admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:35:55 +00:00
parent 739f584257
commit ac2bf6d048
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
64 changed files with 4731 additions and 4731 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
2006/5xxx/CVE-2006-5697.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5697",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2006-5697",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none."
}
]
}
}

190
2006/5xxx/CVE-2006-5808.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5808",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka \"Local Privilege Escalation\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061108 Cisco Secure Desktop Privilege Escalation Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442"
},
{
"name" : "20061108 Multiple Vulnerabilities in Cisco Secure Desktop",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml"
},
{
"name" : "20964",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20964"
},
{
"name" : "ADV-2006-4409",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4409"
},
{
"name" : "30308",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/30308"
},
{
"name" : "1017195",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017195"
},
{
"name" : "22747",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22747"
},
{
"name" : "cisco-csd-permissions-code-execution(30128)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30128"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka \"Local Privilege Escalation\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-csd-permissions-code-execution(30128)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30128"
},
{
"name": "1017195",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017195"
},
{
"name": "20061108 Cisco Secure Desktop Privilege Escalation Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=442"
},
{
"name": "22747",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22747"
},
{
"name": "20061108 Multiple Vulnerabilities in Cisco Secure Desktop",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml"
},
{
"name": "ADV-2006-4409",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4409"
},
{
"name": "30308",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30308"
},
{
"name": "20964",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20964"
}
]
}
}

330
2006/5xxx/CVE-2006-5823.json
View File

@ -1,167 +1,167 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5823",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The zlib_inflate function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via a malformed filesystem that uses zlib compression that triggers memory corruption, as demonstrated using cramfs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070615 rPSA-2007-0124-1 kernel xen",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/471457"
},
{
"name" : "http://projects.info-pull.com/mokb/MOKB-07-11-2006.html",
"refsource" : "MISC",
"url" : "http://projects.info-pull.com/mokb/MOKB-07-11-2006.html"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm"
},
{
"name" : "DSA-1503",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1503"
},
{
"name" : "DSA-1504",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1504"
},
{
"name" : "MDKSA-2007:047",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:047"
},
{
"name" : "MDKSA-2007:060",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:060"
},
{
"name" : "RHSA-2007:0014",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2007-0014.html"
},
{
"name" : "RHSA-2007:0436",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2007-0436.html"
},
{
"name" : "SUSE-SA:2006:079",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_79_kernel.html"
},
{
"name" : "USN-416-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-416-1"
},
{
"name" : "oval:org.mitre.oval:def:10588",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10588"
},
{
"name" : "22767",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22767"
},
{
"name" : "23997",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23997"
},
{
"name" : "24098",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24098"
},
{
"name" : "24206",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24206"
},
{
"name" : "24259",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24259"
},
{
"name" : "24482",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24482"
},
{
"name" : "25630",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25630"
},
{
"name" : "25691",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25691"
},
{
"name" : "23474",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23474"
},
{
"name" : "29058",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29058"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The zlib_inflate function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via a malformed filesystem that uses zlib compression that triggers memory corruption, as demonstrated using cramfs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2007:0436",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2007-0436.html"
},
{
"name": "24098",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24098"
},
{
"name": "SUSE-SA:2006:079",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_79_kernel.html"
},
{
"name": "24259",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24259"
},
{
"name": "RHSA-2007:0014",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2007-0014.html"
},
{
"name": "http://projects.info-pull.com/mokb/MOKB-07-11-2006.html",
"refsource": "MISC",
"url": "http://projects.info-pull.com/mokb/MOKB-07-11-2006.html"
},
{
"name": "MDKSA-2007:047",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:047"
},
{
"name": "22767",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22767"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm"
},
{
"name": "USN-416-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-416-1"
},
{
"name": "DSA-1504",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1504"
},
{
"name": "oval:org.mitre.oval:def:10588",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10588"
},
{
"name": "24206",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24206"
},
{
"name": "23474",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23474"
},
{
"name": "23997",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23997"
},
{
"name": "20070615 rPSA-2007-0124-1 kernel xen",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471457"
},
{
"name": "24482",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24482"
},
{
"name": "DSA-1503",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1503"
},
{
"name": "29058",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29058"
},
{
"name": "25630",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25630"
},
{
"name": "25691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25691"
},
{
"name": "MDKSA-2007:060",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:060"
}
]
}
}

180
2006/5xxx/CVE-2006-5968.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5968",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other versions, installs the MDaemon application folder with insecure permissions (Users create files/directories), which allows local users to execute arbitrary code by creating malicious RASAPI32.DLL or MPRAPI.DLL libraries in the MDaemon\\APP folder, which is an untrusted search path element due to insecure permissions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2006-5968",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061116 Secunia Research: MDaemon Insecure Default Directory Permissions",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/451821/100/100/threaded"
},
{
"name" : "http://secunia.com/secunia_research/2006-67/advisory/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2006-67/advisory/"
},
{
"name" : "ADV-2006-4538",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4538"
},
{
"name" : "1017238",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017238"
},
{
"name" : "21554",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21554"
},
{
"name" : "1890",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1890"
},
{
"name" : "mdaemon-folder-privilege-escalation(30331)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30331"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other versions, installs the MDaemon application folder with insecure permissions (Users create files/directories), which allows local users to execute arbitrary code by creating malicious RASAPI32.DLL or MPRAPI.DLL libraries in the MDaemon\\APP folder, which is an untrusted search path element due to insecure permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secunia.com/secunia_research/2006-67/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2006-67/advisory/"
},
{
"name": "ADV-2006-4538",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4538"
},
{
"name": "20061116 Secunia Research: MDaemon Insecure Default Directory Permissions",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451821/100/100/threaded"
},
{
"name": "21554",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21554"
},
{
"name": "mdaemon-folder-privilege-escalation(30331)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30331"
},
{
"name": "1890",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1890"
},
{
"name": "1017238",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017238"
}
]
}
}

190
2007/2xxx/CVE-2007-2063.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2063",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writable permissions for (1) the server pid file, which allows local users to cause arbitrary processes to be stopped, or (2) when _BPX_BATCH_UMASK is missing from the environment, creates HFS files with insecure permissions, which allows local users to read or modify these files and have other unknown impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ssh.com/documents/33/SSH_Tectia_Server_5.4.0_zOS_releasenotes.txt",
"refsource" : "CONFIRM",
"url" : "http://www.ssh.com/documents/33/SSH_Tectia_Server_5.4.0_zOS_releasenotes.txt"
},
{
"name" : "23508",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23508"
},
{
"name" : "ADV-2007-1414",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1414"
},
{
"name" : "35014",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/35014"
},
{
"name" : "34998",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/34998"
},
{
"name" : "1017913",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017913"
},
{
"name" : "24916",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24916"
},
{
"name" : "ssh-tectia-pid-hfs-privilege-escalation(33699)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33699"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writable permissions for (1) the server pid file, which allows local users to cause arbitrary processes to be stopped, or (2) when _BPX_BATCH_UMASK is missing from the environment, creates HFS files with insecure permissions, which allows local users to read or modify these files and have other unknown impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1414",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1414"
},
{
"name": "http://www.ssh.com/documents/33/SSH_Tectia_Server_5.4.0_zOS_releasenotes.txt",
"refsource": "CONFIRM",
"url": "http://www.ssh.com/documents/33/SSH_Tectia_Server_5.4.0_zOS_releasenotes.txt"
},
{
"name": "35014",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/35014"
},
{
"name": "34998",
"refsource": "OSVDB",
"url": "http://osvdb.org/34998"
},
{
"name": "24916",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24916"
},
{
"name": "23508",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23508"
},
{
"name": "ssh-tectia-pid-hfs-privilege-escalation(33699)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33699"
},
{
"name": "1017913",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017913"
}
]
}
}

210
2007/2xxx/CVE-2007-2114.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2114",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors, related to (1) Change Data Capture (CDC), aka DB08, and (2) Oracle Instant Client, aka DB11. NOTE: as of 20070424, oracle has not disputed reliable claims that these issues are buffer overflows using a long CHANGE_TABLE_NAME parameter to the DBMS_CDC_IPUBLISH.CHGTAB_CACHE procedure (DB08) and Oracle Instant Client genezi utility (DB11)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf",
"refsource" : "MISC",
"url" : "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf"
},
{
"name" : "http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf",
"refsource" : "MISC",
"url" : "http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf"
},
{
"name" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html",
"refsource" : "MISC",
"url" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html"
},
{
"name" : "HPSBMA02133",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/466329/100/200/threaded"
},
{
"name" : "SSRT061201",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/466329/100/200/threaded"
},
{
"name" : "TA07-108A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-108A.html"
},
{
"name" : "23532",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23532"
},
{
"name" : "ADV-2007-1426",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1426"
},
{
"name" : "1017927",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1017927"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors, related to (1) Change Data Capture (CDC), aka DB08, and (2) Oracle Instant Client, aka DB11. NOTE: as of 20070424, oracle has not disputed reliable claims that these issues are buffer overflows using a long CHANGE_TABLE_NAME parameter to the DBMS_CDC_IPUBLISH.CHGTAB_CACHE procedure (DB08) and Oracle Instant Client genezi utility (DB11)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA07-108A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-108A.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html"
},
{
"name": "23532",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23532"
},
{
"name": "1017927",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017927"
},
{
"name": "SSRT061201",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/466329/100/200/threaded"
},
{
"name": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html"
},
{
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/466329/100/200/threaded"
},
{
"name": "http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf"
},
{
"name": "ADV-2007-1426",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1426"
},
{
"name": "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf",
"refsource": "MISC",
"url": "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf"
}
]
}
}

190
2007/2xxx/CVE-2007-2121.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2121",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the COREid Access component in Oracle Application Server 7.0.4.4 has unknown impact and attack vectors, aka AS02."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2121",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html",
"refsource" : "MISC",
"url" : "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html"
},
{
"name" : "HPSBMA02133",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/466329/100/200/threaded"
},
{
"name" : "SSRT061201",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/466329/100/200/threaded"
},
{
"name" : "TA07-108A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-108A.html"
},
{
"name" : "23532",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23532"
},
{
"name" : "ADV-2007-1426",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1426"
},
{
"name" : "1017927",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1017927"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the COREid Access component in Oracle Application Server 7.0.4.4 has unknown impact and attack vectors, aka AS02."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA07-108A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-108A.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html"
},
{
"name": "23532",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23532"
},
{
"name": "1017927",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017927"
},
{
"name": "SSRT061201",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/466329/100/200/threaded"
},
{
"name": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html"
},
{
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/466329/100/200/threaded"
},
{
"name": "ADV-2007-1426",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1426"
}
]
}
}

260
2007/2xxx/CVE-2007-2260.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2260",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in bibtex mase beta 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the bibtexrootrel parameter to (1) unavailable.php, (2) source.php, (3) log.php, (4) latex.php, (5) indexinfo.php, (6) index.php, (7) importinfo.php, (8) import.php, (9) examplefile.php, (10) clearinfo.php, (11) clear.php, (12) aboutinfo.php, (13) about.php, and other unspecified files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2260",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070422 bibtex mase Remote File Inclusion",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/466683/100/0/threaded"
},
{
"name" : "35621",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35621"
},
{
"name" : "35622",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35622"
},
{
"name" : "35623",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35623"
},
{
"name" : "35624",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35624"
},
{
"name" : "35625",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35625"
},
{
"name" : "35626",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35626"
},
{
"name" : "35627",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35627"
},
{
"name" : "35628",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35628"
},
{
"name" : "35629",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35629"
},
{
"name" : "35630",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35630"
},
{
"name" : "35631",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35631"
},
{
"name" : "35632",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35632"
},
{
"name" : "35633",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/35633"
},
{
"name" : "2624",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2624"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in bibtex mase beta 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the bibtexrootrel parameter to (1) unavailable.php, (2) source.php, (3) log.php, (4) latex.php, (5) indexinfo.php, (6) index.php, (7) importinfo.php, (8) import.php, (9) examplefile.php, (10) clearinfo.php, (11) clear.php, (12) aboutinfo.php, (13) about.php, and other unspecified files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35628",
"refsource": "OSVDB",
"url": "http://osvdb.org/35628"
},
{
"name": "35624",
"refsource": "OSVDB",
"url": "http://osvdb.org/35624"
},
{
"name": "35631",
"refsource": "OSVDB",
"url": "http://osvdb.org/35631"
},
{
"name": "35633",
"refsource": "OSVDB",
"url": "http://osvdb.org/35633"
},
{
"name": "35629",
"refsource": "OSVDB",
"url": "http://osvdb.org/35629"
},
{
"name": "35622",
"refsource": "OSVDB",
"url": "http://osvdb.org/35622"
},
{
"name": "35621",
"refsource": "OSVDB",
"url": "http://osvdb.org/35621"
},
{
"name": "20070422 bibtex mase Remote File Inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466683/100/0/threaded"
},
{
"name": "35625",
"refsource": "OSVDB",
"url": "http://osvdb.org/35625"
},
{
"name": "35623",
"refsource": "OSVDB",
"url": "http://osvdb.org/35623"
},
{
"name": "35632",
"refsource": "OSVDB",
"url": "http://osvdb.org/35632"
},
{
"name": "2624",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2624"
},
{
"name": "35626",
"refsource": "OSVDB",
"url": "http://osvdb.org/35626"
},
{
"name": "35630",
"refsource": "OSVDB",
"url": "http://osvdb.org/35630"
},
{
"name": "35627",
"refsource": "OSVDB",
"url": "http://osvdb.org/35627"
}
]
}
}

190
2007/2xxx/CVE-2007-2500.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2500",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://savannah.gnu.org/bugs/?19774",
"refsource" : "MISC",
"url" : "http://savannah.gnu.org/bugs/?19774"
},
{
"name" : "SUSE-SR:2007:013",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
},
{
"name" : "23765",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23765"
},
{
"name" : "ADV-2007-1688",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1688"
},
{
"name" : "37273",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37273"
},
{
"name" : "1018041",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018041"
},
{
"name" : "25787",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25787"
},
{
"name" : "gnuflash-sprite-code-execution(34148)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34148"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37273",
"refsource": "OSVDB",
"url": "http://osvdb.org/37273"
},
{
"name": "23765",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23765"
},
{
"name": "http://savannah.gnu.org/bugs/?19774",
"refsource": "MISC",
"url": "http://savannah.gnu.org/bugs/?19774"
},
{
"name": "1018041",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018041"
},
{
"name": "SUSE-SR:2007:013",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_13_sr.html"
},
{
"name": "gnuflash-sprite-code-execution(34148)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34148"
},
{
"name": "ADV-2007-1688",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1688"
},
{
"name": "25787",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25787"
}
]
}
}

180
2007/2xxx/CVE-2007-2748.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2748",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://us2.php.net/releases/5_2_2.php",
"refsource" : "CONFIRM",
"url" : "http://us2.php.net/releases/5_2_2.php"
},
{
"name" : "MDKSA-2007:187",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:187"
},
{
"name" : "SUSE-SR:2007:015",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"name" : "20070516 CVE-2007-1375 additional vector?",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2007-May/001621.html"
},
{
"name" : "24012",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24012"
},
{
"name" : "34730",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/34730"
},
{
"name" : "26895",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26895"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34730",
"refsource": "OSVDB",
"url": "http://osvdb.org/34730"
},
{
"name": "20070516 CVE-2007-1375 additional vector?",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-May/001621.html"
},
{
"name": "http://us2.php.net/releases/5_2_2.php",
"refsource": "CONFIRM",
"url": "http://us2.php.net/releases/5_2_2.php"
},
{
"name": "MDKSA-2007:187",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:187"
},
{
"name": "24012",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24012"
},
{
"name": "26895",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26895"
},
{
"name": "SUSE-SR:2007:015",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
]
}
}

150
2007/3xxx/CVE-2007-3498.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3498",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in smoketests/configForm.php in HTML Purifier before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to \"unescaped print_r output.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://htmlpurifier.org/svnroot/htmlpurifier/tags/2.0.1/NEWS",
"refsource" : "CONFIRM",
"url" : "http://htmlpurifier.org/svnroot/htmlpurifier/tags/2.0.1/NEWS"
},
{
"name" : "24699",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24699"
},
{
"name" : "36722",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36722"
},
{
"name" : "htmlpurifier-configform-xss(35300)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35300"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in smoketests/configForm.php in HTML Purifier before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to \"unescaped print_r output.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "htmlpurifier-configform-xss(35300)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35300"
},
{
"name": "36722",
"refsource": "OSVDB",
"url": "http://osvdb.org/36722"
},
{
"name": "http://htmlpurifier.org/svnroot/htmlpurifier/tags/2.0.1/NEWS",
"refsource": "CONFIRM",
"url": "http://htmlpurifier.org/svnroot/htmlpurifier/tags/2.0.1/NEWS"
},
{
"name": "24699",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24699"
}
]
}
}

340
2007/3xxx/CVE-2007-3740.json
View File

@ -1,172 +1,172 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3740",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2007-3740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=253314",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=253314"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22"
},
{
"name" : "DSA-1378",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2007/dsa-1378"
},
{
"name" : "DSA-1504",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1504"
},
{
"name" : "MDVSA-2008:008",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:008"
},
{
"name" : "MDVSA-2008:105",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:105"
},
{
"name" : "RHSA-2007:0705",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0705.html"
},
{
"name" : "RHSA-2007:0939",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0939.html"
},
{
"name" : "SUSE-SA:2007:064",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html"
},
{
"name" : "SUSE-SA:2008:006",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html"
},
{
"name" : "USN-518-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-518-1"
},
{
"name" : "25672",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25672"
},
{
"name" : "oval:org.mitre.oval:def:9953",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9953"
},
{
"name" : "26760",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26760"
},
{
"name" : "26955",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26955"
},
{
"name" : "26978",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26978"
},
{
"name" : "27436",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27436"
},
{
"name" : "27747",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27747"
},
{
"name" : "27912",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27912"
},
{
"name" : "28806",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28806"
},
{
"name" : "29058",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29058"
},
{
"name" : "kernel-cifs-filesystem-dos(36593)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36593"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22"
},
{
"name": "27747",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27747"
},
{
"name": "25672",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25672"
},
{
"name": "oval:org.mitre.oval:def:9953",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9953"
},
{
"name": "28806",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28806"
},
{
"name": "RHSA-2007:0939",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0939.html"
},
{
"name": "26978",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26978"
},
{
"name": "kernel-cifs-filesystem-dos(36593)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36593"
},
{
"name": "DSA-1504",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1504"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm"
},
{
"name": "MDVSA-2008:008",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:008"
},
{
"name": "27912",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27912"
},
{
"name": "USN-518-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-518-1"
},
{
"name": "26760",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26760"
},
{
"name": "RHSA-2007:0705",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0705.html"
},
{
"name": "MDVSA-2008:105",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:105"
},
{
"name": "SUSE-SA:2007:064",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html"
},
{
"name": "26955",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26955"
},
{
"name": "SUSE-SA:2008:006",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=253314",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=253314"
},
{
"name": "29058",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29058"
},
{
"name": "27436",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27436"
},
{
"name": "DSA-1378",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1378"
}
]
}
}

180
2007/3xxx/CVE-2007-3747.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3747",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not restrict object instantiation and manipulation to valid heap addresses, which allows remote attackers to execute arbitrary code via a crafted applet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3747",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://docs.info.apple.com/article.html?artnum=306172",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"name" : "APPLE-SA-2007-07-31",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"name" : "25159",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25159"
},
{
"name" : "ADV-2007-2732",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2732"
},
{
"name" : "1018492",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1018492"
},
{
"name" : "26235",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26235"
},
{
"name" : "macos-javainterface-code-execution(35728)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35728"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not restrict object instantiation and manipulation to valid heap addresses, which allows remote attackers to execute arbitrary code via a crafted applet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2732",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"name": "APPLE-SA-2007-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=306172",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"name": "25159",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25159"
},
{
"name": "1018492",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018492"
},
{
"name": "macos-javainterface-code-execution(35728)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35728"
},
{
"name": "26235",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26235"
}
]
}
}

240
2007/6xxx/CVE-2007-6506.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6506",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4757",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4757"
},
{
"name" : "http://www.anspi.pl/~porkythepig/hp-issue/wyfukanyszynszyl.txt",
"refsource" : "MISC",
"url" : "http://www.anspi.pl/~porkythepig/hp-issue/wyfukanyszynszyl.txt"
},
{
"name" : "http://blogs.zdnet.com/security/?p=768",
"refsource" : "MISC",
"url" : "http://blogs.zdnet.com/security/?p=768"
},
{
"name" : "http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9053818",
"refsource" : "MISC",
"url" : "http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9053818"
},
{
"name" : "http://it.slashdot.org/it/07/12/20/2327242.shtml",
"refsource" : "MISC",
"url" : "http://it.slashdot.org/it/07/12/20/2327242.shtml"
},
{
"name" : "HPSBGN2301",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/485451/100/0/threaded"
},
{
"name" : "SSRT071508",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/485451/100/0/threaded"
},
{
"name" : "HPSBGN02301",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/485734/100/0/threaded"
},
{
"name" : "26950",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26950"
},
{
"name" : "ADV-2007-4271",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4271"
},
{
"name" : "1019133",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019133"
},
{
"name" : "28177",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28177"
},
{
"name" : "hpsoftware-rulesengine-file-overwrite(39153)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39153"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1019133",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019133"
},
{
"name": "http://blogs.zdnet.com/security/?p=768",
"refsource": "MISC",
"url": "http://blogs.zdnet.com/security/?p=768"
},
{
"name": "HPSBGN2301",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/485451/100/0/threaded"
},
{
"name": "28177",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28177"
},
{
"name": "http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9053818",
"refsource": "MISC",
"url": "http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9053818"
},
{
"name": "4757",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4757"
},
{
"name": "hpsoftware-rulesengine-file-overwrite(39153)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39153"
},
{
"name": "ADV-2007-4271",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4271"
},
{
"name": "26950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26950"
},
{
"name": "http://www.anspi.pl/~porkythepig/hp-issue/wyfukanyszynszyl.txt",
"refsource": "MISC",
"url": "http://www.anspi.pl/~porkythepig/hp-issue/wyfukanyszynszyl.txt"
},
{
"name": "SSRT071508",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/485451/100/0/threaded"
},
{
"name": "HPSBGN02301",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/485734/100/0/threaded"
},
{
"name": "http://it.slashdot.org/it/07/12/20/2327242.shtml",
"refsource": "MISC",
"url": "http://it.slashdot.org/it/07/12/20/2327242.shtml"
}
]
}
}

34
2010/0xxx/CVE-2010-0351.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0351",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0351",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2010/0xxx/CVE-2010-0369.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0369",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0369",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2010/0xxx/CVE-2010-0574.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0574",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 3.2 before 3.2.215.0; 4.1 and 4.2 before 4.2.205.0; 4.1M and 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.188.0; and 5.2 before 5.2.193.11 allows remote attackers to cause a denial of service (device reload) via a crafted IKE packet, aka Bug ID CSCta56653."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-0574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=21287",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=21287"
},
{
"name" : "20100908 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b466e9.shtml"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 3.2 before 3.2.215.0; 4.1 and 4.2 before 4.2.205.0; 4.1M and 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.188.0; and 5.2 before 5.2.193.11 allows remote attackers to cause a denial of service (device reload) via a crafted IKE packet, aka Bug ID CSCta56653."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=21287",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=21287"
},
{
"name": "20100908 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b466e9.shtml"
}
]
}
}

240
2010/1xxx/CVE-2010-1162.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1162",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The release_one_tty function in drivers/char/tty_io.c in the Linux kernel before 2.6.34-rc4 omits certain required calls to the put_pid function, which has unspecified impact and local attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-1162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100414 Couple of kernel issues",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/04/14/1"
},
{
"name" : "[oss-security] 20100414 Re: Couple of kernel issues",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/04/15/1"
},
{
"name" : "[oss-security] 20100415 CVE request: kernel: tty: release_one_tty() forgets to put pids",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/04/15/2"
},
{
"name" : "[oss-security] 20100415 Re: CVE request: kernel: tty: release_one_tty() forgets to put pids",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/04/16/1"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6da8d866d0d39e9509ff826660f6a86a6757c966",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6da8d866d0d39e9509ff826660f6a86a6757c966"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.34-rc4",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.34-rc4"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=582076",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=582076"
},
{
"name" : "DSA-2053",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2053"
},
{
"name" : "MDVSA-2010:198",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
},
{
"name" : "SUSE-SA:2010:031",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html"
},
{
"name" : "39830",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39830"
},
{
"name" : "40645",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40645"
},
{
"name" : "ADV-2010-1857",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1857"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The release_one_tty function in drivers/char/tty_io.c in the Linux kernel before 2.6.34-rc4 omits certain required calls to the put_pid function, which has unspecified impact and local attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2010:031",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html"
},
{
"name": "[oss-security] 20100415 Re: CVE request: kernel: tty: release_one_tty() forgets to put pids",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/04/16/1"
},
{
"name": "[oss-security] 20100414 Re: Couple of kernel issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/04/15/1"
},
{
"name": "MDVSA-2010:198",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
},
{
"name": "[oss-security] 20100414 Couple of kernel issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/04/14/1"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.34-rc4",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.34-rc4"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6da8d866d0d39e9509ff826660f6a86a6757c966",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6da8d866d0d39e9509ff826660f6a86a6757c966"
},
{
"name": "40645",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40645"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=582076",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=582076"
},
{
"name": "[oss-security] 20100415 CVE request: kernel: tty: release_one_tty() forgets to put pids",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/04/15/2"
},
{
"name": "DSA-2053",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2053"
},
{
"name": "39830",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39830"
},
{
"name": "ADV-2010-1857",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1857"
}
]
}
}

150
2010/1xxx/CVE-2010-1216.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1216",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in templates/template.php in notsoPureEdit 1.4.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the content parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://inj3ct0r.com/exploits/11393",
"refsource" : "MISC",
"url" : "http://inj3ct0r.com/exploits/11393"
},
{
"name" : "11832",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/11832"
},
{
"name" : "39070",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39070"
},
{
"name" : "ADV-2010-0673",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0673"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in templates/template.php in notsoPureEdit 1.4.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the content parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://inj3ct0r.com/exploits/11393",
"refsource": "MISC",
"url": "http://inj3ct0r.com/exploits/11393"
},
{
"name": "39070",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39070"
},
{
"name": "11832",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11832"
},
{
"name": "ADV-2010-0673",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0673"
}
]
}
}

150
2010/1xxx/CVE-2010-1588.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1588",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Getwebsess function in shopsessionsubs.asp in Rocksalt International VP-ASP Shopping Cart 6.50 and earlier allows remote attackers to execute arbitrary SQL commands via the websess parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100120 Insufficient User Input Validation in VP-ASP 6.50 Demo Code",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0400.html"
},
{
"name" : "61890",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/61890"
},
{
"name" : "38283",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38283"
},
{
"name" : "shoppingcart-websess-sql-injection(55821)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55821"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Getwebsess function in shopsessionsubs.asp in Rocksalt International VP-ASP Shopping Cart 6.50 and earlier allows remote attackers to execute arbitrary SQL commands via the websess parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "shoppingcart-websess-sql-injection(55821)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55821"
},
{
"name": "61890",
"refsource": "OSVDB",
"url": "http://osvdb.org/61890"
},
{
"name": "20100120 Insufficient User Input Validation in VP-ASP 6.50 Demo Code",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0400.html"
},
{
"name": "38283",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38283"
}
]
}
}

34
2010/1xxx/CVE-2010-1673.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1673",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1673",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2010/1xxx/CVE-2010-1804.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1804",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the network bridge functionality on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 allows remote attackers to cause a denial of service (networking outage) via a crafted DHCP reply."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-1804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4298",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4298"
},
{
"name" : "APPLE-SA-2010-12-16-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"
},
{
"name" : "1024907",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024907"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the network bridge functionality on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 allows remote attackers to cause a denial of service (networking outage) via a crafted DHCP reply."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-12-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT4298",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4298"
},
{
"name": "1024907",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024907"
}
]
}
}

34
2010/5xxx/CVE-2010-5134.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5134",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2010-5134",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none."
}
]
}
}

120
2010/5xxx/CVE-2010-5141.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5141",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "wxBitcoin and bitcoind before 0.3.5 do not properly handle script opcodes in Bitcoin transactions, which allows remote attackers to spend bitcoins owned by other users via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://en.bitcoin.it/wiki/CVEs",
"refsource" : "CONFIRM",
"url" : "https://en.bitcoin.it/wiki/CVEs"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wxBitcoin and bitcoind before 0.3.5 do not properly handle script opcodes in Bitcoin transactions, which allows remote attackers to spend bitcoins owned by other users via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://en.bitcoin.it/wiki/CVEs",
"refsource": "CONFIRM",
"url": "https://en.bitcoin.it/wiki/CVEs"
}
]
}
}

190
2014/0xxx/CVE-2014-0012.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0012",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140110 CVE assignment for jinja2",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2014/q1/73"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1051421",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1051421"
},
{
"name" : "https://github.com/mitsuhiko/jinja2/commit/acb672b6a179567632e032f547582f30fa2f4aa7",
"refsource" : "MISC",
"url" : "https://github.com/mitsuhiko/jinja2/commit/acb672b6a179567632e032f547582f30fa2f4aa7"
},
{
"name" : "https://github.com/mitsuhiko/jinja2/pull/292",
"refsource" : "MISC",
"url" : "https://github.com/mitsuhiko/jinja2/pull/292"
},
{
"name" : "https://github.com/mitsuhiko/jinja2/pull/296",
"refsource" : "MISC",
"url" : "https://github.com/mitsuhiko/jinja2/pull/296"
},
{
"name" : "GLSA-201408-13",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-201408-13.xml"
},
{
"name" : "56328",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56328"
},
{
"name" : "60738",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60738"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mitsuhiko/jinja2/pull/292",
"refsource": "MISC",
"url": "https://github.com/mitsuhiko/jinja2/pull/292"
},
{
"name": "56328",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56328"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1051421",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051421"
},
{
"name": "60738",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60738"
},
{
"name": "https://github.com/mitsuhiko/jinja2/commit/acb672b6a179567632e032f547582f30fa2f4aa7",
"refsource": "MISC",
"url": "https://github.com/mitsuhiko/jinja2/commit/acb672b6a179567632e032f547582f30fa2f4aa7"
},
{
"name": "https://github.com/mitsuhiko/jinja2/pull/296",
"refsource": "MISC",
"url": "https://github.com/mitsuhiko/jinja2/pull/296"
},
{
"name": "GLSA-201408-13",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201408-13.xml"
},
{
"name": "[oss-security] 20140110 CVE assignment for jinja2",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q1/73"
}
]
}
}

280
2014/0xxx/CVE-2014-0033.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0033",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1558822",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1558822"
},
{
"name" : "http://tomcat.apache.org/security-6.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-6.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1069919",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1069919"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675886",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21675886"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677147",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21677147"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21678231",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name" : "DSA-3530",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3530"
},
{
"name" : "USN-2130-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2130-1"
},
{
"name" : "65769",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65769"
},
{
"name" : "59036",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59036"
},
{
"name" : "59722",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59722"
},
{
"name" : "59873",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59873"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1069919",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069919"
},
{
"name": "http://svn.apache.org/viewvc?view=revision&revision=1558822",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1558822"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "65769",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65769"
},
{
"name": "DSA-3530",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3530"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677147",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677147"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
},
{
"name": "59722",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59722"
},
{
"name": "http://tomcat.apache.org/security-6.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-6.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "USN-2130-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2130-1"
},
{
"name": "59873",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59873"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675886",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675886"
},
{
"name": "59036",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59036"
}
]
}
}

200
2014/0xxx/CVE-2014-0145.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0145",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncompressed chunk, (3) chunk length, or (4) number of sectors in the DMG block driver (block/dmg.c)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140326 QEMU image format input validation fixes (multiple CVEs)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/03/26/8"
},
{
"name" : "https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html",
"refsource" : "MISC",
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html"
},
{
"name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=c05e4667be91b46ab42b5a11babf8e84d476cc6b",
"refsource" : "CONFIRM",
"url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=c05e4667be91b46ab42b5a11babf8e84d476cc6b"
},
{
"name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=f0dce23475b5af5da6b17b97c1765271307734b6",
"refsource" : "CONFIRM",
"url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=f0dce23475b5af5da6b17b97c1765271307734b6"
},
{
"name" : "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=c165f7758009a4f793c1fc19ebb69cf55313450b",
"refsource" : "CONFIRM",
"url" : "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=c165f7758009a4f793c1fc19ebb69cf55313450b"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1078885",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1078885"
},
{
"name" : "DSA-3044",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3044"
},
{
"name" : "RHSA-2014:0420",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0420.html"
},
{
"name" : "RHSA-2014:0421",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0421.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncompressed chunk, (3) chunk length, or (4) number of sectors in the DMG block driver (block/dmg.c)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:0420",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0420.html"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=f0dce23475b5af5da6b17b97c1765271307734b6",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=f0dce23475b5af5da6b17b97c1765271307734b6"
},
{
"name": "RHSA-2014:0421",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0421.html"
},
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html"
},
{
"name": "DSA-3044",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3044"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=c165f7758009a4f793c1fc19ebb69cf55313450b",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=c165f7758009a4f793c1fc19ebb69cf55313450b"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1078885",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1078885"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commit;h=c05e4667be91b46ab42b5a11babf8e84d476cc6b",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commit;h=c05e4667be91b46ab42b5a11babf8e84d476cc6b"
},
{
"name": "[oss-security] 20140326 QEMU image format input validation fixes (multiple CVEs)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/03/26/8"
}
]
}
}

190
2014/0xxx/CVE-2014-0150.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0150",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[Qemu-devel] 20140411 Re: [PATCH for-2.0] virtio-net: fix guest-triggerable buffer overrun",
"refsource" : "MLIST",
"url" : "http://article.gmane.org/gmane.comp.emulators.qemu/266768"
},
{
"name" : "[Qemu-devel] 20140411 [PATCH for-2.0] virtio-net: fix guest-triggerable buffer overrun",
"refsource" : "MLIST",
"url" : "http://thread.gmane.org/gmane.comp.emulators.qemu/266713"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1078846",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1078846"
},
{
"name" : "DSA-2909",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2909"
},
{
"name" : "DSA-2910",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2910"
},
{
"name" : "USN-2182-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2182-1"
},
{
"name" : "57878",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57878"
},
{
"name" : "58191",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58191"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1078846",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1078846"
},
{
"name": "DSA-2910",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2910"
},
{
"name": "USN-2182-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2182-1"
},
{
"name": "DSA-2909",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2909"
},
{
"name": "57878",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57878"
},
{
"name": "[Qemu-devel] 20140411 Re: [PATCH for-2.0] virtio-net: fix guest-triggerable buffer overrun",
"refsource": "MLIST",
"url": "http://article.gmane.org/gmane.comp.emulators.qemu/266768"
},
{
"name": "[Qemu-devel] 20140411 [PATCH for-2.0] virtio-net: fix guest-triggerable buffer overrun",
"refsource": "MLIST",
"url": "http://thread.gmane.org/gmane.comp.emulators.qemu/266713"
},
{
"name": "58191",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58191"
}
]
}
}

120
2014/0xxx/CVE-2014-0303.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0303",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0302."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-0303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-012",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-012"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0302."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS14-012",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-012"
}
]
}
}

150
2014/0xxx/CVE-2014-0560.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0560",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2014-0560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://helpx.adobe.com/security/products/reader/apsb14-20.html",
"refsource" : "CONFIRM",
"url" : "http://helpx.adobe.com/security/products/reader/apsb14-20.html"
},
{
"name" : "69823",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69823"
},
{
"name" : "1030853",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030853"
},
{
"name" : "adobe-reader-cve20140560-code-exec(96001)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96001"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "adobe-reader-cve20140560-code-exec(96001)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96001"
},
{
"name": "http://helpx.adobe.com/security/products/reader/apsb14-20.html",
"refsource": "CONFIRM",
"url": "http://helpx.adobe.com/security/products/reader/apsb14-20.html"
},
{
"name": "1030853",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030853"
},
{
"name": "69823",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69823"
}
]
}
}

120
2014/0xxx/CVE-2014-0637.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0637",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the back-office case-management application in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-0637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140401 ESA-2014-020: RSA Adaptive Authentication (On-Premise) Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-04/0007.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the back-office case-management application in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140401 ESA-2014-020: RSA Adaptive Authentication (On-Premise) Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0007.html"
}
]
}
}

250
2014/1xxx/CVE-2014-1943.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1943",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[file] 20140211 segfault in magic_buffer",
"refsource" : "MLIST",
"url" : "http://mx.gw.com/pipermail/file/2014/001330.html"
},
{
"name" : "[file] 20140211 segfault in magic_buffer",
"refsource" : "MLIST",
"url" : "http://mx.gw.com/pipermail/file/2014/001334.html"
},
{
"name" : "[file] 20140213 segfault in magic_buffer",
"refsource" : "MLIST",
"url" : "http://mx.gw.com/pipermail/file/2014/001337.html"
},
{
"name" : "[file] 20142010 segfault in magic_buffer",
"refsource" : "MLIST",
"url" : "http://mx.gw.com/pipermail/file/2014/001327.html"
},
{
"name" : "https://github.com/glensc/file/blob/FILE5_17/ChangeLog",
"refsource" : "CONFIRM",
"url" : "https://github.com/glensc/file/blob/FILE5_17/ChangeLog"
},
{
"name" : "http://www.php.net/ChangeLog-5.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/ChangeLog-5.php"
},
{
"name" : "http://support.apple.com/kb/HT6443",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT6443"
},
{
"name" : "DSA-2861",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2861"
},
{
"name" : "DSA-2868",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2868"
},
{
"name" : "RHSA-2014:1765",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name" : "openSUSE-SU-2014:0364",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html"
},
{
"name" : "openSUSE-SU-2014:0367",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html"
},
{
"name" : "USN-2123-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2123-1"
},
{
"name" : "USN-2126-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2126-1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:0367",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html"
},
{
"name": "[file] 20140211 segfault in magic_buffer",
"refsource": "MLIST",
"url": "http://mx.gw.com/pipermail/file/2014/001330.html"
},
{
"name": "[file] 20142010 segfault in magic_buffer",
"refsource": "MLIST",
"url": "http://mx.gw.com/pipermail/file/2014/001327.html"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "[file] 20140213 segfault in magic_buffer",
"refsource": "MLIST",
"url": "http://mx.gw.com/pipermail/file/2014/001337.html"
},
{
"name": "openSUSE-SU-2014:0364",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html"
},
{
"name": "http://support.apple.com/kb/HT6443",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6443"
},
{
"name": "RHSA-2014:1765",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"
},
{
"name": "[file] 20140211 segfault in magic_buffer",
"refsource": "MLIST",
"url": "http://mx.gw.com/pipermail/file/2014/001334.html"
},
{
"name": "USN-2126-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2126-1"
},
{
"name": "https://github.com/glensc/file/blob/FILE5_17/ChangeLog",
"refsource": "CONFIRM",
"url": "https://github.com/glensc/file/blob/FILE5_17/ChangeLog"
},
{
"name": "DSA-2868",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2868"
},
{
"name": "USN-2123-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2123-1"
},
{
"name": "DSA-2861",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2861"
}
]
}
}

34
2014/4xxx/CVE-2014-4019.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4019",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4019",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2014/4xxx/CVE-2014-4253.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4253",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect availability via vectors related to WebLogic Server JVM."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-4253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name" : "68634",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68634"
},
{
"name" : "oracle-cpujul2014-cve20144253(94555)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94555"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect availability via vectors related to WebLogic Server JVM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68634",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68634"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "oracle-cpujul2014-cve20144253(94555)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94555"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
}
]
}
}

160
2014/4xxx/CVE-2014-4618.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4618",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2014-4618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140818 ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/533162/30/0/threaded"
},
{
"name" : "69273",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69273"
},
{
"name" : "1030743",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030743"
},
{
"name" : "60571",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60571"
},
{
"name" : "emc-documentum-cve20144618-code-exec(95368)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95368"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "emc-documentum-cve20144618-code-exec(95368)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95368"
},
{
"name": "1030743",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030743"
},
{
"name": "69273",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69273"
},
{
"name": "20140818 ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533162/30/0/threaded"
},
{
"name": "60571",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60571"
}
]
}
}

180
2014/5xxx/CVE-2014-5025.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5025",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the name_cache parameter in a ds_edit action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140722 Re: CVE request: cacti XSS",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/07/22/9"
},
{
"name" : "http://bugs.cacti.net/view.php?id=2456",
"refsource" : "CONFIRM",
"url" : "http://bugs.cacti.net/view.php?id=2456"
},
{
"name" : "DSA-3007",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3007"
},
{
"name" : "GLSA-201509-03",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201509-03"
},
{
"name" : "openSUSE-SU-2015:0479",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html"
},
{
"name" : "68759",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68759"
},
{
"name" : "cacti-cve20145025-xss(94814)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94814"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the name_cache parameter in a ds_edit action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3007",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3007"
},
{
"name": "http://bugs.cacti.net/view.php?id=2456",
"refsource": "CONFIRM",
"url": "http://bugs.cacti.net/view.php?id=2456"
},
{
"name": "[oss-security] 20140722 Re: CVE request: cacti XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/22/9"
},
{
"name": "68759",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68759"
},
{
"name": "openSUSE-SU-2015:0479",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html"
},
{
"name": "cacti-cve20145025-xss(94814)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94814"
},
{
"name": "GLSA-201509-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201509-03"
}
]
}
}

150
2014/5xxx/CVE-2014-5240.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5240",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140813 Re: WordPress 3.9.2 release - needs CVE's",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/08/13/3"
},
{
"name" : "https://core.trac.wordpress.org/changeset/29398",
"refsource" : "CONFIRM",
"url" : "https://core.trac.wordpress.org/changeset/29398"
},
{
"name" : "https://wordpress.org/news/2014/08/wordpress-3-9-2/",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/news/2014/08/wordpress-3-9-2/"
},
{
"name" : "DSA-3001",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3001"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3001",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3001"
},
{
"name": "https://wordpress.org/news/2014/08/wordpress-3-9-2/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/news/2014/08/wordpress-3-9-2/"
},
{
"name": "https://core.trac.wordpress.org/changeset/29398",
"refsource": "CONFIRM",
"url": "https://core.trac.wordpress.org/changeset/29398"
},
{
"name": "[oss-security] 20140813 Re: WordPress 3.9.2 release - needs CVE's",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/08/13/3"
}
]
}
}

200
2014/5xxx/CVE-2014-5445.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5445",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet or (2) CReportPDFServlet servlet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141130 [The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534122/100/0/threaded"
},
{
"name" : "20141203 Re: [The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534141/100/0/threaded"
},
{
"name" : "20141203 [The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Dec/9"
},
{
"name" : "http://packetstormsecurity.com/files/129336/ManageEngine-Netflow-Analyzer-IT360-File-Download.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129336/ManageEngine-Netflow-Analyzer-IT360-File-Download.html"
},
{
"name" : "https://github.com/rapid7/metasploit-framework/pull/4282",
"refsource" : "MISC",
"url" : "https://github.com/rapid7/metasploit-framework/pull/4282"
},
{
"name" : "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_netflow_it360_file_dl.txt",
"refsource" : "MISC",
"url" : "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_netflow_it360_file_dl.txt"
},
{
"name" : "https://support.zoho.com/portal/manageengine/helpcenter/articles/cve-2014-5445-cve-2014-5446-fix-for-arbitrary-file-download",
"refsource" : "CONFIRM",
"url" : "https://support.zoho.com/portal/manageengine/helpcenter/articles/cve-2014-5445-cve-2014-5446-fix-for-arbitrary-file-download"
},
{
"name" : "71404",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71404"
},
{
"name" : "netflow-cve20145445-dir-traversal(99045)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99045"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet or (2) CReportPDFServlet servlet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.zoho.com/portal/manageengine/helpcenter/articles/cve-2014-5445-cve-2014-5446-fix-for-arbitrary-file-download",
"refsource": "CONFIRM",
"url": "https://support.zoho.com/portal/manageengine/helpcenter/articles/cve-2014-5445-cve-2014-5446-fix-for-arbitrary-file-download"
},
{
"name": "netflow-cve20145445-dir-traversal(99045)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99045"
},
{
"name": "http://packetstormsecurity.com/files/129336/ManageEngine-Netflow-Analyzer-IT360-File-Download.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129336/ManageEngine-Netflow-Analyzer-IT360-File-Download.html"
},
{
"name": "20141203 Re: [The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534141/100/0/threaded"
},
{
"name": "71404",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71404"
},
{
"name": "https://github.com/rapid7/metasploit-framework/pull/4282",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/4282"
},
{
"name": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_netflow_it360_file_dl.txt",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_netflow_it360_file_dl.txt"
},
{
"name": "20141130 [The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534122/100/0/threaded"
},
{
"name": "20141203 [The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/9"
}
]
}
}

140
2014/5xxx/CVE-2014-5765.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5765",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Paint for Friends (aka de.lotumlabs.buddypainting) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name" : "VU#219145",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/219145"
},
{
"name" : "VU#582497",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/582497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Paint for Friends (aka de.lotumlabs.buddypainting) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
},
{
"name": "VU#219145",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/219145"
}
]
}
}

130
2016/10xxx/CVE-2016-10107.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-10107",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.stevencampbell.info/2016/12/command-injection-in-western-digital-mycloud-nas/",
"refsource" : "MISC",
"url" : "https://www.stevencampbell.info/2016/12/command-injection-in-western-digital-mycloud-nas/"
},
{
"name" : "95201",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95201"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.stevencampbell.info/2016/12/command-injection-in-western-digital-mycloud-nas/",
"refsource": "MISC",
"url": "https://www.stevencampbell.info/2016/12/command-injection-in-western-digital-mycloud-nas/"
},
{
"name": "95201",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95201"
}
]
}
}

130
2016/10xxx/CVE-2016-10291.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2016-10291",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Kernel-3.10"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the Qualcomm Slimbus driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-34030871. References: QC-CR#986837."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-10291",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Kernel-3.10"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-05-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-05-01"
},
{
"name" : "98183",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98183"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the Qualcomm Slimbus driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-34030871. References: QC-CR#986837."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-05-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-05-01"
},
{
"name": "98183",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98183"
}
]
}
}

122
2016/10xxx/CVE-2016-10572.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2016-10572",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "mongodb-instance node module",
"version" : {
"version_data" : [
{
"version_value" : "<0.0.3"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mongodb-instance before 0.0.3 installs mongodb locally. mongodb-instance downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Missing Encryption of Sensitive Data (CWE-311)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2016-10572",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mongodb-instance node module",
"version": {
"version_data": [
{
"version_value": "<0.0.3"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/235",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/235"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mongodb-instance before 0.0.3 installs mongodb locally. mongodb-instance downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Encryption of Sensitive Data (CWE-311)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/235",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/235"
}
]
}
}

130
2016/10xxx/CVE-2016-10725.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-10725",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Bitcoin Core before v0.13.0, a non-final alert is able to block the special \"final alert\" (which is supposed to override all other alerts) because operations occur in the wrong order. This behavior occurs in the remote network alert system (deprecated since Q1 2016). This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures",
"refsource" : "MISC",
"url" : "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
},
{
"name" : "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html",
"refsource" : "MISC",
"url" : "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Bitcoin Core before v0.13.0, a non-final alert is able to block the special \"final alert\" (which is supposed to override all other alerts) because operations occur in the wrong order. This behavior occurs in the remote network alert system (deprecated since Q1 2016). This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html",
"refsource": "MISC",
"url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016189.html"
},
{
"name": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures",
"refsource": "MISC",
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures"
}
]
}
}

150
2016/3xxx/CVE-2016-3274.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3274",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to conduct content-spoofing attacks via a crafted URL, aka \"Microsoft Browser Spoofing Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS16-084",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-084"
},
{
"name" : "MS16-085",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-085"
},
{
"name" : "91591",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91591"
},
{
"name" : "1036283",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036283"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to conduct content-spoofing attacks via a crafted URL, aka \"Microsoft Browser Spoofing Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036283",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036283"
},
{
"name": "91591",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91591"
},
{
"name": "MS16-084",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-084"
},
{
"name": "MS16-085",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-085"
}
]
}
}

150
2016/3xxx/CVE-2016-3313.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3313",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2016-3313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "40224",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40224/"
},
{
"name" : "MS16-099",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-099"
},
{
"name" : "92289",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92289"
},
{
"name" : "1036559",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036559"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka \"Microsoft Office Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036559",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036559"
},
{
"name": "MS16-099",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-099"
},
{
"name": "40224",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40224/"
},
{
"name": "92289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92289"
}
]
}
}

130
2016/8xxx/CVE-2016-8355.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2016-8355",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Smiths-Medical CADD-Solis Medication Safety Software through 3.1",
"version" : {
"version_data" : [
{
"version_value" : "Smiths-Medical CADD-Solis Medication Safety Software through 3.1"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. CADD-Solis Medication Safety Software grants an authenticated user elevated privileges on the SQL database, which would allow an authenticated user to modify drug libraries, add and delete users, and change user permissions. According to Smiths-Medical, physical access to the pump is required to install drug library updates."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Smiths-Medical CADD-Solis Medication Safety Software incorrect permissions"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-8355",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smiths-Medical CADD-Solis Medication Safety Software through 3.1",
"version": {
"version_data": [
{
"version_value": "Smiths-Medical CADD-Solis Medication Safety Software through 3.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01"
},
{
"name" : "94630",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94630"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. CADD-Solis Medication Safety Software grants an authenticated user elevated privileges on the SQL database, which would allow an authenticated user to modify drug libraries, add and delete users, and change user permissions. According to Smiths-Medical, physical access to the pump is required to install drug library updates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Smiths-Medical CADD-Solis Medication Safety Software incorrect permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01"
},
{
"name": "94630",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94630"
}
]
}
}

210
2016/8xxx/CVE-2016-8658.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8658",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161013 Re: CVE Request -- Broadcom Wifi Driver Brcmfmac brcmf_cfg80211_start_ap Buffer Overflow",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/13/1"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ded89912156b1a47d940a0c954c43afbabd0c42c",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ded89912156b1a47d940a0c954c43afbabd0c42c"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1384403",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1384403"
},
{
"name" : "https://github.com/torvalds/linux/commit/ded89912156b1a47d940a0c954c43afbabd0c42c",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/ded89912156b1a47d940a0c954c43afbabd0c42c"
},
{
"name" : "USN-3145-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3145-1"
},
{
"name" : "USN-3145-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3145-2"
},
{
"name" : "USN-3146-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3146-1"
},
{
"name" : "USN-3146-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3146-2"
},
{
"name" : "93541",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93541"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3146-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3146-2"
},
{
"name": "https://github.com/torvalds/linux/commit/ded89912156b1a47d940a0c954c43afbabd0c42c",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/ded89912156b1a47d940a0c954c43afbabd0c42c"
},
{
"name": "USN-3146-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3146-1"
},
{
"name": "USN-3145-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3145-1"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ded89912156b1a47d940a0c954c43afbabd0c42c",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ded89912156b1a47d940a0c954c43afbabd0c42c"
},
{
"name": "[oss-security] 20161013 Re: CVE Request -- Broadcom Wifi Driver Brcmfmac brcmf_cfg80211_start_ap Buffer Overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/13/1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1384403",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384403"
},
{
"name": "USN-3145-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3145-2"
},
{
"name": "93541",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93541"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5"
}
]
}
}

200
2016/8xxx/CVE-2016-8884.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8884",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8884",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161022 Re: jasper: two NULL pointer dereference in bmp_getdata (bmp_dec.c) (Incomplete fix for CVE-2016-8690)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/23/1"
},
{
"name" : "[oss-security] 20161023 Re: jasper: two NULL pointer dereference in bmp_getdata (bmp_dec.c) (Incomplete fix for CVE-2016-8690)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/23/9"
},
{
"name" : "https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690/"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1385499",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1385499"
},
{
"name" : "https://github.com/mdadams/jasper/commit/5d66894d2313e3f3469f19066e149e08ff076698",
"refsource" : "CONFIRM",
"url" : "https://github.com/mdadams/jasper/commit/5d66894d2313e3f3469f19066e149e08ff076698"
},
{
"name" : "FEDORA-2016-6c789ba91d",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/"
},
{
"name" : "FEDORA-2016-e0f0d48142",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EGI2FZQLOTSZI3VA4ECJERI74SMNQDL4/"
},
{
"name" : "RHSA-2017:1208",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1208"
},
{
"name" : "93834",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93834"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2016-6c789ba91d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/"
},
{
"name": "https://github.com/mdadams/jasper/commit/5d66894d2313e3f3469f19066e149e08ff076698",
"refsource": "CONFIRM",
"url": "https://github.com/mdadams/jasper/commit/5d66894d2313e3f3469f19066e149e08ff076698"
},
{
"name": "FEDORA-2016-e0f0d48142",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EGI2FZQLOTSZI3VA4ECJERI74SMNQDL4/"
},
{
"name": "RHSA-2017:1208",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1208"
},
{
"name": "[oss-security] 20161022 Re: jasper: two NULL pointer dereference in bmp_getdata (bmp_dec.c) (Incomplete fix for CVE-2016-8690)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/23/1"
},
{
"name": "[oss-security] 20161023 Re: jasper: two NULL pointer dereference in bmp_getdata (bmp_dec.c) (Incomplete fix for CVE-2016-8690)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/23/9"
},
{
"name": "93834",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93834"
},
{
"name": "https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1385499",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385499"
}
]
}
}

178
2016/8xxx/CVE-2016-8948.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-07-10T00:00:00",
"ID" : "CVE-2016-8948",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Emptoris Sourcing",
"version" : {
"version_data" : [
{
"version_value" : " 9.5"
},
{
"version_value" : "10.0.0"
},
{
"version_value" : "10.0.1"
},
{
"version_value" : "10.0.2"
},
{
"version_value" : "10.0.4"
},
{
"version_value" : "10.1.0"
},
{
"version_value" : "10.1.1"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118835."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-07-10T00:00:00",
"ID": "CVE-2016-8948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Emptoris Sourcing",
"version": {
"version_data": [
{
"version_value": " 9.5"
},
{
"version_value": "10.0.0"
},
{
"version_value": "10.0.1"
},
{
"version_value": "10.0.2"
},
{
"version_value": "10.0.4"
},
{
"version_value": "10.1.0"
},
{
"version_value": "10.1.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/118835",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/118835"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22005549",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22005549"
},
{
"name" : "99545",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99545"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118835."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22005549",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005549"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118835",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/118835"
},
{
"name": "99545",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99545"
}
]
}
}

140
2016/8xxx/CVE-2016-8962.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-8962",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BigFix Inventory",
"version" : {
"version_data" : [
{
"version_value" : ", 9.2"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 118851."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-8962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BigFix Inventory",
"version": {
"version_data": [
{
"version_value": ", 9.2"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21995031",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21995031"
},
{
"name" : "98030",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98030"
},
{
"name" : "1038360",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038360"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 118851."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98030",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98030"
},
{
"name": "1038360",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038360"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21995031",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995031"
}
]
}
}

140
2016/9xxx/CVE-2016-9117.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9117",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9117",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/uclouvain/openjpeg/issues/860",
"refsource" : "MISC",
"url" : "https://github.com/uclouvain/openjpeg/issues/860"
},
{
"name" : "GLSA-201710-26",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201710-26"
},
{
"name" : "93783",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93783"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201710-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-26"
},
{
"name": "93783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93783"
},
{
"name": "https://github.com/uclouvain/openjpeg/issues/860",
"refsource": "MISC",
"url": "https://github.com/uclouvain/openjpeg/issues/860"
}
]
}
}

150
2016/9xxx/CVE-2016-9278.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9278",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows local users to cause a denial of service (kernel panic) via a crafted ioctl command. The Samsung ID is SVE-2016-6736."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161109 CVE Request - Samsung Exynos fimg2d Multiple Issues",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/11/09/3"
},
{
"name" : "[oss-security] 20161111 Re: CVE Request - Samsung Exynos fimg2d Multiple Issues",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/11/11/11"
},
{
"name" : "http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016",
"refsource" : "CONFIRM",
"url" : "http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016"
},
{
"name" : "94283",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94283"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows local users to cause a denial of service (kernel panic) via a crafted ioctl command. The Samsung ID is SVE-2016-6736."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20161111 Re: CVE Request - Samsung Exynos fimg2d Multiple Issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/11/11"
},
{
"name": "[oss-security] 20161109 CVE Request - Samsung Exynos fimg2d Multiple Issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/09/3"
},
{
"name": "94283",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94283"
},
{
"name": "http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016",
"refsource": "CONFIRM",
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016"
}
]
}
}

160
2016/9xxx/CVE-2016-9386.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9386",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving \"unexpected\" base/limit values."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://xenbits.xen.org/xsa/advisory-191.html",
"refsource" : "CONFIRM",
"url" : "http://xenbits.xen.org/xsa/advisory-191.html"
},
{
"name" : "https://support.citrix.com/article/CTX218775",
"refsource" : "CONFIRM",
"url" : "https://support.citrix.com/article/CTX218775"
},
{
"name" : "GLSA-201612-56",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201612-56"
},
{
"name" : "94471",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94471"
},
{
"name" : "1037340",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037340"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving \"unexpected\" base/limit values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94471"
},
{
"name": "GLSA-201612-56",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-56"
},
{
"name": "https://support.citrix.com/article/CTX218775",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX218775"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-191.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-191.html"
},
{
"name": "1037340",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037340"
}
]
}
}

150
2016/9xxx/CVE-2016-9795.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9795",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9795",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20170126 CA20170126-01: Security Notice for CA Common Services casrvc",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/540062/100/0/threaded"
},
{
"name" : "https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20170126-01--security-notice-for-ca-common-services-casrvc.html",
"refsource" : "CONFIRM",
"url" : "https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20170126-01--security-notice-for-ca-common-services-casrvc.html"
},
{
"name" : "95819",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95819"
},
{
"name" : "1037730",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037730"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20170126 CA20170126-01: Security Notice for CA Common Services casrvc",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/540062/100/0/threaded"
},
{
"name": "https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20170126-01--security-notice-for-ca-common-services-casrvc.html",
"refsource": "CONFIRM",
"url": "https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20170126-01--security-notice-for-ca-common-services-casrvc.html"
},
{
"name": "1037730",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037730"
},
{
"name": "95819",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95819"
}
]
}
}

220
2016/9xxx/CVE-2016-9958.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9958",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-9958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161215 Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/12/15/11"
},
{
"name" : "https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html",
"refsource" : "MISC",
"url" : "https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html"
},
{
"name" : "https://bitbucket.org/mpyne/game-music-emu/wiki/Home",
"refsource" : "CONFIRM",
"url" : "https://bitbucket.org/mpyne/game-music-emu/wiki/Home"
},
{
"name" : "FEDORA-2016-04383482b4",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6LKMKVYS7AVB2EXC463FUYN6C6FABHME/"
},
{
"name" : "FEDORA-2016-fbf9f8b204",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGHAQI5Q2XDSPGRRKPJJM3A73VWAFSFL/"
},
{
"name" : "FEDORA-2017-3d771a1702",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHFKIFSFIDXOKFUKAH2MBNXDTY6DYBF6/"
},
{
"name" : "FEDORA-2017-5bf9a268df",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7Z2OVERYM6NW3FGVGTJUNSL5ZNFSH2S/"
},
{
"name" : "GLSA-201707-02",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201707-02"
},
{
"name" : "SUSE-SA:2016:3250",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html"
},
{
"name" : "openSUSE-SA:2017:0022",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00005.html"
},
{
"name" : "95305",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95305"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2016:3250",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html"
},
{
"name": "FEDORA-2016-fbf9f8b204",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGHAQI5Q2XDSPGRRKPJJM3A73VWAFSFL/"
},
{
"name": "95305",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95305"
},
{
"name": "[oss-security] 20161215 Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/15/11"
},
{
"name": "https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html",
"refsource": "MISC",
"url": "https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html"
},
{
"name": "GLSA-201707-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-02"
},
{
"name": "FEDORA-2017-5bf9a268df",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7Z2OVERYM6NW3FGVGTJUNSL5ZNFSH2S/"
},
{
"name": "https://bitbucket.org/mpyne/game-music-emu/wiki/Home",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/mpyne/game-music-emu/wiki/Home"
},
{
"name": "FEDORA-2016-04383482b4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6LKMKVYS7AVB2EXC463FUYN6C6FABHME/"
},
{
"name": "FEDORA-2017-3d771a1702",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHFKIFSFIDXOKFUKAH2MBNXDTY6DYBF6/"
},
{
"name": "openSUSE-SA:2017:0022",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00005.html"
}
]
}
}

34
2019/2xxx/CVE-2019-2039.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2039",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2039",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2095.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2095",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2095",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2394.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2394",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2394",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2573.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2573",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2573",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/6xxx/CVE-2019-6171.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6171",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6171",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2019/6xxx/CVE-2019-6438.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6438",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://lists.schedmd.com/pipermail/slurm-announce/2019/000018.html",
"refsource" : "CONFIRM",
"url" : "https://lists.schedmd.com/pipermail/slurm-announce/2019/000018.html"
},
{
"name" : "https://www.schedmd.com/news.php?id=213",
"refsource" : "CONFIRM",
"url" : "https://www.schedmd.com/news.php?id=213"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.schedmd.com/pipermail/slurm-announce/2019/000018.html",
"refsource": "CONFIRM",
"url": "https://lists.schedmd.com/pipermail/slurm-announce/2019/000018.html"
},
{
"name": "https://www.schedmd.com/news.php?id=213",
"refsource": "CONFIRM",
"url": "https://www.schedmd.com/news.php?id=213"
}
]
}
}

34
2019/6xxx/CVE-2019-6493.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6493",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6493",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2019/6xxx/CVE-2019-6799.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6799",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of \"options(MYSQLI_OPT_LOCAL_INFILE\" calls."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190227 [SECURITY] [DLA 1692-1] phpmyadmin security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00039.html"
},
{
"name" : "https://www.phpmyadmin.net/security/PMASA-2019-1/",
"refsource" : "CONFIRM",
"url" : "https://www.phpmyadmin.net/security/PMASA-2019-1/"
},
{
"name" : "106736",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106736"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of \"options(MYSQLI_OPT_LOCAL_INFILE\" calls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.phpmyadmin.net/security/PMASA-2019-1/",
"refsource": "CONFIRM",
"url": "https://www.phpmyadmin.net/security/PMASA-2019-1/"
},
{
"name": "[debian-lts-announce] 20190227 [SECURITY] [DLA 1692-1] phpmyadmin security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00039.html"
},
{
"name": "106736",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106736"
}
]
}
}

34
2019/6xxx/CVE-2019-6876.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6876",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6876",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}