88c3de61"
},
{
"name" : "https://github.com/libgd/libgd/commit/6ff72ae40c7c20ece939afb362d98cc37f4a1c96",
"refsource" : "CONFIRM",
"url" : "https://github.com/libgd/libgd/commit/6ff72ae40c7c20ece939afb362d98cc37f4a1c96"
},
{
"name" : "https://libgd.github.io/release-2.2.3.html",
"refsource" : "CONFIRM",
"url" : "https://libgd.github.io/release-2.2.3.html"
},
{
"name" : "DSA-3619",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3619"
},
{
"name" : "GLSA-201612-09",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201612-09"
},
{
"name" : "RHSA-2016:2750",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"name" : "openSUSE-SU-2016:2363",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"
},
{
"name" : "openSUSE-SU-2016:2117",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html"
},
{
"name" : "USN-3030-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3030-1"
},
{
"name" : "91509",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91509"
},
{
"name" : "1036276",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036276"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:2117",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html"
},
{
"name": "[oss-security] 20160629 Re: CVE Request: libgd: Invalid color index is not properly handled leading to denial of service (crash)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/06/30/1"
},
{
"name": "91509",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91509"
},
{
"name": "https://libgd.github.io/release-2.2.3.html",
"refsource": "CONFIRM",
"url": "https://libgd.github.io/release-2.2.3.html"
},
{
"name": "https://bugs.php.net/72494",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/72494"
},
{
"name": "openSUSE-SU-2016:2363",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html"
},
{
"name": "RHSA-2016:2750",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"name": "1036276",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036276"
},
{
"name": "https://github.com/libgd/libgd/commit/6ff72ae40c7c20ece939afb362d98cc37f4a1c96",
"refsource": "CONFIRM",
"url": "https://github.com/libgd/libgd/commit/6ff72ae40c7c20ece939afb362d98cc37f4a1c96"
},
{
"name": "GLSA-201612-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-09"
},
{
"name": "DSA-3619",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3619"
},
{
"name": "USN-3030-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3030-1"
},
{
"name": "https://github.com/libgd/libgd/commit/1ccfe21e14c4d18336f9da8515cd17db88c3de61",
"refsource": "CONFIRM",
"url": "https://github.com/libgd/libgd/commit/1ccfe21e14c4d18336f9da8515cd17db88c3de61"
}
]
}
}

230
2016/6xxx/CVE-2016-6290.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6290",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160724 Re: Fwd: CVE for PHP 5.5.38 issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2016/07/24/2"
},
{
"name" : "http://git.php.net/?p=php-src.git;a=commit;h=3798eb6fd5dddb211b01d41495072fd9858d4e32",
"refsource" : "CONFIRM",
"url" : "http://git.php.net/?p=php-src.git;a=commit;h=3798eb6fd5dddb211b01d41495072fd9858d4e32"
},
{
"name" : "http://php.net/ChangeLog-5.php",
"refsource" : "CONFIRM",
"url" : "http://php.net/ChangeLog-5.php"
},
{
"name" : "http://php.net/ChangeLog-7.php",
"refsource" : "CONFIRM",
"url" : "http://php.net/ChangeLog-7.php"
},
{
"name" : "https://bugs.php.net/72562",
"refsource" : "CONFIRM",
"url" : "https://bugs.php.net/72562"
},
{
"name" : "https://support.apple.com/HT207170",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207170"
},
{
"name" : "APPLE-SA-2016-09-20",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"
},
{
"name" : "DSA-3631",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3631"
},
{
"name" : "GLSA-201611-22",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201611-22"
},
{
"name" : "RHSA-2016:2750",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"name" : "92097",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92097"
},
{
"name" : "1036430",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036430"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.php.net/72562",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/72562"
},
{
"name": "APPLE-SA-2016-09-20",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"
},
{
"name": "GLSA-201611-22",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"name": "RHSA-2016:2750",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"name": "http://php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "1036430",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036430"
},
{
"name": "DSA-3631",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3631"
},
{
"name": "http://git.php.net/?p=php-src.git;a=commit;h=3798eb6fd5dddb211b01d41495072fd9858d4e32",
"refsource": "CONFIRM",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=3798eb6fd5dddb211b01d41495072fd9858d4e32"
},
{
"name": "http://php.net/ChangeLog-7.php",
"refsource": "CONFIRM",
"url": "http://php.net/ChangeLog-7.php"
},
{
"name": "[oss-security] 20160724 Re: Fwd: CVE for PHP 5.5.38 issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2016/07/24/2"
},
{
"name": "https://support.apple.com/HT207170",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207170"
},
{
"name": "92097",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92097"
}
]
}
}

120
2016/6xxx/CVE-2016-6605.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6605",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_all_product_issues.html#tsb_174",
"refsource" : "CONFIRM",
"url" : "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_all_product_issues.html#tsb_174"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_all_product_issues.html#tsb_174",
"refsource": "CONFIRM",
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_all_product_issues.html#tsb_174"
}
]
}
}

34
2016/6xxx/CVE-2016-6860.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6860",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6860",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2016/7xxx/CVE-2016-7267.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2016-7267",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 misparses file formats, which makes it easier for remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Security Feature Bypass Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-7267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-148",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name" : "94664",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94664"
},
{
"name" : "1037441",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037441"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 misparses file formats, which makes it easier for remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Security Feature Bypass Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-148",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-148"
},
{
"name": "94664",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94664"
},
{
"name": "1037441",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037441"
}
]
}
}

34
2016/7xxx/CVE-2016-7481.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7481",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7481",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/7xxx/CVE-2016-7690.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7690",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-7690",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/8xxx/CVE-2016-8039.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8039",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-8039",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

122
2016/8xxx/CVE-2016-8220.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security_alert@emc.com",
"DATE_PUBLIC" : "2016-12-29T00:00:00",
"ID" : "CVE-2016-8220",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Gemfire for PCF",
"version" : {
"version_data" : [
{
"version_value" : "1.6.x prior to 1.6.5.0, 1.7.x prior to 1.7.1.0"
}
]
}
}
]
},
"vendor_name" : "Pivotal"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Pivotal Gemfire for PCF, versions 1.6.x prior to 1.6.5.0 and 1.7.x prior to 1.7.1.0, contain an information disclosure vulnerability. The application inadvertently exposed WAN replication credentials at a public route."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2016-12-29T00:00:00",
"ID": "CVE-2016-8220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Gemfire for PCF",
"version": {
"version_data": [
{
"version_value": "1.6.x prior to 1.6.5.0, 1.7.x prior to 1.7.1.0"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.pivotal.io/gemfire-cf/relnotes.html",
"refsource" : "CONFIRM",
"url" : "https://docs.pivotal.io/gemfire-cf/relnotes.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal Gemfire for PCF, versions 1.6.x prior to 1.6.5.0 and 1.7.x prior to 1.7.1.0, contain an information disclosure vulnerability. The application inadvertently exposed WAN replication credentials at a public route."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.pivotal.io/gemfire-cf/relnotes.html",
"refsource": "CONFIRM",
"url": "https://docs.pivotal.io/gemfire-cf/relnotes.html"
}
]
}
}

130
2016/8xxx/CVE-2016-8583.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8583",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities",
"refsource" : "CONFIRM",
"url" : "https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities"
},
{
"name" : "93863",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93863"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities",
"refsource": "CONFIRM",
"url": "https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities"
},
{
"name": "93863",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93863"
}
]
}
}

130
2016/8xxx/CVE-2016-8801.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2016-8801",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "OceanStor 5600 V3 V300R003C00C10 and earlier versions",
"version" : {
"version_data" : [
{
"version_value" : "OceanStor 5600 V3 V300R003C00C10 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei OceanStor 5600 V3 with V300R003C00C10 and earlier versions allows attackers with administrator privilege to inject a command into a specific command's parameters, and run this injected command with root privilege."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "privilege escalation"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2016-8801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OceanStor 5600 V3 V300R003C00C10 and earlier versions",
"version": {
"version_data": [
{
"version_value": "OceanStor 5600 V3 V300R003C00C10 and earlier versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-storage-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-storage-en"
},
{
"name" : "94832",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94832"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei OceanStor 5600 V3 with V300R003C00C10 and earlier versions allows attackers with administrator privilege to inject a command into a specific command's parameters, and run this injected command with root privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94832",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94832"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-storage-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-storage-en"
}
]
}
}