admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:16:49 +00:00
parent 012e5190b2
commit 9f4d042e49
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 4577 additions and 4577 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
2006/1xxx/CVE-2006-1129.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-1129",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in config.php in EKINboard 1.0.3 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060308 [eVuln] EKINboard 'img' BBCode XSS & Cookie 'username' SQL Injection Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/427073/100/0/threaded"
},
{
"name" : "http://evuln.com/vulns/88/summary.html",
"refsource" : "MISC",
"url" : "http://evuln.com/vulns/88/summary.html"
},
{
"name" : "http://www.ekinboard.com/forums/v1/viewtopic.php?id=469",
"refsource" : "CONFIRM",
"url" : "http://www.ekinboard.com/forums/v1/viewtopic.php?id=469"
},
{
"name" : "http://www.ekinboard.com/patch_for_1.0.3.txt",
"refsource" : "MISC",
"url" : "http://www.ekinboard.com/patch_for_1.0.3.txt"
},
{
"name" : "16861",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16861"
},
{
"name" : "ADV-2006-0758",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0758"
},
{
"name" : "23547",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23547"
},
{
"name" : "19045",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19045"
},
{
"name" : "ekinboard-config-sql-injection(24922)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24922"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in config.php in EKINboard 1.0.3 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060308 [eVuln] EKINboard 'img' BBCode XSS & Cookie 'username' SQL Injection Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427073/100/0/threaded"
},
{
"name": "ADV-2006-0758",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0758"
},
{
"name": "http://evuln.com/vulns/88/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/88/summary.html"
},
{
"name": "http://www.ekinboard.com/forums/v1/viewtopic.php?id=469",
"refsource": "CONFIRM",
"url": "http://www.ekinboard.com/forums/v1/viewtopic.php?id=469"
},
{
"name": "16861",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16861"
},
{
"name": "ekinboard-config-sql-injection(24922)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24922"
},
{
"name": "19045",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19045"
},
{
"name": "http://www.ekinboard.com/patch_for_1.0.3.txt",
"refsource": "MISC",
"url": "http://www.ekinboard.com/patch_for_1.0.3.txt"
},
{
"name": "23547",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23547"
}
]
}
}

190
2006/5xxx/CVE-2006-5002.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5002",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in IBM Inventory Scout for AIX 2.2.0.0 through 2.2.0.9 (invscoutClient_VPD_Survey) allows attackers to overwrite arbitrary files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ftp://aix.software.ibm.com/aix/efixes/security/README",
"refsource" : "CONFIRM",
"url" : "ftp://aix.software.ibm.com/aix/efixes/security/README"
},
{
"name" : "IY88735",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY88735"
},
{
"name" : "20199",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20199"
},
{
"name" : "20206",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20206"
},
{
"name" : "ADV-2006-3770",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3770"
},
{
"name" : "1016924",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016924"
},
{
"name" : "22062",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22062"
},
{
"name" : "aix-inventory-scout-file-overwrite(29162)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29162"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in IBM Inventory Scout for AIX 2.2.0.0 through 2.2.0.9 (invscoutClient_VPD_Survey) allows attackers to overwrite arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016924",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016924"
},
{
"name": "20199",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20199"
},
{
"name": "ADV-2006-3770",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3770"
},
{
"name": "20206",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20206"
},
{
"name": "IY88735",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY88735"
},
{
"name": "ftp://aix.software.ibm.com/aix/efixes/security/README",
"refsource": "CONFIRM",
"url": "ftp://aix.software.ibm.com/aix/efixes/security/README"
},
{
"name": "aix-inventory-scout-file-overwrite(29162)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29162"
},
{
"name": "22062",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22062"
}
]
}
}

180
2006/5xxx/CVE-2006-5177.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5177",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to (1) execute arbitrary code via unspecified vectors involving crafted base64 encoded NTLM Type 3 messages, or (2) cause a denial of service via crafted base64 encoded NTLM Type 1 messages, which trigger a buffer over-read."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://labs.musecurity.com/advisories/MU-200609-01.txt",
"refsource" : "MISC",
"url" : "http://labs.musecurity.com/advisories/MU-200609-01.txt"
},
{
"name" : "http://www.mailenable.com/hotfix/",
"refsource" : "CONFIRM",
"url" : "http://www.mailenable.com/hotfix/"
},
{
"name" : "20290",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20290"
},
{
"name" : "ADV-2006-3862",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3862"
},
{
"name" : "22179",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22179"
},
{
"name" : "mailenable-base64-ntml-message-dos(29286)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29286"
},
{
"name" : "mailenable-base64-message-code-execution(29287)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29287"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to (1) execute arbitrary code via unspecified vectors involving crafted base64 encoded NTLM Type 3 messages, or (2) cause a denial of service via crafted base64 encoded NTLM Type 1 messages, which trigger a buffer over-read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mailenable-base64-message-code-execution(29287)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29287"
},
{
"name": "22179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22179"
},
{
"name": "http://www.mailenable.com/hotfix/",
"refsource": "CONFIRM",
"url": "http://www.mailenable.com/hotfix/"
},
{
"name": "mailenable-base64-ntml-message-dos(29286)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29286"
},
{
"name": "20290",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20290"
},
{
"name": "ADV-2006-3862",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3862"
},
{
"name": "http://labs.musecurity.com/advisories/MU-200609-01.txt",
"refsource": "MISC",
"url": "http://labs.musecurity.com/advisories/MU-200609-01.txt"
}
]
}
}

140
2006/5xxx/CVE-2006-5482.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5482",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by calling the ftruncate function on a file type that is not VREG, VLNK or VDIR, which is not defined in POSIX."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[freebsd-cvs-src] 20060531 cvs commit: src/sys/ufs/ufs ufs_vnops.c",
"refsource" : "MLIST",
"url" : "http://lists.freebsd.org/pipermail/cvs-src/2006-May/064488.html"
},
{
"name" : "20522",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20522"
},
{
"name" : "22413",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22413"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by calling the ftruncate function on a file type that is not VREG, VLNK or VDIR, which is not defined in POSIX."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22413",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22413"
},
{
"name": "[freebsd-cvs-src] 20060531 cvs commit: src/sys/ufs/ufs ufs_vnops.c",
"refsource": "MLIST",
"url": "http://lists.freebsd.org/pipermail/cvs-src/2006-May/064488.html"
},
{
"name": "20522",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20522"
}
]
}
}

180
2006/5xxx/CVE-2006-5509.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5509",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Eval injection vulnerability in addentry.php in WoltLab Burning Book 1.1.2 allows remote attackers to execute arbitrary PHP code via crafted POST requests that store PHP code in a database that is later processed by eval, as demonstrated using SQL injection via the n parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061016 :ShAnKaR: WoltLab Burning Book <=1.1.2 multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/448796/100/100/threaded"
},
{
"name" : "http://www.security.nnov.ru/Odocument711.html",
"refsource" : "MISC",
"url" : "http://www.security.nnov.ru/Odocument711.html"
},
{
"name" : "20563",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20563"
},
{
"name" : "ADV-2006-4062",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4062"
},
{
"name" : "22442",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22442"
},
{
"name" : "1774",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1774"
},
{
"name" : "wburningbook-addentry-command-execution(29599)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29599"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eval injection vulnerability in addentry.php in WoltLab Burning Book 1.1.2 allows remote attackers to execute arbitrary PHP code via crafted POST requests that store PHP code in a database that is later processed by eval, as demonstrated using SQL injection via the n parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20563",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20563"
},
{
"name": "1774",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1774"
},
{
"name": "ADV-2006-4062",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4062"
},
{
"name": "20061016 :ShAnKaR: WoltLab Burning Book <=1.1.2 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448796/100/100/threaded"
},
{
"name": "wburningbook-addentry-command-execution(29599)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29599"
},
{
"name": "http://www.security.nnov.ru/Odocument711.html",
"refsource": "MISC",
"url": "http://www.security.nnov.ru/Odocument711.html"
},
{
"name": "22442",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22442"
}
]
}
}

220
2006/5xxx/CVE-2006-5633.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5633",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a null dereference. NOTE: the original Bugtraq post mentioned that code execution was possible, but followup analysis has shown that it is only a null dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5633",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061127 Re: New Flaw in Firefox 2.0: DoS and possible remote code execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/452803/100/0/threaded"
},
{
"name" : "20061101 Re: New Flaw in Firefox 2.0: DoS and possible remote code execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/450682/100/200/threaded"
},
{
"name" : "20061030 Firefox <= 2.0 crash",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050416.html"
},
{
"name" : "20061031 New Flaw in Firefox 2.0: DoS and possible remote code execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/450155/100/0/threaded"
},
{
"name" : "20061031 Re: New Flaw in Firefox 2.0: DoS and possible remote code execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/450168/100/0/threaded"
},
{
"name" : "20061031 Re: New Flaw in Firefox 2.0: DoS and possible remote code execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/450167/100/0/threaded"
},
{
"name" : "http://www.gotfault.net/research/advisory/gadv-firefox.txt",
"refsource" : "MISC",
"url" : "http://www.gotfault.net/research/advisory/gadv-firefox.txt"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=358797",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=358797"
},
{
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=213237",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=213237"
},
{
"name" : "20799",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20799"
},
{
"name" : "firefox-createrange-dos(29916)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29916"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a null dereference. NOTE: the original Bugtraq post mentioned that code execution was possible, but followup analysis has shown that it is only a null dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061101 Re: New Flaw in Firefox 2.0: DoS and possible remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450682/100/200/threaded"
},
{
"name": "20061031 New Flaw in Firefox 2.0: DoS and possible remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450155/100/0/threaded"
},
{
"name": "20061031 Re: New Flaw in Firefox 2.0: DoS and possible remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450168/100/0/threaded"
},
{
"name": "20061030 Firefox <= 2.0 crash",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050416.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=358797",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=358797"
},
{
"name": "firefox-createrange-dos(29916)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29916"
},
{
"name": "20061127 Re: New Flaw in Firefox 2.0: DoS and possible remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452803/100/0/threaded"
},
{
"name": "http://www.gotfault.net/research/advisory/gadv-firefox.txt",
"refsource": "MISC",
"url": "http://www.gotfault.net/research/advisory/gadv-firefox.txt"
},
{
"name": "20061031 Re: New Flaw in Firefox 2.0: DoS and possible remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450167/100/0/threaded"
},
{
"name": "20799",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20799"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=213237",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=213237"
}
]
}
}

130
2007/2xxx/CVE-2007-2107.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2107",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-1960. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ADV-2007-1266",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1266"
},
{
"name" : "37412",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37412"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-1960. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1266",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1266"
},
{
"name": "37412",
"refsource": "OSVDB",
"url": "http://osvdb.org/37412"
}
]
}
}

180
2007/2xxx/CVE-2007-2513.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2513",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 post-SP6 20070522, allows remote attackers to obtain credentials via a man-in-the-middle attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://secure-support.novell.com/KanisaPlatform/Publishing/300/3382383_f.SAL_Public.html",
"refsource" : "CONFIRM",
"url" : "https://secure-support.novell.com/KanisaPlatform/Publishing/300/3382383_f.SAL_Public.html"
},
{
"name" : "24258",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24258"
},
{
"name" : "35942",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35942"
},
{
"name" : "ADV-2007-2024",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2024"
},
{
"name" : "1018180",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1018180"
},
{
"name" : "25498",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25498"
},
{
"name" : "groupwise-unspecified-mitm(34655)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34655"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 post-SP6 20070522, allows remote attackers to obtain credentials via a man-in-the-middle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2024",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2024"
},
{
"name": "https://secure-support.novell.com/KanisaPlatform/Publishing/300/3382383_f.SAL_Public.html",
"refsource": "CONFIRM",
"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/300/3382383_f.SAL_Public.html"
},
{
"name": "groupwise-unspecified-mitm(34655)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34655"
},
{
"name": "25498",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25498"
},
{
"name": "24258",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24258"
},
{
"name": "1018180",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018180"
},
{
"name": "35942",
"refsource": "OSVDB",
"url": "http://osvdb.org/35942"
}
]
}
}

180
2007/2xxx/CVE-2007-2521.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2521",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in common.php in E-GADS! before 2.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the locale parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3846",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3846"
},
{
"name" : "https://sourceforge.net/project/shownotes.php?group_id=88942&release_id=533122",
"refsource" : "CONFIRM",
"url" : "https://sourceforge.net/project/shownotes.php?group_id=88942&release_id=533122"
},
{
"name" : "23817",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23817"
},
{
"name" : "ADV-2007-1665",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1665"
},
{
"name" : "35773",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35773"
},
{
"name" : "25104",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25104"
},
{
"name" : "egads-common-file-include(34073)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34073"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in common.php in E-GADS! before 2.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the locale parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25104",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25104"
},
{
"name": "ADV-2007-1665",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1665"
},
{
"name": "23817",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23817"
},
{
"name": "https://sourceforge.net/project/shownotes.php?group_id=88942&release_id=533122",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/project/shownotes.php?group_id=88942&release_id=533122"
},
{
"name": "3846",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3846"
},
{
"name": "egads-common-file-include(34073)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34073"
},
{
"name": "35773",
"refsource": "OSVDB",
"url": "http://osvdb.org/35773"
}
]
}
}

150
2007/2xxx/CVE-2007-2674.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2674",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in detail.php in Pre Shopping Mall 1.0 allows remote attackers to execute arbitrary SQL commands via the prodid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3842",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3842"
},
{
"name" : "23794",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23794"
},
{
"name" : "37814",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37814"
},
{
"name" : "preshoppingmall-detail-sql-injection(34034)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34034"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in detail.php in Pre Shopping Mall 1.0 allows remote attackers to execute arbitrary SQL commands via the prodid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3842",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3842"
},
{
"name": "23794",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23794"
},
{
"name": "37814",
"refsource": "OSVDB",
"url": "http://osvdb.org/37814"
},
{
"name": "preshoppingmall-detail-sql-injection(34034)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34034"
}
]
}
}

220
2007/2xxx/CVE-2007-2836.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2836",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430691",
"refsource" : "MISC",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430691"
},
{
"name" : "http://hikiwiki.org/en/advisory20070624.html",
"refsource" : "CONFIRM",
"url" : "http://hikiwiki.org/en/advisory20070624.html"
},
{
"name" : "http://hikiwiki.org/hiki-0_8_6.patch",
"refsource" : "CONFIRM",
"url" : "http://hikiwiki.org/hiki-0_8_6.patch"
},
{
"name" : "JVN#05187780",
"refsource" : "JVN",
"url" : "http://jvn.jp/jp/JVN%2305187780/index.html"
},
{
"name" : "DSA-1324",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2007/dsa-1324"
},
{
"name" : "24603",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24603"
},
{
"name" : "ADV-2007-2304",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2304"
},
{
"name" : "37469",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37469"
},
{
"name" : "25764",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25764"
},
{
"name" : "25874",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25874"
},
{
"name" : "hiki-sessionid-security-bypass(35029)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35029"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1324",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1324"
},
{
"name": "24603",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24603"
},
{
"name": "37469",
"refsource": "OSVDB",
"url": "http://osvdb.org/37469"
},
{
"name": "http://hikiwiki.org/en/advisory20070624.html",
"refsource": "CONFIRM",
"url": "http://hikiwiki.org/en/advisory20070624.html"
},
{
"name": "ADV-2007-2304",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2304"
},
{
"name": "http://hikiwiki.org/hiki-0_8_6.patch",
"refsource": "CONFIRM",
"url": "http://hikiwiki.org/hiki-0_8_6.patch"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430691",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430691"
},
{
"name": "25874",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25874"
},
{
"name": "25764",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25764"
},
{
"name": "hiki-sessionid-security-bypass(35029)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35029"
},
{
"name": "JVN#05187780",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2305187780/index.html"
}
]
}
}

160
2007/6xxx/CVE-2007-6394.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6394",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Content Injector 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter in an expand action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4706",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4706"
},
{
"name" : "26781",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26781"
},
{
"name" : "ADV-2007-4175",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4175"
},
{
"name" : "27986",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27986"
},
{
"name" : "contentinjector-index-sql-injection(38939)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38939"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Content Injector 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter in an expand action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4706",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4706"
},
{
"name": "26781",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26781"
},
{
"name": "ADV-2007-4175",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4175"
},
{
"name": "contentinjector-index-sql-injection(38939)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38939"
},
{
"name": "27986",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27986"
}
]
}
}

160
2007/6xxx/CVE-2007-6488.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6488",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the dir[classes] parameter to sitemap.xml.php or (2) the error parameter to errors.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4712",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4712"
},
{
"name" : "ADV-2007-4173",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4173"
},
{
"name" : "40985",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/40985"
},
{
"name" : "40986",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/40986"
},
{
"name" : "28047",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28047"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the dir[classes] parameter to sitemap.xml.php or (2) the error parameter to errors.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-4173",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4173"
},
{
"name": "40986",
"refsource": "OSVDB",
"url": "http://osvdb.org/40986"
},
{
"name": "28047",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28047"
},
{
"name": "4712",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4712"
},
{
"name": "40985",
"refsource": "OSVDB",
"url": "http://osvdb.org/40985"
}
]
}
}

150
2010/0xxx/CVE-2010-0798.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0798",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/extensions/repository/view/t3blog/0.8.0/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/extensions/repository/view/t3blog/0.8.0/"
},
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-002/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-002/"
},
{
"name" : "38030",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38030"
},
{
"name" : "38388",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38388"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38030",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38030"
},
{
"name": "38388",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38388"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-002/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-002/"
},
{
"name": "http://typo3.org/extensions/repository/view/t3blog/0.8.0/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/t3blog/0.8.0/"
}
]
}
}

130
2010/0xxx/CVE-2010-0820.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0820",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2; Active Directory Application Mode (ADAM) in Windows XP SP2 and SP3 and Windows Server 2003 SP2; and Active Directory Lightweight Directory Service (AD LDS) in Windows Vista SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote authenticated users to execute arbitrary code via malformed LDAP messages, aka \"LSASS Heap Overflow Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-0820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS10-068",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-068"
},
{
"name" : "oval:org.mitre.oval:def:7120",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7120"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2; Active Directory Application Mode (ADAM) in Windows XP SP2 and SP3 and Windows Server 2003 SP2; and Active Directory Lightweight Directory Service (AD LDS) in Windows Vista SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote authenticated users to execute arbitrary code via malformed LDAP messages, aka \"LSASS Heap Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS10-068",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-068"
},
{
"name": "oval:org.mitre.oval:def:7120",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7120"
}
]
}
}

170
2010/1xxx/CVE-2010-1160.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1160",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-1160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[Nano-devel] 20100407 New prerelease for security tweaks",
"refsource" : "MLIST",
"url" : "http://lists.gnu.org/archive/html/nano-devel/2010-04/msg00000.html"
},
{
"name" : "[oss-security] 20100414 CVE request: GNU nano (minor)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/04/14/4"
},
{
"name" : "http://drosenbe.blogspot.com/2010/03/nano-as-root.html",
"refsource" : "MISC",
"url" : "http://drosenbe.blogspot.com/2010/03/nano-as-root.html"
},
{
"name" : "http://svn.savannah.gnu.org/viewvc/trunk/nano/ChangeLog?revision=4503&root=nano&view=markup",
"refsource" : "CONFIRM",
"url" : "http://svn.savannah.gnu.org/viewvc/trunk/nano/ChangeLog?revision=4503&root=nano&view=markup"
},
{
"name" : "1023891",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023891"
},
{
"name" : "39444",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39444"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[Nano-devel] 20100407 New prerelease for security tweaks",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/nano-devel/2010-04/msg00000.html"
},
{
"name": "http://svn.savannah.gnu.org/viewvc/trunk/nano/ChangeLog?revision=4503&root=nano&view=markup",
"refsource": "CONFIRM",
"url": "http://svn.savannah.gnu.org/viewvc/trunk/nano/ChangeLog?revision=4503&root=nano&view=markup"
},
{
"name": "[oss-security] 20100414 CVE request: GNU nano (minor)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/04/14/4"
},
{
"name": "1023891",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023891"
},
{
"name": "http://drosenbe.blogspot.com/2010/03/nano-as-root.html",
"refsource": "MISC",
"url": "http://drosenbe.blogspot.com/2010/03/nano-as-root.html"
},
{
"name": "39444",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39444"
}
]
}
}

140
2010/1xxx/CVE-2010-1310.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1310",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera 10.50 allows remote attackers to obtain sensitive information via crafted XSLT constructs, which cause Opera to return cached contents of other pages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.opera.com/docs/changelogs/windows/1051/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/windows/1051/"
},
{
"name" : "http://www.opera.com/support/kb/view/949/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/support/kb/view/949/"
},
{
"name" : "38820",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38820"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera 10.50 allows remote attackers to obtain sensitive information via crafted XSLT constructs, which cause Opera to return cached contents of other pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.opera.com/docs/changelogs/windows/1051/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/1051/"
},
{
"name": "38820",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38820"
},
{
"name": "http://www.opera.com/support/kb/view/949/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/kb/view/949/"
}
]
}
}

160
2010/1xxx/CVE-2010-1650.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1650",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option (aka debugging mode) is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive information by reading the trace output."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "PM06839",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM06839"
},
{
"name" : "PM12247",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247"
},
{
"name" : "39628",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39628"
},
{
"name" : "ADV-2010-0994",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0994"
},
{
"name" : "ibm-was-debugging-information-disclosure(58323)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58323"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option (aka debugging mode) is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive information by reading the trace output."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39628",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39628"
},
{
"name": "PM12247",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247"
},
{
"name": "ibm-was-debugging-information-disclosure(58323)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58323"
},
{
"name": "PM06839",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM06839"
},
{
"name": "ADV-2010-0994",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0994"
}
]
}
}

320
2010/1xxx/CVE-2010-1786.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1786",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a foreignObject element in an SVG document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-1786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4276",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4276"
},
{
"name" : "http://support.apple.com/kb/HT4334",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4334"
},
{
"name" : "http://support.apple.com/kb/HT4456",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4456"
},
{
"name" : "APPLE-SA-2010-07-28-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Jul/msg00001.html"
},
{
"name" : "APPLE-SA-2010-09-08-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"name" : "APPLE-SA-2010-11-22-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"name" : "MDVSA-2011:039",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name" : "RHSA-2011:0177",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0177.html"
},
{
"name" : "SUSE-SR:2010:018",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
},
{
"name" : "SUSE-SR:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name" : "USN-1006-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name" : "42020",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/42020"
},
{
"name" : "oval:org.mitre.oval:def:11837",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11837"
},
{
"name" : "41856",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41856"
},
{
"name" : "42314",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42314"
},
{
"name" : "43068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43068"
},
{
"name" : "43086",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43086"
},
{
"name" : "ADV-2010-2722",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name" : "ADV-2011-0212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name" : "ADV-2011-0216",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0216"
},
{
"name" : "ADV-2011-0552",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0552"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a foreignObject element in an SVG document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:039",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name": "ADV-2010-2722",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "APPLE-SA-2010-09-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"name": "http://support.apple.com/kb/HT4334",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4334"
},
{
"name": "http://support.apple.com/kb/HT4276",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4276"
},
{
"name": "USN-1006-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name": "41856",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41856"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "APPLE-SA-2010-07-28-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Jul/msg00001.html"
},
{
"name": "ADV-2011-0216",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0216"
},
{
"name": "oval:org.mitre.oval:def:11837",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11837"
},
{
"name": "43086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43086"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "42314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42314"
},
{
"name": "RHSA-2011:0177",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0177.html"
},
{
"name": "ADV-2011-0552",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"name": "42020",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42020"
},
{
"name": "http://support.apple.com/kb/HT4456",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "SUSE-SR:2010:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
},
{
"name": "APPLE-SA-2010-11-22-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
]
}
}

140
2010/1xxx/CVE-2010-1836.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1836",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-1836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4435",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4435"
},
{
"name" : "APPLE-SA-2010-11-10-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name" : "1024723",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024723"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1024723",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024723"
},
{
"name": "http://support.apple.com/kb/HT4435",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "APPLE-SA-2010-11-10-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
}
]
}
}

390
2010/4xxx/CVE-2010-4267.json
View File

@ -1,197 +1,197 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4267",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml.c in Hewlett-Packard Linux Imaging and Printing (HPLIP) 1.6.7, 3.9.8, 3.10.9, and probably other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SNMP response with a large length value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/attachment.cgi?id=468455&action=diff",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/attachment.cgi?id=468455&action=diff"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=662740",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=662740"
},
{
"name" : "DSA-2152",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2152"
},
{
"name" : "FEDORA-2011-0524",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053474.html"
},
{
"name" : "FEDORA-2011-0525",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053472.html"
},
{
"name" : "GLSA-201203-17",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201203-17.xml"
},
{
"name" : "MDVSA-2011:013",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:013"
},
{
"name" : "RHSA-2011:0154",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0154.html"
},
{
"name" : "SUSE-SR:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name" : "SUSE-SR:2011:005",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name" : "USN-1051-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1051-1"
},
{
"name" : "45833",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45833"
},
{
"name" : "70498",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/70498"
},
{
"name" : "1024967",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024967"
},
{
"name" : "42939",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42939"
},
{
"name" : "42956",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42956"
},
{
"name" : "43022",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43022"
},
{
"name" : "43083",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43083"
},
{
"name" : "43102",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43102"
},
{
"name" : "43068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43068"
},
{
"name" : "48441",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48441"
},
{
"name" : "ADV-2011-0136",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0136"
},
{
"name" : "ADV-2011-0160",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0160"
},
{
"name" : "ADV-2011-0211",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0211"
},
{
"name" : "ADV-2011-0228",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0228"
},
{
"name" : "ADV-2011-0243",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0243"
},
{
"name" : "ADV-2011-0212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name" : "hplip-hpmudgetpml-bo(64738)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64738"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml.c in Hewlett-Packard Linux Imaging and Printing (HPLIP) 1.6.7, 3.9.8, 3.10.9, and probably other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SNMP response with a large length value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42956",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42956"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "70498",
"refsource": "OSVDB",
"url": "http://osvdb.org/70498"
},
{
"name": "43102",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43102"
},
{
"name": "ADV-2011-0136",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0136"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "45833",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45833"
},
{
"name": "43022",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43022"
},
{
"name": "ADV-2011-0228",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0228"
},
{
"name": "https://bugzilla.redhat.com/attachment.cgi?id=468455&action=diff",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/attachment.cgi?id=468455&action=diff"
},
{
"name": "SUSE-SR:2011:005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
},
{
"name": "ADV-2011-0211",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0211"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "FEDORA-2011-0524",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053474.html"
},
{
"name": "MDVSA-2011:013",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:013"
},
{
"name": "RHSA-2011:0154",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0154.html"
},
{
"name": "ADV-2011-0243",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0243"
},
{
"name": "USN-1051-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1051-1"
},
{
"name": "43083",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43083"
},
{
"name": "hplip-hpmudgetpml-bo(64738)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64738"
},
{
"name": "ADV-2011-0160",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0160"
},
{
"name": "DSA-2152",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2152"
},
{
"name": "FEDORA-2011-0525",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053472.html"
},
{
"name": "GLSA-201203-17",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201203-17.xml"
},
{
"name": "1024967",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024967"
},
{
"name": "42939",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42939"
},
{
"name": "48441",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48441"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=662740",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=662740"
}
]
}
}

210
2010/4xxx/CVE-2010-4555.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4555",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) drop-down selection lists, (2) the > (greater than) character in the SquirrelSpell spellchecking plugin, and (3) errors associated with the Index Order (aka options_order) page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision&revision=14119",
"refsource" : "CONFIRM",
"url" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision&revision=14119"
},
{
"name" : "http://www.squirrelmail.org/security/issue/2011-07-11",
"refsource" : "CONFIRM",
"url" : "http://www.squirrelmail.org/security/issue/2011-07-11"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=720694",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=720694"
},
{
"name" : "http://support.apple.com/kb/HT5130",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5130"
},
{
"name" : "APPLE-SA-2012-02-01-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"name" : "DSA-2291",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2291"
},
{
"name" : "MDVSA-2011:123",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:123"
},
{
"name" : "RHSA-2012:0103",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
},
{
"name" : "squirrelmail-dropdown-xss(68510)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68510"
},
{
"name" : "squirrelmail-spellchecking-xss(68511)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68511"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) drop-down selection lists, (2) the > (greater than) character in the SquirrelSpell spellchecking plugin, and (3) errors associated with the Index Order (aka options_order) page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2291",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2291"
},
{
"name": "http://support.apple.com/kb/HT5130",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5130"
},
{
"name": "squirrelmail-dropdown-xss(68510)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68510"
},
{
"name": "squirrelmail-spellchecking-xss(68511)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68511"
},
{
"name": "MDVSA-2011:123",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:123"
},
{
"name": "APPLE-SA-2012-02-01-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"name": "http://www.squirrelmail.org/security/issue/2011-07-11",
"refsource": "CONFIRM",
"url": "http://www.squirrelmail.org/security/issue/2011-07-11"
},
{
"name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision&revision=14119",
"refsource": "CONFIRM",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision&revision=14119"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=720694",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720694"
},
{
"name": "RHSA-2012:0103",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0103.html"
}
]
}
}

130
2010/4xxx/CVE-2010-4587.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4587",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera before 11.00 on Windows does not properly implement the Insecure Third Party Module warning message, which might make it easier for user-assisted remote attackers to have an unspecified impact via a crafted module."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.opera.com/docs/changelogs/windows/1100/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/windows/1100/"
},
{
"name" : "42653",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42653"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera before 11.00 on Windows does not properly implement the Insecure Third Party Module warning message, which might make it easier for user-assisted remote attackers to have an unspecified impact via a crafted module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42653",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42653"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/1100/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/1100/"
}
]
}
}

180
2010/4xxx/CVE-2010-4850.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-4850",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Diferior 8.03 allow remote attackers to inject arbitrary web script or HTML via the (1) post_content parameter to post/edit/2/p1.html, related to views/post.php; the (2) slogan parameter to admin/site/2.html, related to views/admin.php; or the (3) subcatname or (4) description parameter to admin/forum/create_sub.html, related to views/admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15633",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15633"
},
{
"name" : "http://packetstormsecurity.org/files/view/96207/diferior-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/view/96207/diferior-xss.txt"
},
{
"name" : "http://www.htbridge.ch/advisory/cross_site_scripting_vulnerability_in_diferior.html",
"refsource" : "MISC",
"url" : "http://www.htbridge.ch/advisory/cross_site_scripting_vulnerability_in_diferior.html"
},
{
"name" : "http://www.htbridge.ch/advisory/stored_xss_cross_site_scripting_vulnerability_in_diferior.html",
"refsource" : "MISC",
"url" : "http://www.htbridge.ch/advisory/stored_xss_cross_site_scripting_vulnerability_in_diferior.html"
},
{
"name" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_diferior.html",
"refsource" : "MISC",
"url" : "http://www.htbridge.ch/advisory/xss_vulnerability_in_diferior.html"
},
{
"name" : "45088",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45088"
},
{
"name" : "8398",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8398"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Diferior 8.03 allow remote attackers to inject arbitrary web script or HTML via the (1) post_content parameter to post/edit/2/p1.html, related to views/post.php; the (2) slogan parameter to admin/site/2.html, related to views/admin.php; or the (3) subcatname or (4) description parameter to admin/forum/create_sub.html, related to views/admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.htbridge.ch/advisory/cross_site_scripting_vulnerability_in_diferior.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/cross_site_scripting_vulnerability_in_diferior.html"
},
{
"name": "45088",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45088"
},
{
"name": "15633",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15633"
},
{
"name": "http://www.htbridge.ch/advisory/xss_vulnerability_in_diferior.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/xss_vulnerability_in_diferior.html"
},
{
"name": "http://packetstormsecurity.org/files/view/96207/diferior-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/96207/diferior-xss.txt"
},
{
"name": "8398",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8398"
},
{
"name": "http://www.htbridge.ch/advisory/stored_xss_cross_site_scripting_vulnerability_in_diferior.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/stored_xss_cross_site_scripting_vulnerability_in_diferior.html"
}
]
}
}

150
2010/5xxx/CVE-2010-5194.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5194",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the Image2PDF function in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx) in Viscom Image Viewer CP Pro 8.0, Gold 5.5, Gold 6.0, and earlier allows remote attackers to execute arbitrary code via a long strPDFFile parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15658",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/15658"
},
{
"name" : "69566",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/69566"
},
{
"name" : "42445",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42445"
},
{
"name" : "imageviewer-activex-bo(63642)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/63642"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Image2PDF function in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx) in Viscom Image Viewer CP Pro 8.0, Gold 5.5, Gold 6.0, and earlier allows remote attackers to execute arbitrary code via a long strPDFFile parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69566",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/69566"
},
{
"name": "imageviewer-activex-bo(63642)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63642"
},
{
"name": "42445",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42445"
},
{
"name": "15658",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15658"
}
]
}
}

130
2010/5xxx/CVE-2010-5236.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5236",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Roxio Easy Media Creator Home 9.0.136 allows local users to gain privileges via a Trojan horse homeutils9.dll file in the current working directory, as demonstrated by a directory that contains a .roxio, .c2d, or .gi file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14768",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/14768"
},
{
"name" : "41137",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41137"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Roxio Easy Media Creator Home 9.0.136 allows local users to gain privileges via a Trojan horse homeutils9.dll file in the current working directory, as demonstrated by a directory that contains a .roxio, .c2d, or .gi file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14768",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14768"
},
{
"name": "41137",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41137"
}
]
}
}

320
2014/0xxx/CVE-2014-0064.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0064",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow. NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://wiki.postgresql.org/wiki/20140220securityrelease",
"refsource" : "CONFIRM",
"url" : "http://wiki.postgresql.org/wiki/20140220securityrelease"
},
{
"name" : "http://www.postgresql.org/about/news/1506/",
"refsource" : "CONFIRM",
"url" : "http://www.postgresql.org/about/news/1506/"
},
{
"name" : "http://www.postgresql.org/support/security/",
"refsource" : "CONFIRM",
"url" : "http://www.postgresql.org/support/security/"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1065230",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1065230"
},
{
"name" : "https://github.com/postgres/postgres/commit/31400a673325147e1205326008e32135a78b4d8a",
"refsource" : "CONFIRM",
"url" : "https://github.com/postgres/postgres/commit/31400a673325147e1205326008e32135a78b4d8a"
},
{
"name" : "http://support.apple.com/kb/HT6448",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT6448"
},
{
"name" : "https://support.apple.com/kb/HT6536",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT6536"
},
{
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
"refsource" : "CONFIRM",
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name" : "APPLE-SA-2014-10-16-3",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
},
{
"name" : "DSA-2864",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2864"
},
{
"name" : "DSA-2865",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2865"
},
{
"name" : "RHSA-2014:0469",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0469.html"
},
{
"name" : "RHSA-2014:0211",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0211.html"
},
{
"name" : "RHSA-2014:0221",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0221.html"
},
{
"name" : "RHSA-2014:0249",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0249.html"
},
{
"name" : "openSUSE-SU-2014:0345",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html"
},
{
"name" : "openSUSE-SU-2014:0368",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00038.html"
},
{
"name" : "USN-2120-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2120-1"
},
{
"name" : "65725",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65725"
},
{
"name" : "61307",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61307"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow. NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:0211",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0211.html"
},
{
"name": "RHSA-2014:0221",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0221.html"
},
{
"name": "http://support.apple.com/kb/HT6448",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6448"
},
{
"name": "RHSA-2014:0469",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0469.html"
},
{
"name": "APPLE-SA-2014-10-16-3",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
},
{
"name": "https://github.com/postgres/postgres/commit/31400a673325147e1205326008e32135a78b4d8a",
"refsource": "CONFIRM",
"url": "https://github.com/postgres/postgres/commit/31400a673325147e1205326008e32135a78b4d8a"
},
{
"name": "http://wiki.postgresql.org/wiki/20140220securityrelease",
"refsource": "CONFIRM",
"url": "http://wiki.postgresql.org/wiki/20140220securityrelease"
},
{
"name": "DSA-2864",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2864"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "http://www.postgresql.org/support/security/",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/support/security/"
},
{
"name": "RHSA-2014:0249",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0249.html"
},
{
"name": "http://www.postgresql.org/about/news/1506/",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/about/news/1506/"
},
{
"name": "USN-2120-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2120-1"
},
{
"name": "https://support.apple.com/kb/HT6536",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT6536"
},
{
"name": "DSA-2865",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2865"
},
{
"name": "65725",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65725"
},
{
"name": "openSUSE-SU-2014:0345",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"
},
{
"name": "openSUSE-SU-2014:0368",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00038.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1065230",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065230"
},
{
"name": "61307",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61307"
}
]
}
}

310
2014/0xxx/CVE-2014-0375.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0375",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5898 and CVE-2014-0403."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-0375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777"
},
{
"name" : "HPSBUX02972",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2"
},
{
"name" : "HPSBUX02973",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=139402749111889&w=2"
},
{
"name" : "SSRT101454",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2"
},
{
"name" : "SSRT101455",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=139402749111889&w=2"
},
{
"name" : "RHSA-2014:0030",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0030.html"
},
{
"name" : "RHSA-2014:0134",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0134.html"
},
{
"name" : "RHSA-2014:0135",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0135.html"
},
{
"name" : "RHSA-2014:0414",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2014:0414"
},
{
"name" : "SUSE-SU-2014:0246",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html"
},
{
"name" : "SUSE-SU-2014:0266",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html"
},
{
"name" : "SUSE-SU-2014:0451",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html"
},
{
"name" : "64758",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64758"
},
{
"name" : "64916",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64916"
},
{
"name" : "102007",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102007"
},
{
"name" : "1029608",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029608"
},
{
"name" : "56485",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56485"
},
{
"name" : "56535",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56535"
},
{
"name" : "oracle-cpujan2014-cve20140375(90339)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90339"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5898 and CVE-2014-0403."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:0414",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2014:0414"
},
{
"name": "SSRT101455",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=139402749111889&w=2"
},
{
"name": "64916",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64916"
},
{
"name": "RHSA-2014:0135",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0135.html"
},
{
"name": "56535",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56535"
},
{
"name": "RHSA-2014:0030",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0030.html"
},
{
"name": "56485",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56485"
},
{
"name": "SSRT101454",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777"
},
{
"name": "oracle-cpujan2014-cve20140375(90339)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90339"
},
{
"name": "102007",
"refsource": "OSVDB",
"url": "http://osvdb.org/102007"
},
{
"name": "HPSBUX02972",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2"
},
{
"name": "SUSE-SU-2014:0451",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html"
},
{
"name": "HPSBUX02973",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=139402749111889&w=2"
},
{
"name": "1029608",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029608"
},
{
"name": "SUSE-SU-2014:0266",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html"
},
{
"name": "64758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64758"
},
{
"name": "SUSE-SU-2014:0246",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name": "RHSA-2014:0134",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0134.html"
}
]
}
}

220
2014/0xxx/CVE-2014-0454.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0454",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-0454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21672080",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21672080"
},
{
"name" : "https://www.ibm.com/support/docview.wss?uid=swg21675973",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=swg21675973"
},
{
"name" : "GLSA-201502-12",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml"
},
{
"name" : "HPSBUX03091",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
},
{
"name" : "SSRT101667",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
},
{
"name" : "RHSA-2014:0675",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0675.html"
},
{
"name" : "RHSA-2014:0413",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2014:0413"
},
{
"name" : "USN-2187-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2187-1"
},
{
"name" : "66905",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66905"
},
{
"name" : "58974",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58974"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2187-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2187-1"
},
{
"name": "RHSA-2014:0675",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0675.html"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=swg21675973",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=swg21675973"
},
{
"name": "HPSBUX03091",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080"
},
{
"name": "RHSA-2014:0413",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2014:0413"
},
{
"name": "SSRT101667",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2"
},
{
"name": "58974",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58974"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
},
{
"name": "GLSA-201502-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201502-12.xml"
},
{
"name": "66905",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66905"
}
]
}
}

140
2014/0xxx/CVE-2014-0825.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0825",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a crafted report parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name" : "IV53362",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53362"
},
{
"name" : "ibm-maximo-cve20140825-xss(90501)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90501"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.12 IFIX.20140218-1510 allows remote authenticated users to inject arbitrary web script or HTML via a crafted report parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670870"
},
{
"name": "ibm-maximo-cve20140825-xss(90501)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90501"
},
{
"name": "IV53362",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV53362"
}
]
}
}

34
2014/1xxx/CVE-2014-1328.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1328",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-1328",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

380
2014/1xxx/CVE-2014-1577.json
View File

@ -1,192 +1,192 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1577",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via an invalid custom waveform that triggers a calculation of a negative frequency value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2014-1577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2014/mfsa2014-76.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2014/mfsa2014-76.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1012609",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1012609"
},
{
"name" : "https://advisories.mageia.org/MGASA-2014-0421.html",
"refsource" : "CONFIRM",
"url" : "https://advisories.mageia.org/MGASA-2014-0421.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name" : "DSA-3050",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3050"
},
{
"name" : "DSA-3061",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3061"
},
{
"name" : "FEDORA-2014-13042",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html"
},
{
"name" : "FEDORA-2014-14084",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html"
},
{
"name" : "GLSA-201504-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201504-01"
},
{
"name" : "RHSA-2014:1635",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1635.html"
},
{
"name" : "RHSA-2014:1647",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1647.html"
},
{
"name" : "openSUSE-SU-2014:1343",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00000.html"
},
{
"name" : "openSUSE-SU-2014:1346",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00003.html"
},
{
"name" : "openSUSE-SU-2014:1344",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html"
},
{
"name" : "openSUSE-SU-2014:1345",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html"
},
{
"name" : "openSUSE-SU-2015:0138",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"
},
{
"name" : "openSUSE-SU-2015:1266",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"name" : "USN-2372-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2372-1"
},
{
"name" : "USN-2373-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2373-1"
},
{
"name" : "70440",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70440"
},
{
"name" : "1031028",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031028"
},
{
"name" : "1031030",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031030"
},
{
"name" : "61387",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61387"
},
{
"name" : "61854",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61854"
},
{
"name" : "62021",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62021"
},
{
"name" : "62022",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62022"
},
{
"name" : "62023",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62023"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via an invalid custom waveform that triggers a calculation of a negative frequency value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mozilla.org/security/announce/2014/mfsa2014-76.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2014/mfsa2014-76.html"
},
{
"name": "62021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62021"
},
{
"name": "openSUSE-SU-2015:0138",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html"
},
{
"name": "openSUSE-SU-2014:1344",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1012609",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1012609"
},
{
"name": "openSUSE-SU-2014:1346",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00003.html"
},
{
"name": "FEDORA-2014-13042",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html"
},
{
"name": "1031028",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031028"
},
{
"name": "openSUSE-SU-2014:1345",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html"
},
{
"name": "USN-2373-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2373-1"
},
{
"name": "https://advisories.mageia.org/MGASA-2014-0421.html",
"refsource": "CONFIRM",
"url": "https://advisories.mageia.org/MGASA-2014-0421.html"
},
{
"name": "GLSA-201504-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name": "RHSA-2014:1635",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1635.html"
},
{
"name": "FEDORA-2014-14084",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html"
},
{
"name": "RHSA-2014:1647",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1647.html"
},
{
"name": "61387",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61387"
},
{
"name": "USN-2372-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2372-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "62022",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62022"
},
{
"name": "openSUSE-SU-2015:1266",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"name": "1031030",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031030"
},
{
"name": "62023",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62023"
},
{
"name": "openSUSE-SU-2014:1343",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00000.html"
},
{
"name": "70440",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70440"
},
{
"name": "DSA-3050",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3050"
},
{
"name": "61854",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61854"
},
{
"name": "DSA-3061",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3061"
}
]
}
}

34
2014/1xxx/CVE-2014-1661.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1661",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-1661",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none."
}
]
}
}

34
2014/1xxx/CVE-2014-1688.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1688",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1688",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2014/1xxx/CVE-2014-1720.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1720",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the HTMLBodyElement::insertedInto function in core/html/HTMLBodyElement.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving attributes."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-1720",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=356095",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=356095"
},
{
"name" : "https://src.chromium.org/viewvc/blink?revision=170216&view=revision",
"refsource" : "CONFIRM",
"url" : "https://src.chromium.org/viewvc/blink?revision=170216&view=revision"
},
{
"name" : "DSA-2905",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2905"
},
{
"name" : "GLSA-201408-16",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201408-16.xml"
},
{
"name" : "openSUSE-SU-2014:0601",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00012.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the HTMLBodyElement::insertedInto function in core/html/HTMLBodyElement.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving attributes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.google.com/p/chromium/issues/detail?id=356095",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=356095"
},
{
"name": "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html"
},
{
"name": "openSUSE-SU-2014:0601",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00012.html"
},
{
"name": "GLSA-201408-16",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201408-16.xml"
},
{
"name": "DSA-2905",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2905"
},
{
"name": "https://src.chromium.org/viewvc/blink?revision=170216&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/blink?revision=170216&view=revision"
}
]
}
}

34
2014/4xxx/CVE-2014-4177.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4177",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4177",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2014/4xxx/CVE-2014-4688.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4688",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "pfSense before 2.1.4 allows remote authenticated users to execute arbitrary commands via (1) the hostname value to diag_dns.php in a Create Alias action, (2) the smartmonemail value to diag_smart.php, or (3) the database value to status_rrd_graph_img.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "43560",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43560/"
},
{
"name" : "https://pfsense.org/security/advisories/pfSense-SA-14_10.webgui.asc",
"refsource" : "CONFIRM",
"url" : "https://pfsense.org/security/advisories/pfSense-SA-14_10.webgui.asc"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pfSense before 2.1.4 allows remote authenticated users to execute arbitrary commands via (1) the hostname value to diag_dns.php in a Create Alias action, (2) the smartmonemail value to diag_smart.php, or (3) the database value to status_rrd_graph_img.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pfsense.org/security/advisories/pfSense-SA-14_10.webgui.asc",
"refsource": "CONFIRM",
"url": "https://pfsense.org/security/advisories/pfSense-SA-14_10.webgui.asc"
},
{
"name": "43560",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43560/"
}
]
}
}

34
2014/4xxx/CVE-2014-4982.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4982",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4982",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/5xxx/CVE-2014-5954.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5954",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The State Bank Anywhere (aka com.sbi.SBIFreedomPlus) application 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
},
{
"name" : "VU#970577",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/970577"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The State Bank Anywhere (aka com.sbi.SBIFreedomPlus) application 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#970577",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/970577"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}

34
2014/9xxx/CVE-2014-9149.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-9149",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9149",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2014/9xxx/CVE-2014-9964.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2014-9964",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "All Qualcomm products",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in debug functionality."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Integer Overflow Vulnerability in Boot"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2014-9964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All Qualcomm products",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-06-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name" : "98874",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98874"
},
{
"name" : "1038623",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038623"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in debug functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer Overflow Vulnerability in Boot"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-06-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "98874",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98874"
},
{
"name": "1038623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038623"
}
]
}
}

170
2016/3xxx/CVE-2016-3387.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3387",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka \"Microsoft Browser Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-3388."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "40607",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40607/"
},
{
"name" : "MS16-118",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118"
},
{
"name" : "MS16-119",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119"
},
{
"name" : "93381",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93381"
},
{
"name" : "1036992",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036992"
},
{
"name" : "1036993",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036993"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka \"Microsoft Browser Elevation of Privilege Vulnerability,\" a different vulnerability than CVE-2016-3388."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS16-119",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119"
},
{
"name": "MS16-118",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118"
},
{
"name": "1036993",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036993"
},
{
"name": "40607",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40607/"
},
{
"name": "1036992",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036992"
},
{
"name": "93381",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93381"
}
]
}
}

130
2016/3xxx/CVE-2016-3937.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3937",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The MediaTek video driver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 30030994 and MediaTek internal bug ALPS02834874."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-10-01.html"
},
{
"name" : "93334",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93334"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MediaTek video driver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 30030994 and MediaTek internal bug ALPS02834874."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93334",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93334"
},
{
"name": "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-10-01.html"
}
]
}
}

130
2016/3xxx/CVE-2016-3969.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3969",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in McAfee Email Gateway (MEG) 7.6.x before 7.6.404, when File Filtering is enabled with the action set to ESERVICES:REPLACE, allows remote attackers to inject arbitrary web script or HTML via an attachment in a blocked email."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10153",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10153"
},
{
"name" : "1035470",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035470"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in McAfee Email Gateway (MEG) 7.6.x before 7.6.404, when File Filtering is enabled with the action set to ESERVICES:REPLACE, allows remote attackers to inject arbitrary web script or HTML via an attachment in a blocked email."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035470",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035470"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10153",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10153"
}
]
}
}

140
2016/7xxx/CVE-2016-7005.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7005",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2016-7005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
},
{
"name" : "93496",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93496"
},
{
"name" : "1036986",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036986"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036986",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036986"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"
},
{
"name": "93496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93496"
}
]
}
}

34
2016/7xxx/CVE-2016-7451.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-7451",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7451",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2016/8xxx/CVE-2016-8224.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@lenovo.com",
"ID" : "CVE-2016-8224",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Lenovo Notebook models 110-14IBR/110-15IBR, B70-80, E31-80, E40-80, E41-80, E51-80, G40-80, G50-80, G50-80 Touch, Ideapad 300-14IBR/300-15IBR, Ideapad 300-14ISK/300-15ISK/300-17ISK, Ideapad 510S-12ISK, K21-80, K41-80, MIIX 710-12IKB , XiaoXin Air 12, YOGA 510-14ISK/510-15ISK, YOGA 710-11IKB, Yoga 710-11ISK, Yoga 900-13ISK, YOGA 900S-12ISK; ThinkServer models ThinkServer TS150, ThinkServer TS450",
"version" : {
"version_data" : [
{
"version_value" : "various"
}
]
}
}
]
},
"vendor_name" : "Lenovo Group Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation attack on the system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Intel Management Engine protection not set on some Lenovo Notebook and ThinkServer systems"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2016-8224",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Lenovo Notebook models 110-14IBR/110-15IBR, B70-80, E31-80, E40-80, E41-80, E51-80, G40-80, G50-80, G50-80 Touch, Ideapad 300-14IBR/300-15IBR, Ideapad 300-14ISK/300-15ISK/300-17ISK, Ideapad 510S-12ISK, K21-80, K41-80, MIIX 710-12IKB , XiaoXin Air 12, YOGA 510-14ISK/510-15ISK, YOGA 710-11IKB, Yoga 710-11ISK, Yoga 900-13ISK, YOGA 900S-12ISK; ThinkServer models ThinkServer TS150, ThinkServer TS450",
"version": {
"version_data": [
{
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo Group Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.lenovo.com/us/en/solutions/LEN_9903",
"refsource" : "CONFIRM",
"url" : "https://support.lenovo.com/us/en/solutions/LEN_9903"
},
{
"name" : "94595",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94595"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation attack on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Intel Management Engine protection not set on some Lenovo Notebook and ThinkServer systems"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94595",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94595"
},
{
"name": "https://support.lenovo.com/us/en/solutions/LEN_9903",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN_9903"
}
]
}
}

140
2016/8xxx/CVE-2016-8375.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2016-8375",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BD Alaris 8015 through 9.7 and 8000",
"version" : {
"version_data" : [
{
"version_value" : "BD Alaris 8015 through 9.7 and 8000"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7, and 8000 PC unit. An unauthorized user with physical access to an affected Alaris PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling the PC unit and accessing the device's flash memory. The Alaris 8015 PC unit, Version 9.7, and the 8000 PC unit store wireless network authentication credentials and other sensitive technical data on internal flash memory. Accessing the internal flash memory of the affected device would require special tools to extract data and carrying out this attack at a healthcare facility would increase the likelihood of detection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "BD Alaris 8000/8015 Insufficiently Protected Credentials Vulnerabilities"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-8375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BD Alaris 8015 through 9.7 and 8000",
"version": {
"version_data": [
{
"version_value": "BD Alaris 8015 through 9.7 and 8000"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-01"
},
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-02",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-02"
},
{
"name" : "96113",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96113"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7, and 8000 PC unit. An unauthorized user with physical access to an affected Alaris PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling the PC unit and accessing the device's flash memory. The Alaris 8015 PC unit, Version 9.7, and the 8000 PC unit store wireless network authentication credentials and other sensitive technical data on internal flash memory. Accessing the internal flash memory of the affected device would require special tools to extract data and carrying out this attack at a healthcare facility would increase the likelihood of detection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "BD Alaris 8000/8015 Insufficiently Protected Credentials Vulnerabilities"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-01"
},
{
"name": "96113",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96113"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-02"
}
]
}
}

142
2016/8xxx/CVE-2016-8523.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"DATE_PUBLIC" : "2017-01-30T00:00:00",
"ID" : "CVE-2016-8523",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Smart Storage Administrator",
"version" : {
"version_data" : [
{
"version_value" : "before v2.60.18.0"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage Administrator version before v2.60.18.0 was found."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Arbitrary Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2017-01-30T00:00:00",
"ID": "CVE-2016-8523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smart Storage Administrator",
"version": {
"version_data": [
{
"version_value": "before v2.60.18.0"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41297",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41297/"
},
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382349",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382349"
},
{
"name" : "95868",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95868"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage Administrator version before v2.60.18.0 was found."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382349",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382349"
},
{
"name": "95868",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95868"
},
{
"name": "41297",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41297/"
}
]
}
}

222
2016/8xxx/CVE-2016-8620.json
View File

@ -1,113 +1,113 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psampaio@redhat.com",
"ID" : "CVE-2016-8620",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "curl",
"version" : {
"version_data" : [
{
"version_value" : "7.51.0"
}
]
}
}
]
},
"vendor_name" : "The Curl Project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version" : "3.0"
}
],
[
{
"vectorString" : "5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version" : "2.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-120"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "curl",
"version": {
"version_data": [
{
"version_value": "7.51.0"
}
]
}
}
]
},
"vendor_name": "The Curl Project"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://curl.haxx.se/docs/adv_20161102F.html",
"refsource" : "CONFIRM",
"url" : "https://curl.haxx.se/docs/adv_20161102F.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8620",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8620"
},
{
"name" : "https://www.tenable.com/security/tns-2016-21",
"refsource" : "CONFIRM",
"url" : "https://www.tenable.com/security/tns-2016-21"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "GLSA-201701-47",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-47"
},
{
"name" : "RHSA-2018:3558",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3558"
},
{
"name" : "94102",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94102"
},
{
"name" : "1037192",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037192"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
[
{
"vectorString": "5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94102",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94102"
},
{
"name": "RHSA-2018:3558",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3558"
},
{
"name": "https://curl.haxx.se/docs/adv_20161102F.html",
"refsource": "CONFIRM",
"url": "https://curl.haxx.se/docs/adv_20161102F.html"
},
{
"name": "https://www.tenable.com/security/tns-2016-21",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-21"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8620",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8620"
},
{
"name": "1037192",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037192"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "GLSA-201701-47",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-47"
}
]
}
}

130
2016/8xxx/CVE-2016-8813.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@nvidia.com",
"ID" : "CVE-2016-8813",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Quadro, NVS, GeForce, GRID and Tesla",
"version" : {
"version_data" : [
{
"version_value" : "All"
}
]
}
}
]
},
"vendor_name" : "Nvidia Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where multiple pointers are used without checking for NULL, leading to denial of service or potential escalation of privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2016-8813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Quadro, NVS, GeForce, GRID and Tesla",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Nvidia Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4257",
"refsource" : "CONFIRM",
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4257"
},
{
"name" : "95057",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95057"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where multiple pointers are used without checking for NULL, leading to denial of service or potential escalation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4257",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4257"
},
{
"name": "95057",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95057"
}
]
}
}

140
2016/9xxx/CVE-2016-9138.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9138",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161101 Re: CVE assignment for PHP 5.6.27 and 7.0.12",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/11/01/2"
},
{
"name" : "https://bugs.php.net/bug.php?id=73147",
"refsource" : "CONFIRM",
"url" : "https://bugs.php.net/bug.php?id=73147"
},
{
"name" : "95268",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95268"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.php.net/bug.php?id=73147",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=73147"
},
{
"name": "[oss-security] 20161101 Re: CVE assignment for PHP 5.6.27 and 7.0.12",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/01/2"
},
{
"name": "95268",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95268"
}
]
}
}

172
2016/9xxx/CVE-2016-9716.json
View File

@ -1,88 +1,88 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-07-27T00:00:00",
"ID" : "CVE-2016-9716",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "InfoSphere Master Data Management",
"version" : {
"version_data" : [
{
"version_value" : "11.0"
},
{
"version_value" : "11.3"
},
{
"version_value" : "11.4"
},
{
"version_value" : "11.0.0"
},
{
"version_value" : "11.5"
},
{
"version_value" : "11.6"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119729."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-07-27T00:00:00",
"ID": "CVE-2016-9716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InfoSphere Master Data Management",
"version": {
"version_data": [
{
"version_value": "11.0"
},
{
"version_value": "11.3"
},
{
"version_value": "11.4"
},
{
"version_value": "11.0.0"
},
{
"version_value": "11.5"
},
{
"version_value": "11.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/119729",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/119729"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22006610",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22006610"
},
{
"name" : "100026",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100026"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119729."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22006610",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22006610"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119729",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/119729"
},
{
"name": "100026",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100026"
}
]
}
}

380
2016/9xxx/CVE-2016-9843.json
View File

@ -1,192 +1,192 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9843",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"ID": "CVE-2016-9843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161205 Re: CVE Request: zlib security issues found during audit",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/12/05/21"
},
{
"name" : "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib",
"refsource" : "MISC",
"url" : "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib"
},
{
"name" : "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf",
"refsource" : "MISC",
"url" : "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1402351",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1402351"
},
{
"name" : "https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811",
"refsource" : "CONFIRM",
"url" : "https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name" : "https://support.apple.com/HT208112",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208112"
},
{
"name" : "https://support.apple.com/HT208113",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208113"
},
{
"name" : "https://support.apple.com/HT208115",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208115"
},
{
"name" : "https://support.apple.com/HT208144",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208144"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20181018-0002/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20181018-0002/"
},
{
"name" : "GLSA-201701-56",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-56"
},
{
"name" : "RHSA-2017:3046",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3046"
},
{
"name" : "RHSA-2017:3047",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3047"
},
{
"name" : "RHSA-2017:2999",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2999"
},
{
"name" : "RHSA-2017:3453",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3453"
},
{
"name" : "RHSA-2017:1220",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1220"
},
{
"name" : "RHSA-2017:1221",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1221"
},
{
"name" : "RHSA-2017:1222",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1222"
},
{
"name" : "openSUSE-SU-2016:3202",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html"
},
{
"name" : "openSUSE-SU-2017:0077",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html"
},
{
"name" : "openSUSE-SU-2017:0080",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html"
},
{
"name" : "95131",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95131"
},
{
"name" : "1039427",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039427"
},
{
"name" : "1041888",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041888"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1221",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1221"
},
{
"name": "https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811",
"refsource": "CONFIRM",
"url": "https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811"
},
{
"name": "RHSA-2017:1220",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1220"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "https://support.apple.com/HT208144",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208144"
},
{
"name": "RHSA-2017:3047",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3047"
},
{
"name": "[oss-security] 20161205 Re: CVE Request: zlib security issues found during audit",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/21"
},
{
"name": "95131",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95131"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1402351",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402351"
},
{
"name": "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib",
"refsource": "MISC",
"url": "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib"
},
{
"name": "1041888",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041888"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "RHSA-2017:3046",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3046"
},
{
"name": "openSUSE-SU-2017:0077",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html"
},
{
"name": "GLSA-201701-56",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-56"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "1039427",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039427"
},
{
"name": "RHSA-2017:1222",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1222"
},
{
"name": "openSUSE-SU-2017:0080",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html"
},
{
"name": "RHSA-2017:3453",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3453"
},
{
"name": "https://support.apple.com/HT208113",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208113"
},
{
"name": "https://security.netapp.com/advisory/ntap-20181018-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
},
{
"name": "https://support.apple.com/HT208112",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208112"
},
{
"name": "https://support.apple.com/HT208115",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208115"
},
{
"name": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf",
"refsource": "MISC",
"url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf"
},
{
"name": "openSUSE-SU-2016:3202",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html"
},
{
"name": "RHSA-2017:2999",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2999"
}
]
}
}

34
2019/2xxx/CVE-2019-2212.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2212",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2212",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2340.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2340",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2340",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

148
2019/2xxx/CVE-2019-2406.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2406",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Oracle Database",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "12.1.0.2"
},
{
"version_affected" : "=",
"version_value" : "12.2.0.1"
},
{
"version_affected" : "=",
"version_value" : "18c"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in takeover of Core RDBMS."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Oracle Database",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.1.0.2"
},
{
"version_affected": "=",
"version_value": "12.2.0.1"
},
{
"version_affected": "=",
"version_value": "18c"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name" : "106591",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106591"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in takeover of Core RDBMS."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "106591",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106591"
}
]
}
}

34
2019/2xxx/CVE-2019-2760.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2760",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2760",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}