admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:10:42 +00:00
parent d612e64d07
commit 9dd0daeb96
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
59 changed files with 4335 additions and 4335 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
2006/0xxx/CVE-2006-0018.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0018",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3899. Reason: This candidate is a duplicate of CVE-2005-3899. Notes: All CVE users should reference CVE-2005-3899 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2006-0018",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3899. Reason: This candidate is a duplicate of CVE-2005-3899. Notes: All CVE users should reference CVE-2005-3899 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

150
2006/0xxx/CVE-2006-0048.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0048",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Francesco Stablum tcpick 0.2.1 allows remote attackers to cause a denial of service (segmentation fault) via certain fragmented packets, possibly involving invalid headers and an attacker-controlled payload length. NOTE: this issue might be a buffer overflow or overread."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-0048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/mailarchive/forum.php?thread_id=9989610&forum_id=37151",
"refsource" : "MISC",
"url" : "http://sourceforge.net/mailarchive/forum.php?thread_id=9989610&forum_id=37151"
},
{
"name" : "17665",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17665"
},
{
"name" : "ADV-2006-1466",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1466"
},
{
"name" : "tcpick-writec-dos(26090)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26090"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Francesco Stablum tcpick 0.2.1 allows remote attackers to cause a denial of service (segmentation fault) via certain fragmented packets, possibly involving invalid headers and an attacker-controlled payload length. NOTE: this issue might be a buffer overflow or overread."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "tcpick-writec-dos(26090)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26090"
},
{
"name": "17665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17665"
},
{
"name": "ADV-2006-1466",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1466"
},
{
"name": "http://sourceforge.net/mailarchive/forum.php?thread_id=9989610&forum_id=37151",
"refsource": "MISC",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_id=9989610&forum_id=37151"
}
]
}
}

200
2006/0xxx/CVE-2006-0384.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0384",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "automount in Mac OS X 10.4.5 and earlier allows remote file servers to cause a denial of service (unresponsiveness) or execute arbitrary code via unspecified vectors that cause automount to \"mount file systems with reserved names\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://docs.info.apple.com/article.html?artnum=303382",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=303382"
},
{
"name" : "APPLE-SA-2006-03-01",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html"
},
{
"name" : "TA06-062A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-062A.html"
},
{
"name" : "16907",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16907"
},
{
"name" : "ADV-2006-0791",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0791"
},
{
"name" : "23640",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23640"
},
{
"name" : "1015709",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015709"
},
{
"name" : "19064",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19064"
},
{
"name" : "macosx-automount-execute-code(25021)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25021"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "automount in Mac OS X 10.4.5 and earlier allows remote file servers to cause a denial of service (unresponsiveness) or execute arbitrary code via unspecified vectors that cause automount to \"mount file systems with reserved names\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23640",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23640"
},
{
"name": "1015709",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015709"
},
{
"name": "19064",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19064"
},
{
"name": "16907",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16907"
},
{
"name": "ADV-2006-0791",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0791"
},
{
"name": "APPLE-SA-2006-03-01",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html"
},
{
"name": "TA06-062A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-062A.html"
},
{
"name": "macosx-automount-execute-code(25021)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25021"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=303382",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=303382"
}
]
}
}

160
2006/0xxx/CVE-2006-0924.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-0924",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Brown Bear iCal 3.10 allows remote attackers to inject arbitrary web script or HTML via the Calendar Text field when a new event is added. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "16845",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16845"
},
{
"name" : "ADV-2006-0727",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0727"
},
{
"name" : "23472",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23472"
},
{
"name" : "19001",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19001"
},
{
"name" : "ical-calendartext-xss(24919)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24919"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Brown Bear iCal 3.10 allows remote attackers to inject arbitrary web script or HTML via the Calendar Text field when a new event is added. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0727",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0727"
},
{
"name": "16845",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16845"
},
{
"name": "ical-calendartext-xss(24919)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24919"
},
{
"name": "23472",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23472"
},
{
"name": "19001",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19001"
}
]
}
}

120
2006/1xxx/CVE-2006-1318.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1318",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, Office 2004 for Mac, and Office X for Mac do not properly parse record lengths, which allows remote attackers to execute arbitrary code via a malformed control in an Office document, aka \"Microsoft Office Control Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-1318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS06-038",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-038"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, Office 2004 for Mac, and Office X for Mac do not properly parse record lengths, which allows remote attackers to execute arbitrary code via a malformed control in an Office document, aka \"Microsoft Office Control Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS06-038",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-038"
}
]
}
}

190
2006/1xxx/CVE-2006-1442.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1442",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The bundle API in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 loads dynamic libraries even if the client application has not directly requested it, which allows attackers to execute arbitrary code from an untrusted bundle."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1442",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2006-05-11",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
},
{
"name" : "TA06-132A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
},
{
"name" : "17951",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17951"
},
{
"name" : "ADV-2006-1779",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1779"
},
{
"name" : "25586",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25586"
},
{
"name" : "1016080",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016080"
},
{
"name" : "20077",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20077"
},
{
"name" : "macos-corefoundation-bundle-code-execution(26407)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26407"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bundle API in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 loads dynamic libraries even if the client application has not directly requested it, which allows attackers to execute arbitrary code from an untrusted bundle."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17951",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17951"
},
{
"name": "25586",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25586"
},
{
"name": "macos-corefoundation-bundle-code-execution(26407)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26407"
},
{
"name": "ADV-2006-1779",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1779"
},
{
"name": "TA06-132A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
},
{
"name": "APPLE-SA-2006-05-11",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
},
{
"name": "20077",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20077"
},
{
"name": "1016080",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016080"
}
]
}
}

220
2006/1xxx/CVE-2006-1671.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1671",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Control cards for Cisco Optical Networking System (ONS) 15000 series nodes before 20060405 allow remote attackers to cause a denial of service (card reset) via (1) a \"crafted\" IP packet to a device with secure mode EMS-to-network-element access, aka bug ID CSCsc51390; (2) a \"crafted\" IP packet to a device with IP on the LAN interface, aka bug ID CSCsd04168; and (3) a \"malformed\" OSPF packet, aka bug ID CSCsc54558."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060405 Cisco Optical Networking System 15000 Series and Cisco Transport Controller Vulnerabilities",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20060405-ons.shtml"
},
{
"name" : "17384",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17384"
},
{
"name" : "ADV-2006-1256",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1256"
},
{
"name" : "24435",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24435"
},
{
"name" : "24436",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24436"
},
{
"name" : "24437",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24437"
},
{
"name" : "1015872",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015872"
},
{
"name" : "19553",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19553"
},
{
"name" : "cisco-ons-ospf-dos(25646)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25646"
},
{
"name" : "cisco-ons-cc-ems-dos(25644)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25644"
},
{
"name" : "cisco-ons-cc-ip-dos(25645)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25645"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Control cards for Cisco Optical Networking System (ONS) 15000 series nodes before 20060405 allow remote attackers to cause a denial of service (card reset) via (1) a \"crafted\" IP packet to a device with secure mode EMS-to-network-element access, aka bug ID CSCsc51390; (2) a \"crafted\" IP packet to a device with IP on the LAN interface, aka bug ID CSCsd04168; and (3) a \"malformed\" OSPF packet, aka bug ID CSCsc54558."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24435",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24435"
},
{
"name": "1015872",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015872"
},
{
"name": "cisco-ons-cc-ems-dos(25644)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25644"
},
{
"name": "ADV-2006-1256",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1256"
},
{
"name": "24436",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24436"
},
{
"name": "cisco-ons-cc-ip-dos(25645)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25645"
},
{
"name": "19553",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19553"
},
{
"name": "17384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17384"
},
{
"name": "20060405 Cisco Optical Networking System 15000 Series and Cisco Transport Controller Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20060405-ons.shtml"
},
{
"name": "24437",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24437"
},
{
"name": "cisco-ons-ospf-dos(25646)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25646"
}
]
}
}

710
2006/1xxx/CVE-2006-1739.json
View File

@ -1,357 +1,357 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1739",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain Cascading Style Sheets (CSS) that causes an out-of-bounds array write and buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-1739",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-11.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-11.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=265736",
"refsource" : "MISC",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=265736"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm"
},
{
"name" : "DSA-1044",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1044"
},
{
"name" : "DSA-1046",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1046"
},
{
"name" : "DSA-1051",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1051"
},
{
"name" : "FEDORA-2006-410",
"refsource" : "FEDORA",
"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html"
},
{
"name" : "FEDORA-2006-411",
"refsource" : "FEDORA",
"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html"
},
{
"name" : "FLSA:189137-1",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/436296/100/0/threaded"
},
{
"name" : "FLSA:189137-2",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/436338/100/0/threaded"
},
{
"name" : "GLSA-200604-12",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml"
},
{
"name" : "GLSA-200604-18",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml"
},
{
"name" : "GLSA-200605-09",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml"
},
{
"name" : "HPSBTU02118",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/434524/100/0/threaded"
},
{
"name" : "SSRT061145",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/434524/100/0/threaded"
},
{
"name" : "HPSBUX02122",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/438730/100/0/threaded"
},
{
"name" : "SSRT061158",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/438730/100/0/threaded"
},
{
"name" : "MDKSA-2006:075",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:075"
},
{
"name" : "MDKSA-2006:076",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:076"
},
{
"name" : "MDKSA-2006:078",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078"
},
{
"name" : "RHSA-2006:0328",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0328.html"
},
{
"name" : "RHSA-2006:0329",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0329.html"
},
{
"name" : "RHSA-2006:0330",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0330.html"
},
{
"name" : "SCOSA-2006.26",
"refsource" : "SCO",
"url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt"
},
{
"name" : "20060404-01-U",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc"
},
{
"name" : "102550",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1"
},
{
"name" : "228526",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1"
},
{
"name" : "SUSE-SA:2006:022",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_04_25.html"
},
{
"name" : "SUSE-SA:2006:021",
"refsource" : "SUSE",
"url" : "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html"
},
{
"name" : "USN-275-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/275-1/"
},
{
"name" : "USN-276-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/276-1/"
},
{
"name" : "USN-271-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/271-1/"
},
{
"name" : "TA06-107A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-107A.html"
},
{
"name" : "VU#935556",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/935556"
},
{
"name" : "17516",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17516"
},
{
"name" : "oval:org.mitre.oval:def:9817",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9817"
},
{
"name" : "ADV-2006-1356",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1356"
},
{
"name" : "oval:org.mitre.oval:def:1667",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1667"
},
{
"name" : "19631",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19631"
},
{
"name" : "19759",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19759"
},
{
"name" : "19794",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19794"
},
{
"name" : "19821",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19821"
},
{
"name" : "19811",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19811"
},
{
"name" : "19823",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19823"
},
{
"name" : "19852",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19852"
},
{
"name" : "19862",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19862"
},
{
"name" : "19863",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19863"
},
{
"name" : "19902",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19902"
},
{
"name" : "19950",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19950"
},
{
"name" : "19941",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19941"
},
{
"name" : "19714",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19714"
},
{
"name" : "19721",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19721"
},
{
"name" : "19746",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19746"
},
{
"name" : "21033",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21033"
},
{
"name" : "21622",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21622"
},
{
"name" : "19696",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19696"
},
{
"name" : "19729",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19729"
},
{
"name" : "19780",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19780"
},
{
"name" : "20051",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20051"
},
{
"name" : "mozilla-css-memory-corruption(25810)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25810"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain Cascading Style Sheets (CSS) that causes an out-of-bounds array write and buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#935556",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/935556"
},
{
"name": "USN-275-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/275-1/"
},
{
"name": "RHSA-2006:0330",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0330.html"
},
{
"name": "SSRT061145",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/434524/100/0/threaded"
},
{
"name": "19902",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19902"
},
{
"name": "20060404-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc"
},
{
"name": "USN-276-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/276-1/"
},
{
"name": "HPSBUX02122",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded"
},
{
"name": "19941",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19941"
},
{
"name": "19780",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19780"
},
{
"name": "RHSA-2006:0328",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0328.html"
},
{
"name": "19821",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19821"
},
{
"name": "GLSA-200604-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml"
},
{
"name": "21622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21622"
},
{
"name": "19862",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19862"
},
{
"name": "MDKSA-2006:075",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:075"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm"
},
{
"name": "19823",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19823"
},
{
"name": "DSA-1051",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1051"
},
{
"name": "FEDORA-2006-410",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html"
},
{
"name": "USN-271-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/271-1/"
},
{
"name": "19714",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19714"
},
{
"name": "RHSA-2006:0329",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0329.html"
},
{
"name": "http://www.mozilla.org/security/announce/2006/mfsa2006-11.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-11.html"
},
{
"name": "GLSA-200604-18",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml"
},
{
"name": "19811",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19811"
},
{
"name": "HPSBTU02118",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/434524/100/0/threaded"
},
{
"name": "19794",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19794"
},
{
"name": "19746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19746"
},
{
"name": "21033",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21033"
},
{
"name": "102550",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1"
},
{
"name": "19696",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19696"
},
{
"name": "19759",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19759"
},
{
"name": "SUSE-SA:2006:021",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html"
},
{
"name": "FLSA:189137-2",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/436338/100/0/threaded"
},
{
"name": "ADV-2006-1356",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1356"
},
{
"name": "SSRT061158",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/438730/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:1667",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1667"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=265736",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=265736"
},
{
"name": "MDKSA-2006:078",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:078"
},
{
"name": "19729",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19729"
},
{
"name": "20051",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20051"
},
{
"name": "19863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19863"
},
{
"name": "oval:org.mitre.oval:def:9817",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9817"
},
{
"name": "SCOSA-2006.26",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt"
},
{
"name": "TA06-107A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-107A.html"
},
{
"name": "FLSA:189137-1",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/436296/100/0/threaded"
},
{
"name": "17516",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17516"
},
{
"name": "228526",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1"
},
{
"name": "FEDORA-2006-411",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html"
},
{
"name": "19852",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19852"
},
{
"name": "19721",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19721"
},
{
"name": "SUSE-SA:2006:022",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_04_25.html"
},
{
"name": "GLSA-200605-09",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml"
},
{
"name": "mozilla-css-memory-corruption(25810)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25810"
},
{
"name": "19631",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19631"
},
{
"name": "19950",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19950"
},
{
"name": "MDKSA-2006:076",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:076"
},
{
"name": "DSA-1046",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1046"
},
{
"name": "DSA-1044",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1044"
}
]
}
}

170
2006/1xxx/CVE-2006-1848.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1848",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in stats_view.php in LinPHA 1.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, and (3) date parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060417 Linpha 1.1.0 - XSS Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/431242/100/0/threaded"
},
{
"name" : "http://d4igoro.blogspot.com/2006/04/linpha-xss-vulnerabilities.html",
"refsource" : "MISC",
"url" : "http://d4igoro.blogspot.com/2006/04/linpha-xss-vulnerabilities.html"
},
{
"name" : "17581",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17581"
},
{
"name" : "ADV-2006-1396",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1396"
},
{
"name" : "19679",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19679"
},
{
"name" : "linpha-statsview-xss(25916)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25916"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in stats_view.php in LinPHA 1.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, and (3) date parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://d4igoro.blogspot.com/2006/04/linpha-xss-vulnerabilities.html",
"refsource": "MISC",
"url": "http://d4igoro.blogspot.com/2006/04/linpha-xss-vulnerabilities.html"
},
{
"name": "linpha-statsview-xss(25916)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25916"
},
{
"name": "ADV-2006-1396",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1396"
},
{
"name": "20060417 Linpha 1.1.0 - XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431242/100/0/threaded"
},
{
"name": "19679",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19679"
},
{
"name": "17581",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17581"
}
]
}
}

140
2006/4xxx/CVE-2006-4063.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4063",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Csaba Godor SAPID Blog Beta 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter to (a) usr/extensions/get_blog_infochannel.inc.php, (b) usr/extensions/get_blog_meta_info.inc.php, or (c) usr/extensions/get_infochannel.inc.php; or the (2) GLOBALS[root_path] parameter to (d) usr/extensions/get_tree.inc.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2129",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2129"
},
{
"name" : "ADV-2006-3196",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3196"
},
{
"name" : "sapidblog-multiple-scripts-file-include(28251)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28251"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Csaba Godor SAPID Blog Beta 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter to (a) usr/extensions/get_blog_infochannel.inc.php, (b) usr/extensions/get_blog_meta_info.inc.php, or (c) usr/extensions/get_infochannel.inc.php; or the (2) GLOBALS[root_path] parameter to (d) usr/extensions/get_tree.inc.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sapidblog-multiple-scripts-file-include(28251)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28251"
},
{
"name": "2129",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2129"
},
{
"name": "ADV-2006-3196",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3196"
}
]
}
}

150
2006/4xxx/CVE-2006-4205.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4205",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in WebDynamite ProjectButler 0.8.4 allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to /classes/ scripts including (1) Cache.class.php, (2) Customer.class.php, (3) Performance.class.php, (4) Project.class.php, (5) Representative.class.php, (6) User.class.php, or (7) common.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2183",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2183"
},
{
"name" : "19503",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19503"
},
{
"name" : "ADV-2006-3294",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3294"
},
{
"name" : "projectbutler-rootdir-file-include(28362)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28362"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in WebDynamite ProjectButler 0.8.4 allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to /classes/ scripts including (1) Cache.class.php, (2) Customer.class.php, (3) Performance.class.php, (4) Project.class.php, (5) Representative.class.php, (6) User.class.php, or (7) common.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "projectbutler-rootdir-file-include(28362)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28362"
},
{
"name": "19503",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19503"
},
{
"name": "2183",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2183"
},
{
"name": "ADV-2006-3294",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3294"
}
]
}
}

160
2006/4xxx/CVE-2006-4762.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4762",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Ykoon RssReader allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cgisecurity.com/papers/RSS-Security.ppt",
"refsource" : "MISC",
"url" : "http://www.cgisecurity.com/papers/RSS-Security.ppt"
},
{
"name" : "20129",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20129"
},
{
"name" : "ADV-2006-3711",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3711"
},
{
"name" : "21994",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21994"
},
{
"name" : "rssreader-rssatom-feed-xss(29071)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29071"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Ykoon RssReader allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21994",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21994"
},
{
"name": "http://www.cgisecurity.com/papers/RSS-Security.ppt",
"refsource": "MISC",
"url": "http://www.cgisecurity.com/papers/RSS-Security.ppt"
},
{
"name": "rssreader-rssatom-feed-xss(29071)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29071"
},
{
"name": "20129",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20129"
},
{
"name": "ADV-2006-3711",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3711"
}
]
}
}

34
2006/4xxx/CVE-2006-4933.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-4933",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4933",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2006/5xxx/CVE-2006-5514.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5514",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in quiz.php in Web Group Communication Center (WGCC) 0.5.6b and earlier allows remote attackers to execute arbitrary SQL commands via the qzid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5514",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "2604",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/2604"
},
{
"name" : "20653",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20653"
},
{
"name" : "wgcc-quiz-sql-injection(29712)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29712"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in quiz.php in Web Group Communication Center (WGCC) 0.5.6b and earlier allows remote attackers to execute arbitrary SQL commands via the qzid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20653",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20653"
},
{
"name": "wgcc-quiz-sql-injection(29712)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29712"
},
{
"name": "2604",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2604"
}
]
}
}

200
2006/5xxx/CVE-2006-5718.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5718",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061102 Advisory 12/2006: phpMyAdmin - error.php XSS Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/450397/100/0/threaded"
},
{
"name" : "http://www.hardened-php.net/advisory_122006.137.html",
"refsource" : "MISC",
"url" : "http://www.hardened-php.net/advisory_122006.137.html"
},
{
"name" : "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-6",
"refsource" : "CONFIRM",
"url" : "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-6"
},
{
"name" : "SUSE-SA:2006:071",
"refsource" : "SUSE",
"url" : "http://lists.suse.com/archive/suse-security-announce/2006-Nov/0010.html"
},
{
"name" : "20856",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20856"
},
{
"name" : "ADV-2006-4298",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4298"
},
{
"name" : "22599",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22599"
},
{
"name" : "23086",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23086"
},
{
"name" : "phpmyadmin-utf7-xss(29957)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29957"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20856",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20856"
},
{
"name": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-6",
"refsource": "CONFIRM",
"url": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-6"
},
{
"name": "ADV-2006-4298",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4298"
},
{
"name": "phpmyadmin-utf7-xss(29957)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29957"
},
{
"name": "20061102 Advisory 12/2006: phpMyAdmin - error.php XSS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450397/100/0/threaded"
},
{
"name": "22599",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22599"
},
{
"name": "23086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23086"
},
{
"name": "SUSE-SA:2006:071",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Nov/0010.html"
},
{
"name": "http://www.hardened-php.net/advisory_122006.137.html",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory_122006.137.html"
}
]
}
}

34
2010/0xxx/CVE-2010-0748.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0748",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0748",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

260
2010/2xxx/CVE-2010-2231.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2231",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100621 Re: CVE request: moodle 1.9.9/1.8.13 multiple vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/06/21/2"
},
{
"name" : "http://cvs.moodle.org/moodle/mod/quiz/report/overview/report.php?r1=1.98.2.50&r2=1.98.2.51",
"refsource" : "CONFIRM",
"url" : "http://cvs.moodle.org/moodle/mod/quiz/report/overview/report.php?r1=1.98.2.50&r2=1.98.2.51"
},
{
"name" : "http://docs.moodle.org/en/Moodle_1.8.13_release_notes",
"refsource" : "CONFIRM",
"url" : "http://docs.moodle.org/en/Moodle_1.8.13_release_notes"
},
{
"name" : "http://docs.moodle.org/en/Moodle_1.9.9_release_notes",
"refsource" : "CONFIRM",
"url" : "http://docs.moodle.org/en/Moodle_1.9.9_release_notes"
},
{
"name" : "http://moodle.org/mod/forum/discuss.php?d=152369",
"refsource" : "CONFIRM",
"url" : "http://moodle.org/mod/forum/discuss.php?d=152369"
},
{
"name" : "http://tracker.moodle.org/browse/MDL-21688",
"refsource" : "CONFIRM",
"url" : "http://tracker.moodle.org/browse/MDL-21688"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=605809",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=605809"
},
{
"name" : "FEDORA-2010-10286",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043285.html"
},
{
"name" : "FEDORA-2010-10291",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043291.html"
},
{
"name" : "FEDORA-2010-10321",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043340.html"
},
{
"name" : "SUSE-SR:2010:014",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name" : "40248",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40248"
},
{
"name" : "40352",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40352"
},
{
"name" : "ADV-2010-1530",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1530"
},
{
"name" : "ADV-2010-1571",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1571"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://docs.moodle.org/en/Moodle_1.8.13_release_notes",
"refsource": "CONFIRM",
"url": "http://docs.moodle.org/en/Moodle_1.8.13_release_notes"
},
{
"name": "FEDORA-2010-10286",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043285.html"
},
{
"name": "ADV-2010-1571",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1571"
},
{
"name": "[oss-security] 20100621 Re: CVE request: moodle 1.9.9/1.8.13 multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/06/21/2"
},
{
"name": "40352",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40352"
},
{
"name": "ADV-2010-1530",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1530"
},
{
"name": "FEDORA-2010-10321",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043340.html"
},
{
"name": "http://moodle.org/mod/forum/discuss.php?d=152369",
"refsource": "CONFIRM",
"url": "http://moodle.org/mod/forum/discuss.php?d=152369"
},
{
"name": "http://docs.moodle.org/en/Moodle_1.9.9_release_notes",
"refsource": "CONFIRM",
"url": "http://docs.moodle.org/en/Moodle_1.9.9_release_notes"
},
{
"name": "40248",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40248"
},
{
"name": "FEDORA-2010-10291",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043291.html"
},
{
"name": "http://tracker.moodle.org/browse/MDL-21688",
"refsource": "CONFIRM",
"url": "http://tracker.moodle.org/browse/MDL-21688"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "http://cvs.moodle.org/moodle/mod/quiz/report/overview/report.php?r1=1.98.2.50&r2=1.98.2.51",
"refsource": "CONFIRM",
"url": "http://cvs.moodle.org/moodle/mod/quiz/report/overview/report.php?r1=1.98.2.50&r2=1.98.2.51"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=605809",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=605809"
}
]
}
}

200
2010/2xxx/CVE-2010-2233.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2233",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to \"downsampled OJPEG input.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-2233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100623 CVE requests: LibTIFF",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127731610612908&w=2"
},
{
"name" : "http://www.remotesensing.org/libtiff/v3.9.4.html",
"refsource" : "MISC",
"url" : "http://www.remotesensing.org/libtiff/v3.9.4.html"
},
{
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2207",
"refsource" : "CONFIRM",
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2207"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=583081",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=583081"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=607198",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=607198"
},
{
"name" : "GLSA-201209-02",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201209-02.xml"
},
{
"name" : "1024150",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1024150"
},
{
"name" : "40422",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40422"
},
{
"name" : "50726",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50726"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to \"downsampled OJPEG input.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20100623 CVE requests: LibTIFF",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127731610612908&w=2"
},
{
"name": "1024150",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024150"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=607198",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=607198"
},
{
"name": "GLSA-201209-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-02.xml"
},
{
"name": "40422",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40422"
},
{
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2207",
"refsource": "CONFIRM",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2207"
},
{
"name": "http://www.remotesensing.org/libtiff/v3.9.4.html",
"refsource": "MISC",
"url": "http://www.remotesensing.org/libtiff/v3.9.4.html"
},
{
"name": "50726",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50726"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=583081",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=583081"
}
]
}
}

150
2010/2xxx/CVE-2010-2639.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-2639",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote attackers to read messages intended for other recipients via vectors involving access by the outbound messaging system to the RunTimeProfileCacheCmdImpl class, related to the caching of mutable objects and \"concurrency issues.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2639",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg24028397",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg24028397"
},
{
"name" : "JR38114",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1JR38114"
},
{
"name" : "1024845",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024845"
},
{
"name" : "wcs-outboundmessage-info-disc(63406)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63406"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote attackers to read messages intended for other recipients via vectors involving access by the outbound messaging system to the RunTimeProfileCacheCmdImpl class, related to the caching of mutable objects and \"concurrency issues.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024845",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024845"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg24028397",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24028397"
},
{
"name": "JR38114",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1JR38114"
},
{
"name": "wcs-outboundmessage-info-disc(63406)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63406"
}
]
}
}

240
2010/3xxx/CVE-2010-3073.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3073",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100826 Multiple Vulnerabilities in EncFS",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0316.html"
},
{
"name" : "[oss-security] 20100905 CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/09/05/3"
},
{
"name" : "[oss-security] 20100905 Re: CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/09/06/1"
},
{
"name" : "[oss-security] 20100907 Re: CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/09/07/8"
},
{
"name" : "http://code.google.com/p/encfs/source/detail?r=59",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/encfs/source/detail?r=59"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=630460",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=630460"
},
{
"name" : "FEDORA-2010-14200",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047825.html"
},
{
"name" : "FEDORA-2010-14254",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047798.html"
},
{
"name" : "FEDORA-2010-14268",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047794.html"
},
{
"name" : "SUSE-SR:2010:023",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
},
{
"name" : "41158",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41158"
},
{
"name" : "41478",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41478"
},
{
"name" : "ADV-2010-2414",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2414"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41158",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41158"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=630460",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=630460"
},
{
"name": "41478",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41478"
},
{
"name": "http://code.google.com/p/encfs/source/detail?r=59",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/encfs/source/detail?r=59"
},
{
"name": "FEDORA-2010-14268",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047794.html"
},
{
"name": "FEDORA-2010-14200",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047825.html"
},
{
"name": "SUSE-SR:2010:023",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
},
{
"name": "20100826 Multiple Vulnerabilities in EncFS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0316.html"
},
{
"name": "[oss-security] 20100905 CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/05/3"
},
{
"name": "[oss-security] 20100907 Re: CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/07/8"
},
{
"name": "[oss-security] 20100905 Re: CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/06/1"
},
{
"name": "ADV-2010-2414",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2414"
},
{
"name": "FEDORA-2010-14254",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047798.html"
}
]
}
}

270
2010/3xxx/CVE-2010-3430.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3430",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100921 Re: Minor security flaw with pam_xauth",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/09/21/3"
},
{
"name" : "[oss-security] 20100921 Re: Minor security flaw with pam_xauth",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/09/21/11"
},
{
"name" : "[oss-security] 20100921 Re: Minor security flaw with pam_xauth",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/09/21/8"
},
{
"name" : "[oss-security] 20100921 Re: Minor security flaw with pam_xauth",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/09/21/9"
},
{
"name" : "[oss-security] 20100921 Re: Minor security flaw with pam_xauth",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/09/21/10"
},
{
"name" : "[oss-security] 20100924 Re: Minor security flaw with pam_xauth",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/09/24/2"
},
{
"name" : "[oss-security] 20100927 Re: Minor security flaw with pam_xauth",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/09/27/4"
},
{
"name" : "[oss-security] 20100927 Re: Minor security flaw with pam_xauth",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/09/27/5"
},
{
"name" : "[oss-security] 20100928 Re: Minor security flaw with pam_xauth",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/09/27/7"
},
{
"name" : "[oss-security] 20100928 Re: Minor security flaw with pam_xauth",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/09/27/10"
},
{
"name" : "[oss-security] 20101004 Re: Minor security flaw with pam_xauth",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/10/03/1"
},
{
"name" : "[oss-security] 20101025 Re: Minor security flaw with pam_xauth",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/10/25/2"
},
{
"name" : "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=843807a3a90f52e7538be756616510730a24739a",
"refsource" : "CONFIRM",
"url" : "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=843807a3a90f52e7538be756616510730a24739a"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=641361",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=641361"
},
{
"name" : "GLSA-201206-31",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"name" : "49711",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49711"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20100927 Re: Minor security flaw with pam_xauth",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/09/27/5"
},
{
"name": "[oss-security] 20100921 Re: Minor security flaw with pam_xauth",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/09/21/3"
},
{
"name": "GLSA-201206-31",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201206-31.xml"
},
{
"name": "[oss-security] 20101004 Re: Minor security flaw with pam_xauth",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/10/03/1"
},
{
"name": "[oss-security] 20100924 Re: Minor security flaw with pam_xauth",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/24/2"
},
{
"name": "[oss-security] 20100921 Re: Minor security flaw with pam_xauth",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/09/21/9"
},
{
"name": "[oss-security] 20100921 Re: Minor security flaw with pam_xauth",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/09/21/8"
},
{
"name": "[oss-security] 20100928 Re: Minor security flaw with pam_xauth",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/09/27/10"
},
{
"name": "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=843807a3a90f52e7538be756616510730a24739a",
"refsource": "CONFIRM",
"url": "http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=843807a3a90f52e7538be756616510730a24739a"
},
{
"name": "[oss-security] 20100927 Re: Minor security flaw with pam_xauth",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/09/27/4"
},
{
"name": "[oss-security] 20100921 Re: Minor security flaw with pam_xauth",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/09/21/10"
},
{
"name": "49711",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49711"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=641361",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=641361"
},
{
"name": "[oss-security] 20100928 Re: Minor security flaw with pam_xauth",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/09/27/7"
},
{
"name": "[oss-security] 20101025 Re: Minor security flaw with pam_xauth",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/10/25/2"
},
{
"name": "[oss-security] 20100921 Re: Minor security flaw with pam_xauth",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/21/11"
}
]
}
}

160
2010/3xxx/CVE-2010-3791.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3791",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-3791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4435",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4435"
},
{
"name" : "http://support.apple.com/kb/HT4447",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4447"
},
{
"name" : "APPLE-SA-2010-11-10-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name" : "APPLE-SA-2010-12-07-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html"
},
{
"name" : "1024729",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024729"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT4435",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "1024729",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024729"
},
{
"name": "APPLE-SA-2010-12-07-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html"
},
{
"name": "APPLE-SA-2010-11-10-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT4447",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4447"
}
]
}
}

310
2010/3xxx/CVE-2010-3879.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-3879",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3879",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101102 fusermount: Unmount any filesystem",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2010-November/077247.html"
},
{
"name" : "[oss-security] 20101104 CVE request: fuse",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/11/04/8"
},
{
"name" : "[oss-security] 20101105 Re: CVE request: fuse",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2010/11/05/2"
},
{
"name" : "http://www.halfdog.net/Security/FuseTimerace/",
"refsource" : "MISC",
"url" : "http://www.halfdog.net/Security/FuseTimerace/"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602333",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602333"
},
{
"name" : "https://bugs.launchpad.net/bugs/670622",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/bugs/670622"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=651598",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=651598"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=651183",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=651183"
},
{
"name" : "FEDORA-2011-0854",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053792.html"
},
{
"name" : "MDVSA-2013:155",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:155"
},
{
"name" : "SUSE-SR:2011:005",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name" : "USN-1045-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1045-1"
},
{
"name" : "USN-1045-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1045-2"
},
{
"name" : "44623",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/44623"
},
{
"name" : "70520",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70520"
},
{
"name" : "42965",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42965"
},
{
"name" : "42961",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42961"
},
{
"name" : "ADV-2011-0181",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0181"
},
{
"name" : "ADV-2011-0302",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0302"
},
{
"name" : "fuse-fusermount-tool-dos(62986)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/62986"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.halfdog.net/Security/FuseTimerace/",
"refsource": "MISC",
"url": "http://www.halfdog.net/Security/FuseTimerace/"
},
{
"name": "USN-1045-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1045-1"
},
{
"name": "42965",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42965"
},
{
"name": "fuse-fusermount-tool-dos(62986)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62986"
},
{
"name": "20101102 fusermount: Unmount any filesystem",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2010-November/077247.html"
},
{
"name": "[oss-security] 20101104 CVE request: fuse",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/11/04/8"
},
{
"name": "ADV-2011-0302",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0302"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=651598",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=651598"
},
{
"name": "ADV-2011-0181",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0181"
},
{
"name": "SUSE-SR:2011:005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=651183",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=651183"
},
{
"name": "42961",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42961"
},
{
"name": "https://bugs.launchpad.net/bugs/670622",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/bugs/670622"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602333",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602333"
},
{
"name": "44623",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44623"
},
{
"name": "[oss-security] 20101105 Re: CVE request: fuse",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/11/05/2"
},
{
"name": "USN-1045-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1045-2"
},
{
"name": "FEDORA-2011-0854",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053792.html"
},
{
"name": "70520",
"refsource": "OSVDB",
"url": "http://osvdb.org/70520"
},
{
"name": "MDVSA-2013:155",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:155"
}
]
}
}

120
2010/4xxx/CVE-2010-4000.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4000",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4000",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=644561",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=644561"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=644561",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=644561"
}
]
}
}

140
2010/4xxx/CVE-2010-4408.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4408",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20101129 [CVE-2010-3449] Apache Archiva CSRF Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/514937/100/0/threaded"
},
{
"name" : "[archiva-users] 20101129 Apache Archiva CSRF Vulnerability",
"refsource" : "MLIST",
"url" : "http://mail-archives.apache.org/mod_mbox/archiva-users/201011.mbox/ajax/%3CAANLkTimXejHAuXdoUKLN=GkNty1_XnRCbv0YA0T2cS_2@mail.gmail.com%3E"
},
{
"name" : "http://archiva.apache.org/security.html",
"refsource" : "CONFIRM",
"url" : "http://archiva.apache.org/security.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://archiva.apache.org/security.html",
"refsource": "CONFIRM",
"url": "http://archiva.apache.org/security.html"
},
{
"name": "[archiva-users] 20101129 Apache Archiva CSRF Vulnerability",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/archiva-users/201011.mbox/ajax/%3CAANLkTimXejHAuXdoUKLN=GkNty1_XnRCbv0YA0T2cS_2@mail.gmail.com%3E"
},
{
"name": "20101129 [CVE-2010-3449] Apache Archiva CSRF Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514937/100/0/threaded"
}
]
}
}

34
2010/4xxx/CVE-2010-4654.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4654",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4654",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2010/4xxx/CVE-2010-4745.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4745",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in nav.html in PHPXref before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the query string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4745",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://websecurity.com.ua/4795/",
"refsource" : "MISC",
"url" : "http://websecurity.com.ua/4795/"
},
{
"name" : "http://phpxref.sourceforge.net/Changelog",
"refsource" : "CONFIRM",
"url" : "http://phpxref.sourceforge.net/Changelog"
},
{
"name" : "46302",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/46302"
},
{
"name" : "70855",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70855"
},
{
"name" : "42069",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42069"
},
{
"name" : "phpxref-nav-xss(65434)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65434"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in nav.html in PHPXref before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the query string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://phpxref.sourceforge.net/Changelog",
"refsource": "CONFIRM",
"url": "http://phpxref.sourceforge.net/Changelog"
},
{
"name": "http://websecurity.com.ua/4795/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/4795/"
},
{
"name": "70855",
"refsource": "OSVDB",
"url": "http://osvdb.org/70855"
},
{
"name": "46302",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46302"
},
{
"name": "phpxref-nav-xss(65434)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65434"
},
{
"name": "42069",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42069"
}
]
}
}

200
2010/4xxx/CVE-2010-4894.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4894",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in core/showsite.php in chillyCMS 1.1.3 allows remote attackers to execute arbitrary SQL commands via the name parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14897",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14897"
},
{
"name" : "http://packetstormsecurity.org/1009-exploits/chillycms-sqlxss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/1009-exploits/chillycms-sqlxss.txt"
},
{
"name" : "http://www.bugreport.ir/index_73.htm",
"refsource" : "MISC",
"url" : "http://www.bugreport.ir/index_73.htm"
},
{
"name" : "42991",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/42991"
},
{
"name" : "67836",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/67836"
},
{
"name" : "41313",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41313"
},
{
"name" : "8437",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8437"
},
{
"name" : "ADV-2010-2298",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2298"
},
{
"name" : "chillycms-show-sql-injection(61606)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61606"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in core/showsite.php in chillyCMS 1.1.3 allows remote attackers to execute arbitrary SQL commands via the name parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.bugreport.ir/index_73.htm",
"refsource": "MISC",
"url": "http://www.bugreport.ir/index_73.htm"
},
{
"name": "67836",
"refsource": "OSVDB",
"url": "http://osvdb.org/67836"
},
{
"name": "14897",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14897"
},
{
"name": "chillycms-show-sql-injection(61606)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61606"
},
{
"name": "8437",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8437"
},
{
"name": "http://packetstormsecurity.org/1009-exploits/chillycms-sqlxss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1009-exploits/chillycms-sqlxss.txt"
},
{
"name": "ADV-2010-2298",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2298"
},
{
"name": "42991",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42991"
},
{
"name": "41313",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41313"
}
]
}
}

300
2011/1xxx/CVE-2011-1425.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-1425",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[xmlsec] 20110331 New xmlsec 1.2.17 release",
"refsource" : "MLIST",
"url" : "http://www.aleksey.com/pipermail/xmlsec/2011/009120.html"
},
{
"name" : "http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780",
"refsource" : "CONFIRM",
"url" : "http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780"
},
{
"name" : "http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa",
"refsource" : "CONFIRM",
"url" : "http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa"
},
{
"name" : "http://trac.webkit.org/changeset/79159",
"refsource" : "CONFIRM",
"url" : "http://trac.webkit.org/changeset/79159"
},
{
"name" : "https://bugs.webkit.org/show_bug.cgi?id=52688",
"refsource" : "CONFIRM",
"url" : "https://bugs.webkit.org/show_bug.cgi?id=52688"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=692133",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=692133"
},
{
"name" : "DSA-2219",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2219"
},
{
"name" : "MDVSA-2011:063",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:063"
},
{
"name" : "RHSA-2011:0486",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0486.html"
},
{
"name" : "47135",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/47135"
},
{
"name" : "1025284",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025284"
},
{
"name" : "43920",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43920"
},
{
"name" : "44167",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44167"
},
{
"name" : "44423",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/44423"
},
{
"name" : "ADV-2011-1010",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/1010"
},
{
"name" : "ADV-2011-1172",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/1172"
},
{
"name" : "ADV-2011-0855",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0855"
},
{
"name" : "ADV-2011-0858",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0858"
},
{
"name" : "xmlsecurity-xmlfiles-sec-bypass(66506)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66506"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=692133",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=692133"
},
{
"name": "ADV-2011-0855",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0855"
},
{
"name": "1025284",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025284"
},
{
"name": "DSA-2219",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2219"
},
{
"name": "MDVSA-2011:063",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:063"
},
{
"name": "47135",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47135"
},
{
"name": "http://trac.webkit.org/changeset/79159",
"refsource": "CONFIRM",
"url": "http://trac.webkit.org/changeset/79159"
},
{
"name": "ADV-2011-1010",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1010"
},
{
"name": "[xmlsec] 20110331 New xmlsec 1.2.17 release",
"refsource": "MLIST",
"url": "http://www.aleksey.com/pipermail/xmlsec/2011/009120.html"
},
{
"name": "44423",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44423"
},
{
"name": "http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780"
},
{
"name": "RHSA-2011:0486",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0486.html"
},
{
"name": "http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa"
},
{
"name": "ADV-2011-1172",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1172"
},
{
"name": "44167",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44167"
},
{
"name": "43920",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43920"
},
{
"name": "https://bugs.webkit.org/show_bug.cgi?id=52688",
"refsource": "CONFIRM",
"url": "https://bugs.webkit.org/show_bug.cgi?id=52688"
},
{
"name": "ADV-2011-0858",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0858"
},
{
"name": "xmlsecurity-xmlfiles-sec-bypass(66506)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66506"
}
]
}
}

120
2011/5xxx/CVE-2011-5299.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-5299",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in poMMo Aardvark PR16.1 allow remote attackers to inject arbitrary web script or HTML via (1) the referer parameter to index.php, (2) the site_name parameter to admin/setup/config/general.php, (3) the group_name parameter to admin/subscribers/subscribers_groups.php, or (4) the field_name parameter to admin/setup/setup_fields.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.htbridge.com/advisory/HTB22976",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB22976"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in poMMo Aardvark PR16.1 allow remote attackers to inject arbitrary web script or HTML via (1) the referer parameter to index.php, (2) the site_name parameter to admin/setup/config/general.php, (3) the group_name parameter to admin/subscribers/subscribers_groups.php, or (4) the field_name parameter to admin/setup/setup_fields.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.com/advisory/HTB22976",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB22976"
}
]
}
}

122
2014/10xxx/CVE-2014-10064.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2014-10064",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "qs node module",
"version" : {
"version_data" : [
{
"version_value" : "<1.0.0"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example, in a web application, other requests would not be processed while this blocking is occurring."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service (CWE-400)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2014-10064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "qs node module",
"version": {
"version_data": [
{
"version_value": "<1.0.0"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/28",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/28"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example, in a web application, other requests would not be processed while this blocking is occurring."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (CWE-400)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/28",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/28"
}
]
}
}

160
2014/3xxx/CVE-2014-3132.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3132",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SAP Background Processing does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140428 [Onapsis Security Advisory 2014-006] Missing authorization check in SAP Background Processing RFC",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Apr/299"
},
{
"name" : "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-006",
"refsource" : "MISC",
"url" : "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-006"
},
{
"name" : "http://scn.sap.com/docs/DOC-8218",
"refsource" : "CONFIRM",
"url" : "http://scn.sap.com/docs/DOC-8218"
},
{
"name" : "https://service.sap.com/sap/support/notes/1918333",
"refsource" : "CONFIRM",
"url" : "https://service.sap.com/sap/support/notes/1918333"
},
{
"name" : "67107",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67107"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Background Processing does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140428 [Onapsis Security Advisory 2014-006] Missing authorization check in SAP Background Processing RFC",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Apr/299"
},
{
"name": "67107",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67107"
},
{
"name": "https://service.sap.com/sap/support/notes/1918333",
"refsource": "CONFIRM",
"url": "https://service.sap.com/sap/support/notes/1918333"
},
{
"name": "http://scn.sap.com/docs/DOC-8218",
"refsource": "CONFIRM",
"url": "http://scn.sap.com/docs/DOC-8218"
},
{
"name": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-006",
"refsource": "MISC",
"url": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-006"
}
]
}
}

230
2014/3xxx/CVE-2014-3171.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3171",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the V8 bindings in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper use of HashMap add operations instead of HashMap set operations, related to bindings/core/v8/DOMWrapperMap.h and bindings/core/v8/SerializedScriptValue.cpp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-3171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html"
},
{
"name" : "https://crbug.com/390928",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/390928"
},
{
"name" : "https://src.chromium.org/viewvc/blink?revision=178823&view=revision",
"refsource" : "CONFIRM",
"url" : "https://src.chromium.org/viewvc/blink?revision=178823&view=revision"
},
{
"name" : "DSA-3039",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3039"
},
{
"name" : "GLSA-201408-16",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201408-16.xml"
},
{
"name" : "openSUSE-SU-2014:1151",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html"
},
{
"name" : "69406",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69406"
},
{
"name" : "1030767",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030767"
},
{
"name" : "60424",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60424"
},
{
"name" : "61482",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61482"
},
{
"name" : "60268",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60268"
},
{
"name" : "google-chrome-cve20143171-code-exec(95471)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95471"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the V8 bindings in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper use of HashMap add operations instead of HashMap set operations, related to bindings/core/v8/DOMWrapperMap.h and bindings/core/v8/SerializedScriptValue.cpp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "google-chrome-cve20143171-code-exec(95471)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95471"
},
{
"name": "http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html"
},
{
"name": "69406",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69406"
},
{
"name": "60424",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60424"
},
{
"name": "61482",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61482"
},
{
"name": "GLSA-201408-16",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201408-16.xml"
},
{
"name": "https://src.chromium.org/viewvc/blink?revision=178823&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/blink?revision=178823&view=revision"
},
{
"name": "openSUSE-SU-2014:1151",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html"
},
{
"name": "60268",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60268"
},
{
"name": "1030767",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030767"
},
{
"name": "https://crbug.com/390928",
"refsource": "CONFIRM",
"url": "https://crbug.com/390928"
},
{
"name": "DSA-3039",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3039"
}
]
}
}

34
2014/3xxx/CVE-2014-3226.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3226",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3226",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2014/3xxx/CVE-2014-3703.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3703",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenStack PackStack 2012.2.1, when the Open vSwitch (OVS) monolithic plug-in is not used, does not properly set the libvirt_vif_driver configuration option when generating the nova.conf configuration, which causes the firewall to be disabled and allows remote attackers to bypass intended access restrictions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "RHSA-2014:1691",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1691.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenStack PackStack 2012.2.1, when the Open vSwitch (OVS) monolithic plug-in is not used, does not properly set the libvirt_vif_driver configuration option when generating the nova.conf configuration, which causes the firewall to be disabled and allows remote attackers to bypass intended access restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:1691",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1691.html"
}
]
}
}

34
2014/3xxx/CVE-2014-3767.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3767",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3767",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/3xxx/CVE-2014-3880.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-3880",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 10.0 before p4 destroys the virtual memory address space and mappings for a process before all threads have terminated, which allows local users to cause a denial of service (triple-fault and system reboot) via a crafted system call, which triggers an invalid page table pointer dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3880",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.freebsd.org/security/advisories/FreeBSD-EN-14%3A06.exec.asc",
"refsource" : "CONFIRM",
"url" : "http://www.freebsd.org/security/advisories/FreeBSD-EN-14%3A06.exec.asc"
},
{
"name" : "DSA-2952",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2952"
},
{
"name" : "59034",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59034"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 10.0 before p4 destroys the virtual memory address space and mappings for a process before all threads have terminated, which allows local users to cause a denial of service (triple-fault and system reboot) via a crafted system call, which triggers an invalid page table pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2952",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2952"
},
{
"name": "59034",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59034"
},
{
"name": "http://www.freebsd.org/security/advisories/FreeBSD-EN-14%3A06.exec.asc",
"refsource": "CONFIRM",
"url": "http://www.freebsd.org/security/advisories/FreeBSD-EN-14%3A06.exec.asc"
}
]
}
}

140
2014/7xxx/CVE-2014-7376.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-7376",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Facebook Profits on Steroids (aka com.wFacebookProfitsonSteroids) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#383529",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/383529"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Facebook Profits on Steroids (aka com.wFacebookProfitsonSteroids) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#383529",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/383529"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

120
2014/8xxx/CVE-2014-8417.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8417",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://downloads.asterisk.org/pub/security/AST-2014-017.html",
"refsource" : "CONFIRM",
"url" : "http://downloads.asterisk.org/pub/security/AST-2014-017.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2014-017.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2014-017.html"
}
]
}
}

34
2014/8xxx/CVE-2014-8574.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8574",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-8574",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

34
2014/8xxx/CVE-2014-8931.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-8931",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-8931",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

34
2014/9xxx/CVE-2014-9404.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9404",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9404",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2014/9xxx/CVE-2014-9443.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9443",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9443",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://wordpress.org/plugins/relevanssi/changelog/",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/relevanssi/changelog/"
},
{
"name" : "61744",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61744"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/relevanssi/changelog/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/relevanssi/changelog/"
},
{
"name": "61744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61744"
}
]
}
}

34
2014/9xxx/CVE-2014-9919.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9919",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9919",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2014/9xxx/CVE-2014-9925.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2014-9925",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "All Qualcomm products",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In HDR in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Copy without Checking Size of Input Vulnerability in HDR"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2014-9925",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All Qualcomm products",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-05-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-05-01"
},
{
"name" : "98227",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98227"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In HDR in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Copy without Checking Size of Input Vulnerability in HDR"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98227"
},
{
"name": "https://source.android.com/security/bulletin/2017-05-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-05-01"
}
]
}
}

132
2014/9xxx/CVE-2014-9989.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00",
"ID" : "CVE-2014-9989",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
{
"version_value" : "MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 450"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, and SD 450, if an incorrect endpoint number or direction is passed, an out of bounds array access may occur in the USB management module."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds array access may occur in the USB management module"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-04-02T00:00:00",
"ID": "CVE-2014-9989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 450"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name" : "103671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103671"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, and SD 450, if an incorrect endpoint number or direction is passed, an out of bounds array access may occur in the USB management module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds array access may occur in the USB management module"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
}

34
2016/2xxx/CVE-2016-2259.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2259",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2259",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

140
2016/2xxx/CVE-2016-2398.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2398",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Comcast XFINITY Home Security System does not properly maintain base-station communication, which allows physically proximate attackers to defeat sensor functionality by interfering with ZigBee 2.4 GHz transmissions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.wired.com/2016/01/xfinitys-security-system-flaws-open-homes-to-thieves/",
"refsource" : "MISC",
"url" : "http://www.wired.com/2016/01/xfinitys-security-system-flaws-open-homes-to-thieves/"
},
{
"name" : "https://community.rapid7.com/community/infosec/blog/2016/01/05/r7-2015-23-comcast-xfinity-home-security-system-insecure-fail-open",
"refsource" : "MISC",
"url" : "https://community.rapid7.com/community/infosec/blog/2016/01/05/r7-2015-23-comcast-xfinity-home-security-system-insecure-fail-open"
},
{
"name" : "VU#418072",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/418072"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Comcast XFINITY Home Security System does not properly maintain base-station communication, which allows physically proximate attackers to defeat sensor functionality by interfering with ZigBee 2.4 GHz transmissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.wired.com/2016/01/xfinitys-security-system-flaws-open-homes-to-thieves/",
"refsource": "MISC",
"url": "http://www.wired.com/2016/01/xfinitys-security-system-flaws-open-homes-to-thieves/"
},
{
"name": "https://community.rapid7.com/community/infosec/blog/2016/01/05/r7-2015-23-comcast-xfinity-home-security-system-insecure-fail-open",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2016/01/05/r7-2015-23-comcast-xfinity-home-security-system-insecure-fail-open"
},
{
"name": "VU#418072",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/418072"
}
]
}
}

120
2016/2xxx/CVE-2016-2437.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2437",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27436822."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-2437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-05-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-05-01.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27436822."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-05-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-05-01.html"
}
]
}
}

34
2016/2xxx/CVE-2016-2617.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2617",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2617",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/2xxx/CVE-2016-2630.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-2630",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-2630",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

180
2016/6xxx/CVE-2016-6265.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6265",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160721 Re: mupdf library use after free",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/07/21/7"
},
{
"name" : "http://bugs.ghostscript.com/show_bug.cgi?id=696941",
"refsource" : "CONFIRM",
"url" : "http://bugs.ghostscript.com/show_bug.cgi?id=696941"
},
{
"name" : "http://git.ghostscript.com/?p=mupdf.git;h=fa1936405b6a84e5c9bb440912c23d532772f958",
"refsource" : "CONFIRM",
"url" : "http://git.ghostscript.com/?p=mupdf.git;h=fa1936405b6a84e5c9bb440912c23d532772f958"
},
{
"name" : "DSA-3655",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3655"
},
{
"name" : "GLSA-201702-12",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-12"
},
{
"name" : "openSUSE-SU-2016:1926",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00007.html"
},
{
"name" : "92071",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92071"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.ghostscript.com/?p=mupdf.git;h=fa1936405b6a84e5c9bb440912c23d532772f958",
"refsource": "CONFIRM",
"url": "http://git.ghostscript.com/?p=mupdf.git;h=fa1936405b6a84e5c9bb440912c23d532772f958"
},
{
"name": "DSA-3655",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3655"
},
{
"name": "92071",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92071"
},
{
"name": "openSUSE-SU-2016:1926",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00007.html"
},
{
"name": "http://bugs.ghostscript.com/show_bug.cgi?id=696941",
"refsource": "CONFIRM",
"url": "http://bugs.ghostscript.com/show_bug.cgi?id=696941"
},
{
"name": "GLSA-201702-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-12"
},
{
"name": "[oss-security] 20160721 Re: mupdf library use after free",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/21/7"
}
]
}
}

130
2016/6xxx/CVE-2016-6686.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6686",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30163101."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-6686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-10-01.html"
},
{
"name" : "93324",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93324"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30163101."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-10-01.html"
},
{
"name": "93324",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93324"
}
]
}
}

160
2016/6xxx/CVE-2016-6719.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2016-6719",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android-4.4.4"
},
{
"version_value" : "Android-5.0.2"
},
{
"version_value" : "Android-5.1.1"
},
{
"version_value" : "Android-6.0"
},
{
"version_value" : "Android-6.0.1"
},
{
"version_value" : "Android-7.0"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the Bluetooth component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to pair with any Bluetooth device without user consent. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-29043989."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-6719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-4.4.4"
},
{
"version_value": "Android-5.0.2"
},
{
"version_value": "Android-5.1.1"
},
{
"version_value": "Android-6.0"
},
{
"version_value": "Android-6.0.1"
},
{
"version_value": "Android-7.0"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name" : "94179",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94179"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the Bluetooth component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to pair with any Bluetooth device without user consent. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-29043989."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94179",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94179"
},
{
"name": "https://source.android.com/security/bulletin/2016-11-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2016-11-01.html"
}
]
}
}

150
2016/6xxx/CVE-2016-6949.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6949",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-6949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20161011 Adobe Reader FlatDecode Stream Processing UAF Vulnerability",
"refsource" : "IDEFENSE",
"url" : "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1230"
},
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
},
{
"name" : "93491",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93491"
},
{
"name" : "1036986",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036986"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1089, CVE-2016-1091, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6952, CVE-2016-6953, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6971, CVE-2016-6979, CVE-2016-6988, and CVE-2016-6993."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20161011 Adobe Reader FlatDecode Stream Processing UAF Vulnerability",
"refsource": "IDEFENSE",
"url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1230"
},
{
"name": "1036986",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036986"
},
{
"name": "93491",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93491"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
}
]
}
}

34
2016/6xxx/CVE-2016-6991.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-6991",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-6991",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

210
2016/7xxx/CVE-2016-7124.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7124",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160902 Re: CVE assignment for PHP 5.6.25 and 7.0.10 - and libcurl",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2016/09/02/9"
},
{
"name" : "http://www.php.net/ChangeLog-5.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/ChangeLog-5.php"
},
{
"name" : "http://www.php.net/ChangeLog-7.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/ChangeLog-7.php"
},
{
"name" : "https://bugs.php.net/bug.php?id=72663",
"refsource" : "CONFIRM",
"url" : "https://bugs.php.net/bug.php?id=72663"
},
{
"name" : "https://github.com/php/php-src/commit/20ce2fe8e3c211a42fee05a461a5881be9a8790e?w=1",
"refsource" : "CONFIRM",
"url" : "https://github.com/php/php-src/commit/20ce2fe8e3c211a42fee05a461a5881be9a8790e?w=1"
},
{
"name" : "https://www.tenable.com/security/tns-2016-19",
"refsource" : "CONFIRM",
"url" : "https://www.tenable.com/security/tns-2016-19"
},
{
"name" : "GLSA-201611-22",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201611-22"
},
{
"name" : "RHSA-2016:2750",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"name" : "92756",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92756"
},
{
"name" : "1036680",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036680"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.php.net/ChangeLog-7.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-7.php"
},
{
"name": "GLSA-201611-22",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"name": "1036680",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036680"
},
{
"name": "92756",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92756"
},
{
"name": "RHSA-2016:2750",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"name": "https://bugs.php.net/bug.php?id=72663",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=72663"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "https://www.tenable.com/security/tns-2016-19",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-19"
},
{
"name": "[oss-security] 20160902 Re: CVE assignment for PHP 5.6.25 and 7.0.10 - and libcurl",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2016/09/02/9"
},
{
"name": "https://github.com/php/php-src/commit/20ce2fe8e3c211a42fee05a461a5881be9a8790e?w=1",
"refsource": "CONFIRM",
"url": "https://github.com/php/php-src/commit/20ce2fe8e3c211a42fee05a461a5881be9a8790e?w=1"
}
]
}
}

170
2016/7xxx/CVE-2016-7531.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7531",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PDB file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-7531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/09/22/2"
},
{
"name" : "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539061",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539061"
},
{
"name" : "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542112",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542112"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1378763",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1378763"
},
{
"name" : "https://github.com/ImageMagick/ImageMagick/issues/107",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/issues/107"
},
{
"name" : "93131",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93131"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PDB file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542112",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542112"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1378763",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378763"
},
{
"name": "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/22/2"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/107",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/107"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539061",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539061"
},
{
"name": "93131",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93131"
}
]
}
}

160
2016/7xxx/CVE-2016-7912.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7912",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the ffs_user_copy_worker function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-7912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38740a5b87d53ceb89eb2c970150f6e94e00373a",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38740a5b87d53ceb89eb2c970150f6e94e00373a"
},
{
"name" : "http://source.android.com/security/bulletin/2016-11-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3"
},
{
"name" : "https://github.com/torvalds/linux/commit/38740a5b87d53ceb89eb2c970150f6e94e00373a",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/38740a5b87d53ceb89eb2c970150f6e94e00373a"
},
{
"name" : "94197",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94197"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the ffs_user_copy_worker function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-11-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-11-01.html"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38740a5b87d53ceb89eb2c970150f6e94e00373a",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38740a5b87d53ceb89eb2c970150f6e94e00373a"
},
{
"name": "94197",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94197"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3"
},
{
"name": "https://github.com/torvalds/linux/commit/38740a5b87d53ceb89eb2c970150f6e94e00373a",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/38740a5b87d53ceb89eb2c970150f6e94e00373a"
}
]
}
}