admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 21:45:14 +00:00
parent 9140e67086
commit b0c6677a06
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
63 changed files with 4246 additions and 4246 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

350
2006/5xxx/CVE-2006-5276.json
View File

@ -1,177 +1,177 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5276",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070219 Sourcefire Snort Remote Buffer Overflow",
"refsource" : "ISS",
"url" : "http://iss.net/threats/257.html"
},
{
"name" : "20070303 ERRATA: [ GLSA 200703-01 ] Snort: Remote execution of arbitrary code",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/461810/100/0/threaded"
},
{
"name" : "3362",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3362"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=229265",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=229265"
},
{
"name" : "http://www.snort.org/docs/advisory-2007-02-19.html",
"refsource" : "CONFIRM",
"url" : "http://www.snort.org/docs/advisory-2007-02-19.html"
},
{
"name" : "http://www116.nortelnetworks.com/pub/repository/CLARIFY/DOCUMENT/2007/08/021923-01.pdf",
"refsource" : "CONFIRM",
"url" : "http://www116.nortelnetworks.com/pub/repository/CLARIFY/DOCUMENT/2007/08/021923-01.pdf"
},
{
"name" : "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=540173",
"refsource" : "CONFIRM",
"url" : "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=540173"
},
{
"name" : "FEDORA-2007-2060",
"refsource" : "FEDORA",
"url" : "http://fedoranews.org/updates/FEDORA-2007-206.shtml"
},
{
"name" : "GLSA-200703-01",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200703-01.xml"
},
{
"name" : "TA07-050A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-050A.html"
},
{
"name" : "VU#196240",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/196240"
},
{
"name" : "22616",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/22616"
},
{
"name" : "ADV-2007-0656",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0656"
},
{
"name" : "ADV-2007-0668",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0668"
},
{
"name" : "32094",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/32094"
},
{
"name" : "1017669",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1017669"
},
{
"name" : "1017670",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1017670"
},
{
"name" : "24190",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24190"
},
{
"name" : "24235",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24235"
},
{
"name" : "24239",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24239"
},
{
"name" : "24240",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24240"
},
{
"name" : "24272",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24272"
},
{
"name" : "26746",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26746"
},
{
"name" : "smb-bo(31275)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31275"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA07-050A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-050A.html"
},
{
"name": "VU#196240",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/196240"
},
{
"name": "http://www116.nortelnetworks.com/pub/repository/CLARIFY/DOCUMENT/2007/08/021923-01.pdf",
"refsource": "CONFIRM",
"url": "http://www116.nortelnetworks.com/pub/repository/CLARIFY/DOCUMENT/2007/08/021923-01.pdf"
},
{
"name": "GLSA-200703-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200703-01.xml"
},
{
"name": "26746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26746"
},
{
"name": "20070303 ERRATA: [ GLSA 200703-01 ] Snort: Remote execution of arbitrary code",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/461810/100/0/threaded"
},
{
"name": "24190",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24190"
},
{
"name": "http://www.snort.org/docs/advisory-2007-02-19.html",
"refsource": "CONFIRM",
"url": "http://www.snort.org/docs/advisory-2007-02-19.html"
},
{
"name": "24239",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24239"
},
{
"name": "24272",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24272"
},
{
"name": "ADV-2007-0656",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0656"
},
{
"name": "smb-bo(31275)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31275"
},
{
"name": "FEDORA-2007-2060",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA-2007-206.shtml"
},
{
"name": "ADV-2007-0668",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0668"
},
{
"name": "32094",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/32094"
},
{
"name": "24235",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24235"
},
{
"name": "1017670",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017670"
},
{
"name": "24240",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24240"
},
{
"name": "20070219 Sourcefire Snort Remote Buffer Overflow",
"refsource": "ISS",
"url": "http://iss.net/threats/257.html"
},
{
"name": "22616",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22616"
},
{
"name": "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=540173",
"refsource": "CONFIRM",
"url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=540173"
},
{
"name": "3362",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3362"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=229265",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=229265"
},
{
"name": "1017669",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017669"
}
]
}
}

150
2007/2xxx/CVE-2007-2254.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2254",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in admin/setup/level2.php in PHP Classifieds 6.04, and probably earlier versions, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this product was referred to as \"Allfaclassfieds\" in the original disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070422 Allfaclassfieds (level2.php dir) remote file inclusion",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/466648/100/0/threaded"
},
{
"name" : "20070425 [false but true] \"Allfaclassfieds\" RFI no; PHP Classifieds yes",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2007-April/001543.html"
},
{
"name" : "2618",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2618"
},
{
"name" : "allfaclassfieds-level2-file-include(33798)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33798"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in admin/setup/level2.php in PHP Classifieds 6.04, and probably earlier versions, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this product was referred to as \"Allfaclassfieds\" in the original disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070422 Allfaclassfieds (level2.php dir) remote file inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/466648/100/0/threaded"
},
{
"name": "allfaclassfieds-level2-file-include(33798)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33798"
},
{
"name": "20070425 [false but true] \"Allfaclassfieds\" RFI no; PHP Classifieds yes",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-April/001543.html"
},
{
"name": "2618",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2618"
}
]
}
}

140
2007/3xxx/CVE-2007-3423.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3423",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the (1) imview2 or (2) imview3 function reads (a) an internal IM, or a message from a (b) guest or (c) removed member, which has unknown impact and remote attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3423",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458",
"refsource" : "CONFIRM",
"url" : "http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458"
},
{
"name" : "http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip",
"refsource" : "CONFIRM",
"url" : "http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip"
},
{
"name" : "45409",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/45409"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the (1) imview2 or (2) imview3 function reads (a) an internal IM, or a message from a (b) guest or (c) removed member, which has unknown impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip",
"refsource": "CONFIRM",
"url": "http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip"
},
{
"name": "http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458",
"refsource": "CONFIRM",
"url": "http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458"
},
{
"name": "45409",
"refsource": "OSVDB",
"url": "http://osvdb.org/45409"
}
]
}
}

250
2007/3xxx/CVE-2007-3716.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3716",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Java XML Digital Signature implementation in Sun JDK and JRE 6 before Update 2 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070712 Command Injection in XML Digital Signatures",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/473552/100/0/threaded"
},
{
"name" : "20070712 Whitepaper: Command Injection in XML Digital Signatures and Encryption",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/473553/100/0/threaded"
},
{
"name" : "http://www.isecpartners.com/advisories/2007-04-dsig.txt",
"refsource" : "MISC",
"url" : "http://www.isecpartners.com/advisories/2007-04-dsig.txt"
},
{
"name" : "http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf",
"refsource" : "MISC",
"url" : "http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf"
},
{
"name" : "BEA07-177.00",
"refsource" : "BEA",
"url" : "http://dev2dev.bea.com/pub/advisory/248"
},
{
"name" : "GLSA-200709-15",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml"
},
{
"name" : "102993",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102993-1"
},
{
"name" : "ADV-2007-2492",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2492"
},
{
"name" : "ADV-2007-3009",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/3009"
},
{
"name" : "36664",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36664"
},
{
"name" : "1018365",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018365"
},
{
"name" : "26031",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26031"
},
{
"name" : "26631",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26631"
},
{
"name" : "26933",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26933"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Java XML Digital Signature implementation in Sun JDK and JRE 6 before Update 2 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26933",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26933"
},
{
"name": "20070712 Command Injection in XML Digital Signatures",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/473552/100/0/threaded"
},
{
"name": "BEA07-177.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/248"
},
{
"name": "20070712 Whitepaper: Command Injection in XML Digital Signatures and Encryption",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/473553/100/0/threaded"
},
{
"name": "http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf",
"refsource": "MISC",
"url": "http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf"
},
{
"name": "102993",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102993-1"
},
{
"name": "http://www.isecpartners.com/advisories/2007-04-dsig.txt",
"refsource": "MISC",
"url": "http://www.isecpartners.com/advisories/2007-04-dsig.txt"
},
{
"name": "26031",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26031"
},
{
"name": "ADV-2007-3009",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3009"
},
{
"name": "GLSA-200709-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml"
},
{
"name": "1018365",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018365"
},
{
"name": "ADV-2007-2492",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2492"
},
{
"name": "36664",
"refsource": "OSVDB",
"url": "http://osvdb.org/36664"
},
{
"name": "26631",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26631"
}
]
}
}

34
2007/6xxx/CVE-2007-6155.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6155",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6155",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2007/6xxx/CVE-2007-6406.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6406",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in CA (formerly Computer Associates) eTrust Threat Management Console allow remote attackers to inject arbitrary web script or HTML via the IP Address field and other unspecified fields."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071205 [ELEYTT] Public Advisory 05-12-2007",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/484607/100/0/threaded"
},
{
"name" : "1019047",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1019047"
},
{
"name" : "3458",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3458"
},
{
"name" : "threatmanagement-ipaddress-xss(38868)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38868"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in CA (formerly Computer Associates) eTrust Threat Management Console allow remote attackers to inject arbitrary web script or HTML via the IP Address field and other unspecified fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1019047",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019047"
},
{
"name": "20071205 [ELEYTT] Public Advisory 05-12-2007",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484607/100/0/threaded"
},
{
"name": "threatmanagement-ipaddress-xss(38868)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38868"
},
{
"name": "3458",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3458"
}
]
}
}

190
2007/6xxx/CVE-2007-6560.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6560",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to inject arbitrary web script or HTML via (1) the newconfname parameter to profiles.php or (2) the conf parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071223 Logaholic Web Analytics Software",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/485480/100/0/threaded"
},
{
"name" : "20080326 Re: Logaholic Web Analytics Software",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/490101/100/0/threaded"
},
{
"name" : "27003",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27003"
},
{
"name" : "39792",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/39792"
},
{
"name" : "39793",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/39793"
},
{
"name" : "28263",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28263"
},
{
"name" : "3496",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3496"
},
{
"name" : "logaholic-profiles-xss(39223)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39223"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to inject arbitrary web script or HTML via (1) the newconfname parameter to profiles.php or (2) the conf parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39793",
"refsource": "OSVDB",
"url": "http://osvdb.org/39793"
},
{
"name": "28263",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28263"
},
{
"name": "3496",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3496"
},
{
"name": "logaholic-profiles-xss(39223)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39223"
},
{
"name": "39792",
"refsource": "OSVDB",
"url": "http://osvdb.org/39792"
},
{
"name": "27003",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27003"
},
{
"name": "20071223 Logaholic Web Analytics Software",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485480/100/0/threaded"
},
{
"name": "20080326 Re: Logaholic Web Analytics Software",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490101/100/0/threaded"
}
]
}
}

160
2007/6xxx/CVE-2007-6577.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6577",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in index.php in zBlog 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the categ parameter in a categ action or (2) the article parameter in an articles action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4772",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4772"
},
{
"name" : "26994",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26994"
},
{
"name" : "39774",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/39774"
},
{
"name" : "39775",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/39775"
},
{
"name" : "zblog-index-sql-injection(39239)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39239"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in index.php in zBlog 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the categ parameter in a categ action or (2) the article parameter in an articles action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "zblog-index-sql-injection(39239)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39239"
},
{
"name": "39774",
"refsource": "OSVDB",
"url": "http://osvdb.org/39774"
},
{
"name": "4772",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4772"
},
{
"name": "26994",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26994"
},
{
"name": "39775",
"refsource": "OSVDB",
"url": "http://osvdb.org/39775"
}
]
}
}

170
2007/6xxx/CVE-2007-6658.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6658",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in admin.php/vars.php in CustomCMS (CCMS) 3.1 Demo allows remote attackers to execute arbitrary SQL commands via the p parameter in the Console page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071229 CCMS v3.1 Demo <= SQL Injection Vulnerability 0day",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/485633/100/0/threaded"
},
{
"name" : "4809",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4809"
},
{
"name" : "27069",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27069"
},
{
"name" : "39894",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/39894"
},
{
"name" : "3510",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3510"
},
{
"name" : "customcms-vars-sql-injection(39317)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39317"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admin.php/vars.php in CustomCMS (CCMS) 3.1 Demo allows remote attackers to execute arbitrary SQL commands via the p parameter in the Console page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3510",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3510"
},
{
"name": "27069",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27069"
},
{
"name": "39894",
"refsource": "OSVDB",
"url": "http://osvdb.org/39894"
},
{
"name": "4809",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4809"
},
{
"name": "20071229 CCMS v3.1 Demo <= SQL Injection Vulnerability 0day",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485633/100/0/threaded"
},
{
"name": "customcms-vars-sql-injection(39317)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39317"
}
]
}
}

230
2010/0xxx/CVE-2010-0301.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0301",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "main.C in maildrop 2.3.0 and earlier, when run by root with the -d option, uses the gid of root for execution of the .mailfilter file in a user's home directory, which allows local users to gain privileges via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100127 CVE id request: maildrop",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=126462927918840&w=2"
},
{
"name" : "[oss-security] 20100128 Re: CVE id request: maildrop",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=126468324913920&w=2"
},
{
"name" : "[oss-security] 20100128 Re: CVE id request: maildrop",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=126468551017070&w=2"
},
{
"name" : "[oss-security] 20100128 Re: CVE id request: maildrop",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=126468618017829&w=2"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564601",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564601"
},
{
"name" : "http://www.courier-mta.org/maildrop/changelog.html",
"refsource" : "CONFIRM",
"url" : "http://www.courier-mta.org/maildrop/changelog.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=559681",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=559681"
},
{
"name" : "DSA-1981",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-1981"
},
{
"name" : "1023515",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023515"
},
{
"name" : "38367",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38367"
},
{
"name" : "38374",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38374"
},
{
"name" : "maildrop-group-priv-escalation(55980)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55980"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "main.C in maildrop 2.3.0 and earlier, when run by root with the -d option, uses the gid of root for execution of the .mailfilter file in a user's home directory, which allows local users to gain privileges via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1981",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-1981"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564601",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564601"
},
{
"name": "38374",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38374"
},
{
"name": "[oss-security] 20100128 Re: CVE id request: maildrop",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=126468618017829&w=2"
},
{
"name": "http://www.courier-mta.org/maildrop/changelog.html",
"refsource": "CONFIRM",
"url": "http://www.courier-mta.org/maildrop/changelog.html"
},
{
"name": "maildrop-group-priv-escalation(55980)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55980"
},
{
"name": "[oss-security] 20100128 Re: CVE id request: maildrop",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=126468324913920&w=2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=559681",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=559681"
},
{
"name": "[oss-security] 20100128 Re: CVE id request: maildrop",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=126468551017070&w=2"
},
{
"name": "1023515",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023515"
},
{
"name": "38367",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38367"
},
{
"name": "[oss-security] 20100127 CVE id request: maildrop",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=126462927918840&w=2"
}
]
}
}

180
2010/0xxx/CVE-2010-0392.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0392",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in vpnconf.exe in TheGreenBow IPSec VPN Client 4.51.001, 4.65.003, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a long OpenScriptAfterUp parameter in a policy (.tgb) file, related to \"phase 2.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100121 TheGreenBow VPN Client Local Stack Overflow Vulnerability - Security Advisory - SOS-10-001",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/509091/100/0/threaded"
},
{
"name" : "http://www.senseofsecurity.com.au/advisories/SOS-10-001",
"refsource" : "MISC",
"url" : "http://www.senseofsecurity.com.au/advisories/SOS-10-001"
},
{
"name" : "http://www.thegreenbow.com/download.php?id=1000150",
"refsource" : "CONFIRM",
"url" : "http://www.thegreenbow.com/download.php?id=1000150"
},
{
"name" : "40387",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40387"
},
{
"name" : "61866",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/61866"
},
{
"name" : "38262",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38262"
},
{
"name" : "ipsecvpnclient-tgb-bo(55793)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55793"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in vpnconf.exe in TheGreenBow IPSec VPN Client 4.51.001, 4.65.003, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a long OpenScriptAfterUp parameter in a policy (.tgb) file, related to \"phase 2.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.senseofsecurity.com.au/advisories/SOS-10-001",
"refsource": "MISC",
"url": "http://www.senseofsecurity.com.au/advisories/SOS-10-001"
},
{
"name": "ipsecvpnclient-tgb-bo(55793)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55793"
},
{
"name": "38262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38262"
},
{
"name": "40387",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40387"
},
{
"name": "http://www.thegreenbow.com/download.php?id=1000150",
"refsource": "CONFIRM",
"url": "http://www.thegreenbow.com/download.php?id=1000150"
},
{
"name": "61866",
"refsource": "OSVDB",
"url": "http://osvdb.org/61866"
},
{
"name": "20100121 TheGreenBow VPN Client Local Stack Overflow Vulnerability - Security Advisory - SOS-10-001",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509091/100/0/threaded"
}
]
}
}

250
2010/0xxx/CVE-2010-0441.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0441",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2, allows remote attackers to cause a denial of service (daemon crash) via an SIP T.38 negotiation with an SDP FaxMaxDatagram field that is (1) missing, (2) modified to contain a negative number, or (3) modified to contain a large number."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100202 AST-2010-001: T.38 Remote Crash Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/509327/100/0/threaded"
},
{
"name" : "http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff",
"refsource" : "CONFIRM",
"url" : "http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff"
},
{
"name" : "http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff",
"refsource" : "CONFIRM",
"url" : "http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff"
},
{
"name" : "http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff",
"refsource" : "CONFIRM",
"url" : "http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff"
},
{
"name" : "http://downloads.asterisk.org/pub/security/AST-2010-001.html",
"refsource" : "CONFIRM",
"url" : "http://downloads.asterisk.org/pub/security/AST-2010-001.html"
},
{
"name" : "https://issues.asterisk.org/view.php?id=16517",
"refsource" : "CONFIRM",
"url" : "https://issues.asterisk.org/view.php?id=16517"
},
{
"name" : "https://issues.asterisk.org/view.php?id=16634",
"refsource" : "CONFIRM",
"url" : "https://issues.asterisk.org/view.php?id=16634"
},
{
"name" : "https://issues.asterisk.org/view.php?id=16724",
"refsource" : "CONFIRM",
"url" : "https://issues.asterisk.org/view.php?id=16724"
},
{
"name" : "FEDORA-2010-3724",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"
},
{
"name" : "38047",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38047"
},
{
"name" : "1023532",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023532"
},
{
"name" : "38395",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38395"
},
{
"name" : "39096",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39096"
},
{
"name" : "ADV-2010-0289",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0289"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2, allows remote attackers to cause a denial of service (daemon crash) via an SIP T.38 negotiation with an SDP FaxMaxDatagram field that is (1) missing, (2) modified to contain a negative number, or (3) modified to contain a large number."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff"
},
{
"name": "https://issues.asterisk.org/view.php?id=16517",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/view.php?id=16517"
},
{
"name": "https://issues.asterisk.org/view.php?id=16634",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/view.php?id=16634"
},
{
"name": "ADV-2010-0289",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0289"
},
{
"name": "38047",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38047"
},
{
"name": "39096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39096"
},
{
"name": "FEDORA-2010-3724",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html"
},
{
"name": "https://issues.asterisk.org/view.php?id=16724",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/view.php?id=16724"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff"
},
{
"name": "20100202 AST-2010-001: T.38 Remote Crash Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509327/100/0/threaded"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff"
},
{
"name": "38395",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38395"
},
{
"name": "1023532",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023532"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2010-001.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2010-001.html"
}
]
}
}

270
2010/0xxx/CVE-2010-0540.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0540",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-0540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4188",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4188"
},
{
"name" : "http://cups.org/articles.php?L596",
"refsource" : "CONFIRM",
"url" : "http://cups.org/articles.php?L596"
},
{
"name" : "http://cups.org/str.php?L3498",
"refsource" : "CONFIRM",
"url" : "http://cups.org/str.php?L3498"
},
{
"name" : "APPLE-SA-2010-06-15-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"name" : "DSA-2176",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2176"
},
{
"name" : "GLSA-201207-10",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201207-10.xml"
},
{
"name" : "MDVSA-2010:232",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:232"
},
{
"name" : "MDVSA-2010:233",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:233"
},
{
"name" : "MDVSA-2010:234",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:234"
},
{
"name" : "40871",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/40871"
},
{
"name" : "oval:org.mitre.oval:def:10382",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10382"
},
{
"name" : "1024122",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024122"
},
{
"name" : "40220",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40220"
},
{
"name" : "43521",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43521"
},
{
"name" : "ADV-2010-1481",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1481"
},
{
"name" : "ADV-2011-0535",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0535"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-06-15-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"name": "MDVSA-2010:234",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:234"
},
{
"name": "ADV-2010-1481",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"name": "http://cups.org/articles.php?L596",
"refsource": "CONFIRM",
"url": "http://cups.org/articles.php?L596"
},
{
"name": "40871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40871"
},
{
"name": "MDVSA-2010:232",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:232"
},
{
"name": "DSA-2176",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2176"
},
{
"name": "http://support.apple.com/kb/HT4188",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4188"
},
{
"name": "GLSA-201207-10",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201207-10.xml"
},
{
"name": "ADV-2011-0535",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0535"
},
{
"name": "40220",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40220"
},
{
"name": "http://cups.org/str.php?L3498",
"refsource": "CONFIRM",
"url": "http://cups.org/str.php?L3498"
},
{
"name": "MDVSA-2010:233",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:233"
},
{
"name": "oval:org.mitre.oval:def:10382",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10382"
},
{
"name": "43521",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43521"
},
{
"name": "1024122",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024122"
}
]
}
}

160
2010/0xxx/CVE-2010-0821.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0821",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via an Excel file with a crafted SxView record, related to improper validation of unspecified structures, aka \"Excel Record Parsing Memory Corruption Vulnerability,\" a different vulnerability than CVE-2010-0824 and CVE-2010-1245."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2010-0821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100608 ZDI-10-104: Microsoft Office Excel SxView Record Parsing Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/511729/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-104",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-104"
},
{
"name" : "MS10-038",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038"
},
{
"name" : "TA10-159B",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
},
{
"name" : "oval:org.mitre.oval:def:6771",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6771"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via an Excel file with a crafted SxView record, related to improper validation of unspecified structures, aka \"Excel Record Parsing Memory Corruption Vulnerability,\" a different vulnerability than CVE-2010-0824 and CVE-2010-1245."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100608 ZDI-10-104: Microsoft Office Excel SxView Record Parsing Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511729/100/0/threaded"
},
{
"name": "MS10-038",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-038"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-104",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-104"
},
{
"name": "TA10-159B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
},
{
"name": "oval:org.mitre.oval:def:6771",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6771"
}
]
}
}

140
2010/1xxx/CVE-2010-1127.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1127",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 and 7 does not initialize certain data structures during execution of the createElement method, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code, as demonstrated by setting the (1) outerHTML or (2) value property of an object returned by createElement."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100126 Microsoft IE 6&7 Crash Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2010-01/0237.html"
},
{
"name" : "20100128 Re: Microsoft IE 6&7 Crash Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2010-01/0278.html"
},
{
"name" : "http://securityreason.com/exploitalert/7731",
"refsource" : "MISC",
"url" : "http://securityreason.com/exploitalert/7731"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 and 7 does not initialize certain data structures during execution of the createElement method, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code, as demonstrated by setting the (1) outerHTML or (2) value property of an object returned by createElement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100126 Microsoft IE 6&7 Crash Exploit",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-01/0237.html"
},
{
"name": "http://securityreason.com/exploitalert/7731",
"refsource": "MISC",
"url": "http://securityreason.com/exploitalert/7731"
},
{
"name": "20100128 Re: Microsoft IE 6&7 Crash Exploit",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-01/0278.html"
}
]
}
}

170
2010/1xxx/CVE-2010-1281.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1281",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-1281",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100511 ZDI-10-087: Adobe Shockwave Invalid Offset Memory Corruption Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/511252/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-087/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-087/"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-12.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
},
{
"name" : "oval:org.mitre.oval:def:7268",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7268"
},
{
"name" : "38751",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38751"
},
{
"name" : "ADV-2010-1128",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1128"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38751"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-087/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-087/"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-12.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
},
{
"name": "ADV-2010-1128",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1128"
},
{
"name": "oval:org.mitre.oval:def:7268",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7268"
},
{
"name": "20100511 ZDI-10-087: Adobe Shockwave Invalid Offset Memory Corruption Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511252/100/0/threaded"
}
]
}
}

190
2010/1xxx/CVE-2010-1651.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1651",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by reading the trace log."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "PM08892",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM08892"
},
{
"name" : "PM12247",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247"
},
{
"name" : "PM15829",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM15829"
},
{
"name" : "65437",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/65437"
},
{
"name" : "39628",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39628"
},
{
"name" : "40096",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40096"
},
{
"name" : "ADV-2010-1411",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1411"
},
{
"name" : "ibm-was-trace-information-disclosure(58324)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58324"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by reading the trace log."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-1411",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1411"
},
{
"name": "39628",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39628"
},
{
"name": "ibm-was-trace-information-disclosure(58324)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58324"
},
{
"name": "PM12247",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247"
},
{
"name": "PM15829",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM15829"
},
{
"name": "65437",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/65437"
},
{
"name": "40096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40096"
},
{
"name": "PM08892",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM08892"
}
]
}
}

34
2010/1xxx/CVE-2010-1765.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1765",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1765",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2010/1xxx/CVE-2010-1819.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1819",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in the Picture Viewer in Apple QuickTime before 7.6.8 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) CoreVideo.dll, (2) CoreGraphics.dll, or (3) CoreAudioToolbox.dll that is located in the same folder as a .pic image file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-1819",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.fortiguard.com/advisory/FGA-2010-46/",
"refsource" : "MISC",
"url" : "http://www.fortiguard.com/advisory/FGA-2010-46/"
},
{
"name" : "http://support.apple.com/kb/HT4339",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4339"
},
{
"name" : "APPLE-SA-2010-09-15-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010/Sep/msg00003.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in the Picture Viewer in Apple QuickTime before 7.6.8 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) CoreVideo.dll, (2) CoreGraphics.dll, or (3) CoreAudioToolbox.dll that is located in the same folder as a .pic image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT4339",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4339"
},
{
"name": "http://www.fortiguard.com/advisory/FGA-2010-46/",
"refsource": "MISC",
"url": "http://www.fortiguard.com/advisory/FGA-2010-46/"
},
{
"name": "APPLE-SA-2010-09-15-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Sep/msg00003.html"
}
]
}
}

190
2010/1xxx/CVE-2010-1871.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1871",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20130528 CA20130528-01: Security Notice for CA Process Automation (CA PAM)",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-05/0117.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=615956",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=615956"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20161017-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20161017-0001/"
},
{
"name" : "RHSA-2010:0564",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0564.html"
},
{
"name" : "41994",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41994"
},
{
"name" : "1024253",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024253"
},
{
"name" : "ADV-2010-1929",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1929"
},
{
"name" : "seam-expressions-code-execution(60794)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60794"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41994",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41994"
},
{
"name": "20130528 CA20130528-01: Security Notice for CA Process Automation (CA PAM)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0117.html"
},
{
"name": "1024253",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024253"
},
{
"name": "ADV-2010-1929",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1929"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=615956",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=615956"
},
{
"name": "seam-expressions-code-execution(60794)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60794"
},
{
"name": "RHSA-2010:0564",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0564.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20161017-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20161017-0001/"
}
]
}
}

140
2014/0xxx/CVE-2014-0006.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0006",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140117 [OSSA 2014-002] Swift TempURL timing attack (CVE-2014-0006)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/01/17/5"
},
{
"name" : "https://bugs.launchpad.net/swift/+bug/1265665",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/swift/+bug/1265665"
},
{
"name" : "RHSA-2014:0232",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0232.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:0232",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0232.html"
},
{
"name": "https://bugs.launchpad.net/swift/+bug/1265665",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/swift/+bug/1265665"
},
{
"name": "[oss-security] 20140117 [OSSA 2014-002] Swift TempURL timing attack (CVE-2014-0006)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/01/17/5"
}
]
}
}

450
2014/0xxx/CVE-2014-0376.json
View File

@ -1,227 +1,227 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0376",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to an improper check for \"code permissions when creating document builder factories.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-0376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://hg.openjdk.java.net/jdk7u/jdk7u/jaxp/rev/42be8e6266ab",
"refsource" : "MISC",
"url" : "http://hg.openjdk.java.net/jdk7u/jdk7u/jaxp/rev/42be8e6266ab"
},
{
"name" : "http://hg.openjdk.java.net/jdk7u/jdk7u/jaxp/rev/783ceae9b736",
"refsource" : "MISC",
"url" : "http://hg.openjdk.java.net/jdk7u/jdk7u/jaxp/rev/783ceae9b736"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1051923",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1051923"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777"
},
{
"name" : "HPSBUX02972",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2"
},
{
"name" : "HPSBUX02973",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=139402749111889&w=2"
},
{
"name" : "SSRT101454",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2"
},
{
"name" : "SSRT101455",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=139402749111889&w=2"
},
{
"name" : "RHSA-2014:0026",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0026.html"
},
{
"name" : "RHSA-2014:0027",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0027.html"
},
{
"name" : "RHSA-2014:0097",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0097.html"
},
{
"name" : "RHSA-2014:0136",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0136.html"
},
{
"name" : "RHSA-2014:0030",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0030.html"
},
{
"name" : "RHSA-2014:0134",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0134.html"
},
{
"name" : "RHSA-2014:0135",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0135.html"
},
{
"name" : "RHSA-2014:0414",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2014:0414"
},
{
"name" : "openSUSE-SU-2014:0174",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html"
},
{
"name" : "SUSE-SU-2014:0246",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html"
},
{
"name" : "SUSE-SU-2014:0266",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html"
},
{
"name" : "openSUSE-SU-2014:0177",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html"
},
{
"name" : "openSUSE-SU-2014:0180",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html"
},
{
"name" : "SUSE-SU-2014:0451",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html"
},
{
"name" : "USN-2089-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2089-1"
},
{
"name" : "USN-2124-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2124-1"
},
{
"name" : "64758",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64758"
},
{
"name" : "64907",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64907"
},
{
"name" : "102018",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102018"
},
{
"name" : "1029608",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029608"
},
{
"name" : "56432",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56432"
},
{
"name" : "56485",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56485"
},
{
"name" : "56486",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56486"
},
{
"name" : "56535",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56535"
},
{
"name" : "oracle-cpujan2014-cve20140376(90350)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90350"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to an improper check for \"code permissions when creating document builder factories.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56432",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56432"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1051923",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051923"
},
{
"name": "RHSA-2014:0414",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2014:0414"
},
{
"name": "RHSA-2014:0136",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0136.html"
},
{
"name": "openSUSE-SU-2014:0174",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html"
},
{
"name": "http://hg.openjdk.java.net/jdk7u/jdk7u/jaxp/rev/42be8e6266ab",
"refsource": "MISC",
"url": "http://hg.openjdk.java.net/jdk7u/jdk7u/jaxp/rev/42be8e6266ab"
},
{
"name": "SSRT101455",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=139402749111889&w=2"
},
{
"name": "RHSA-2014:0135",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0135.html"
},
{
"name": "56535",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56535"
},
{
"name": "USN-2089-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2089-1"
},
{
"name": "64907",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64907"
},
{
"name": "RHSA-2014:0030",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0030.html"
},
{
"name": "RHSA-2014:0097",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0097.html"
},
{
"name": "56485",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56485"
},
{
"name": "SSRT101454",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777"
},
{
"name": "http://hg.openjdk.java.net/jdk7u/jdk7u/jaxp/rev/783ceae9b736",
"refsource": "MISC",
"url": "http://hg.openjdk.java.net/jdk7u/jdk7u/jaxp/rev/783ceae9b736"
},
{
"name": "102018",
"refsource": "OSVDB",
"url": "http://osvdb.org/102018"
},
{
"name": "HPSBUX02972",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2"
},
{
"name": "RHSA-2014:0027",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0027.html"
},
{
"name": "56486",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56486"
},
{
"name": "SUSE-SU-2014:0451",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html"
},
{
"name": "HPSBUX02973",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=139402749111889&w=2"
},
{
"name": "1029608",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029608"
},
{
"name": "USN-2124-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2124-1"
},
{
"name": "SUSE-SU-2014:0266",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html"
},
{
"name": "oracle-cpujan2014-cve20140376(90350)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90350"
},
{
"name": "RHSA-2014:0026",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0026.html"
},
{
"name": "64758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64758"
},
{
"name": "SUSE-SU-2014:0246",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name": "RHSA-2014:0134",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0134.html"
},
{
"name": "openSUSE-SU-2014:0180",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html"
},
{
"name": "openSUSE-SU-2014:0177",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html"
}
]
}
}

170
2014/0xxx/CVE-2014-0396.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0396",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Portal - Web Services."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-0396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name" : "64758",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64758"
},
{
"name" : "64841",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64841"
},
{
"name" : "102031",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102031"
},
{
"name" : "1029623",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029623"
},
{
"name" : "56478",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56478"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Portal - Web Services."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64841",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64841"
},
{
"name": "56478",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56478"
},
{
"name": "1029623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029623"
},
{
"name": "64758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64758"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name": "102031",
"refsource": "OSVDB",
"url": "http://osvdb.org/102031"
}
]
}
}

150
2014/0xxx/CVE-2014-0489.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0489",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-0489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-3025",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-3025"
},
{
"name" : "USN-2348-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-2348-1"
},
{
"name" : "61275",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61275"
},
{
"name" : "61286",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/61286"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61286",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61286"
},
{
"name": "61275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61275"
},
{
"name": "USN-2348-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2348-1"
},
{
"name": "DSA-3025",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3025"
}
]
}
}

34
2014/0xxx/CVE-2014-0596.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0596",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-0596",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

180
2014/0xxx/CVE-2014-0672.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0672",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Search and Play interface in Cisco MediaSense does not properly enforce authorization requirements, which allows remote authenticated users to download arbitrary recordings via a request to this interface."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-0672",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32516",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32516"
},
{
"name" : "20140121 Cisco MediaSense Search and Play Authorization Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0672"
},
{
"name" : "65054",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65054"
},
{
"name" : "102342",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102342"
},
{
"name" : "1029668",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029668"
},
{
"name" : "56600",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56600"
},
{
"name" : "cisco-mediasense-cve20140672-info-disc(90616)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90616"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Search and Play interface in Cisco MediaSense does not properly enforce authorization requirements, which allows remote authenticated users to download arbitrary recordings via a request to this interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1029668",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029668"
},
{
"name": "102342",
"refsource": "OSVDB",
"url": "http://osvdb.org/102342"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32516",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32516"
},
{
"name": "cisco-mediasense-cve20140672-info-disc(90616)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90616"
},
{
"name": "56600",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56600"
},
{
"name": "65054",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65054"
},
{
"name": "20140121 Cisco MediaSense Search and Play Authorization Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0672"
}
]
}
}

130
2014/0xxx/CVE-2014-0879.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0879",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the Taskmaster Capture ActiveX control in IBM Datacap Taskmaster Capture 8.0.1, and 8.1 before FP2, allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0879",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21666888",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21666888"
},
{
"name" : "ibm-taskmaster-cve20140879-code-exec(91115)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91115"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Taskmaster Capture ActiveX control in IBM Datacap Taskmaster Capture 8.0.1, and 8.1 before FP2, allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-taskmaster-cve20140879-code-exec(91115)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91115"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21666888",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21666888"
}
]
}
}

34
2014/1xxx/CVE-2014-1238.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1238",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1238",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/1xxx/CVE-2014-1454.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1454",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1454",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2014/4xxx/CVE-2014-4000.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4000",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes())."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4000",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://forums.cacti.net/viewtopic.php?f=4&t=56794",
"refsource" : "CONFIRM",
"url" : "https://forums.cacti.net/viewtopic.php?f=4&t=56794"
},
{
"name" : "https://security-tracker.debian.org/tracker/CVE-2014-4000",
"refsource" : "CONFIRM",
"url" : "https://security-tracker.debian.org/tracker/CVE-2014-4000"
},
{
"name" : "https://www.cacti.net/release_notes_1_0_0.php",
"refsource" : "CONFIRM",
"url" : "https://www.cacti.net/release_notes_1_0_0.php"
},
{
"name" : "GLSA-201711-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201711-10"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes())."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2014-4000",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2014-4000"
},
{
"name": "https://forums.cacti.net/viewtopic.php?f=4&t=56794",
"refsource": "CONFIRM",
"url": "https://forums.cacti.net/viewtopic.php?f=4&t=56794"
},
{
"name": "GLSA-201711-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201711-10"
},
{
"name": "https://www.cacti.net/release_notes_1_0_0.php",
"refsource": "CONFIRM",
"url": "https://www.cacti.net/release_notes_1_0_0.php"
}
]
}
}

160
2014/4xxx/CVE-2014-4076.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4076",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2) tcpip6.sys, aka \"TCP/IP Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-4076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "35936",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/35936"
},
{
"name" : "37755",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/37755/"
},
{
"name" : "MS14-070",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-070"
},
{
"name" : "70976",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70976"
},
{
"name" : "114532",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/114532"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2) tcpip6.sys, aka \"TCP/IP Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS14-070",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-070"
},
{
"name": "114532",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/114532"
},
{
"name": "37755",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37755/"
},
{
"name": "35936",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35936"
},
{
"name": "70976",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70976"
}
]
}
}

150
2014/4xxx/CVE-2014-4086.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4086",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-4086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-052",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052"
},
{
"name" : "69590",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69590"
},
{
"name" : "1030818",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030818"
},
{
"name" : "ms-ie-cve20144086-code-exec(95516)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95516"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69590",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69590"
},
{
"name": "ms-ie-cve20144086-code-exec(95516)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95516"
},
{
"name": "1030818",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030818"
},
{
"name": "MS14-052",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052"
}
]
}
}

190
2014/4xxx/CVE-2014-4251.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4251",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0 and 12.1.2.0 allows remote authenticated users to affect integrity via vectors related to plugin 1.1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-4251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name" : "68650",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68650"
},
{
"name" : "1030594",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030594"
},
{
"name" : "59204",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59204"
},
{
"name" : "oracle-cpujul2014-cve20144251(94560)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94560"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0 and 12.1.2.0 allows remote authenticated users to affect integrity via vectors related to plugin 1.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68650",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68650"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "oracle-cpujul2014-cve20144251(94560)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94560"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "59204",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59204"
},
{
"name": "1030594",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030594"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
}
]
}
}

180
2014/4xxx/CVE-2014-4495.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4495",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/HT204244",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/HT204244"
},
{
"name" : "http://support.apple.com/HT204245",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/HT204245"
},
{
"name" : "http://support.apple.com/HT204246",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/HT204246"
},
{
"name" : "APPLE-SA-2015-01-27-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"
},
{
"name" : "APPLE-SA-2015-01-27-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
},
{
"name" : "APPLE-SA-2015-01-27-4",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
},
{
"name" : "1031650",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031650"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/HT204245",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204245"
},
{
"name": "http://support.apple.com/HT204246",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204246"
},
{
"name": "1031650",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031650"
},
{
"name": "APPLE-SA-2015-01-27-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
},
{
"name": "http://support.apple.com/HT204244",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204244"
},
{
"name": "APPLE-SA-2015-01-27-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"
},
{
"name": "APPLE-SA-2015-01-27-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
}
]
}
}

290
2014/4xxx/CVE-2014-4971.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-4971",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140718 KL-001-2014-002 : Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/532843/100/0/threaded"
},
{
"name" : "20140718 KL-001-2014-003 : Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/532844/100/0/threaded"
},
{
"name" : "34112",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/34112"
},
{
"name" : "34982",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/34982"
},
{
"name" : "34131",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/34131"
},
{
"name" : "20140718 KL-001-2014-002 : Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Jul/96"
},
{
"name" : "20140718 KL-001-2014-003 : Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Jul/97"
},
{
"name" : "https://www.korelogic.com/Resources/Advisories/KL-001-2014-002.txt",
"refsource" : "MISC",
"url" : "https://www.korelogic.com/Resources/Advisories/KL-001-2014-002.txt"
},
{
"name" : "https://www.korelogic.com/Resources/Advisories/KL-001-2014-003.txt",
"refsource" : "MISC",
"url" : "https://www.korelogic.com/Resources/Advisories/KL-001-2014-003.txt"
},
{
"name" : "http://packetstormsecurity.com/files/128674/Microsoft-Bluetooth-Personal-Area-Networking-BthPan.sys-Privilege-Escalation.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/128674/Microsoft-Bluetooth-Personal-Area-Networking-BthPan.sys-Privilege-Escalation.html"
},
{
"name" : "http://packetstormsecurity.com/files/127535/Microsoft-XP-SP3-BthPan.sys-Arbitrary-Write-Privilege-Escalation.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127535/Microsoft-XP-SP3-BthPan.sys-Arbitrary-Write-Privilege-Escalation.html"
},
{
"name" : "http://packetstormsecurity.com/files/127536/Microsoft-XP-SP3-MQAC.sys-Arbitrary-Write-Privilege-Escalation.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127536/Microsoft-XP-SP3-MQAC.sys-Arbitrary-Write-Privilege-Escalation.html"
},
{
"name" : "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx",
"refsource" : "CONFIRM",
"url" : "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx"
},
{
"name" : "MS14-062",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-062"
},
{
"name" : "68764",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/68764"
},
{
"name" : "109387",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/109387"
},
{
"name" : "1031025",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031025"
},
{
"name" : "60974",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60974"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031025",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031025"
},
{
"name": "MS14-062",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-062"
},
{
"name": "68764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68764"
},
{
"name": "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx"
},
{
"name": "https://www.korelogic.com/Resources/Advisories/KL-001-2014-002.txt",
"refsource": "MISC",
"url": "https://www.korelogic.com/Resources/Advisories/KL-001-2014-002.txt"
},
{
"name": "20140718 KL-001-2014-003 : Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532844/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/127536/Microsoft-XP-SP3-MQAC.sys-Arbitrary-Write-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127536/Microsoft-XP-SP3-MQAC.sys-Arbitrary-Write-Privilege-Escalation.html"
},
{
"name": "34112",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/34112"
},
{
"name": "34131",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/34131"
},
{
"name": "https://www.korelogic.com/Resources/Advisories/KL-001-2014-003.txt",
"refsource": "MISC",
"url": "https://www.korelogic.com/Resources/Advisories/KL-001-2014-003.txt"
},
{
"name": "http://packetstormsecurity.com/files/127535/Microsoft-XP-SP3-BthPan.sys-Arbitrary-Write-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127535/Microsoft-XP-SP3-BthPan.sys-Arbitrary-Write-Privilege-Escalation.html"
},
{
"name": "http://packetstormsecurity.com/files/128674/Microsoft-Bluetooth-Personal-Area-Networking-BthPan.sys-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128674/Microsoft-Bluetooth-Personal-Area-Networking-BthPan.sys-Privilege-Escalation.html"
},
{
"name": "34982",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/34982"
},
{
"name": "20140718 KL-001-2014-003 : Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jul/97"
},
{
"name": "20140718 KL-001-2014-002 : Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532843/100/0/threaded"
},
{
"name": "109387",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/109387"
},
{
"name": "60974",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60974"
},
{
"name": "20140718 KL-001-2014-002 : Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jul/96"
}
]
}
}

34
2014/5xxx/CVE-2014-5142.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5142",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5142",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2014/5xxx/CVE-2014-5505.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5505",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-301/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-301/"
},
{
"name" : "http://scn.sap.com/docs/DOC-8218",
"refsource" : "CONFIRM",
"url" : "http://scn.sap.com/docs/DOC-8218"
},
{
"name" : "https://service.sap.com/sap/support/notes/1999142",
"refsource" : "CONFIRM",
"url" : "https://service.sap.com/sap/support/notes/1999142"
},
{
"name" : "69558",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69558"
},
{
"name" : "60877",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60877"
},
{
"name" : "sap-crystal-cve20145505-bo(95740)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95740"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60877",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60877"
},
{
"name": "sap-crystal-cve20145505-bo(95740)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95740"
},
{
"name": "https://service.sap.com/sap/support/notes/1999142",
"refsource": "CONFIRM",
"url": "https://service.sap.com/sap/support/notes/1999142"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-301/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-301/"
},
{
"name": "69558",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69558"
},
{
"name": "http://scn.sap.com/docs/DOC-8218",
"refsource": "CONFIRM",
"url": "http://scn.sap.com/docs/DOC-8218"
}
]
}
}

34
2016/3xxx/CVE-2016-3339.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3339",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-3339",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

130
2016/3xxx/CVE-2016-3447.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3447",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to OAF Core."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3447",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name" : "1035603",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035603"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to OAF Core."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "1035603",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035603"
}
]
}
}

130
2016/3xxx/CVE-2016-3466.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3466",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Wireless."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name" : "1035603",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035603"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Wireless."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"name": "1035603",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035603"
}
]
}
}

34
2016/3xxx/CVE-2016-3663.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3663",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3663",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2016/3xxx/CVE-2016-3836.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3836",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SurfaceFlinger service in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application, related to lack of a default constructor in include/ui/FrameStats.h, aka internal bug 28592402."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/native/+/3bcf0caa8cca9143443814b36676b3bae33a4368",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/native/+/3bcf0caa8cca9143443814b36676b3bae33a4368"
},
{
"name" : "92224",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92224"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SurfaceFlinger service in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application, related to lack of a default constructor in include/ui/FrameStats.h, aka internal bug 28592402."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name": "https://android.googlesource.com/platform/frameworks/native/+/3bcf0caa8cca9143443814b36676b3bae33a4368",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/native/+/3bcf0caa8cca9143443814b36676b3bae33a4368"
},
{
"name": "92224",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92224"
}
]
}
}

140
2016/3xxx/CVE-2016-3838.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3838",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Android 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of locked-screen 911 functionality) via a crafted application that uses the app-pinning feature, aka internal bug 28761672."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/base/+/468651c86a8adb7aa56c708d2348e99022088af3",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/base/+/468651c86a8adb7aa56c708d2348e99022088af3"
},
{
"name" : "92244",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92244"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Android 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of locked-screen 911 functionality) via a crafted application that uses the app-pinning feature, aka internal bug 28761672."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-08-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-08-01.html"
},
{
"name": "https://android.googlesource.com/platform/frameworks/base/+/468651c86a8adb7aa56c708d2348e99022088af3",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/base/+/468651c86a8adb7aa56c708d2348e99022088af3"
},
{
"name": "92244",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92244"
}
]
}
}

34
2016/3xxx/CVE-2016-3891.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3891",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3891",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

250
2016/3xxx/CVE-2016-3961.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3961",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://xenbits.xen.org/xsa/advisory-174.html",
"refsource" : "CONFIRM",
"url" : "http://xenbits.xen.org/xsa/advisory-174.html"
},
{
"name" : "http://xenbits.xen.org/xsa/xsa174.patch",
"refsource" : "CONFIRM",
"url" : "http://xenbits.xen.org/xsa/xsa174.patch"
},
{
"name" : "DSA-3607",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3607"
},
{
"name" : "USN-3001-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3001-1"
},
{
"name" : "USN-3002-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3002-1"
},
{
"name" : "USN-3003-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3003-1"
},
{
"name" : "USN-3004-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3004-1"
},
{
"name" : "USN-3005-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3005-1"
},
{
"name" : "USN-3006-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3006-1"
},
{
"name" : "USN-3007-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3007-1"
},
{
"name" : "USN-3049-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3049-1"
},
{
"name" : "USN-3050-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3050-1"
},
{
"name" : "86068",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/86068"
},
{
"name" : "1035569",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035569"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xenbits.xen.org/xsa/xsa174.patch",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/xsa174.patch"
},
{
"name": "USN-3006-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3006-1"
},
{
"name": "USN-3004-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3004-1"
},
{
"name": "USN-3001-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3001-1"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-174.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-174.html"
},
{
"name": "USN-3005-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3005-1"
},
{
"name": "1035569",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035569"
},
{
"name": "USN-3049-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3049-1"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-3002-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3002-1"
},
{
"name": "USN-3050-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3050-1"
},
{
"name": "USN-3007-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3007-1"
},
{
"name": "USN-3003-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3003-1"
},
{
"name": "86068",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/86068"
}
]
}
}

120
2016/7xxx/CVE-2016-7762.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2016-7762",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the \"WebKit\" component, which allows XSS attacks against Safari."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-7762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207422",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207422"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the \"WebKit\" component, which allows XSS attacks against Safari."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT207422",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207422"
}
]
}
}

34
2016/8xxx/CVE-2016-8054.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8054",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-8054",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/8xxx/CVE-2016-8253.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8253",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-8253",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/8xxx/CVE-2016-8256.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8256",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-8256",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

130
2016/8xxx/CVE-2016-8761.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2016-8761",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "P9,Honor 6 Versions before EVA-AL10C00B192,Versions before H60-L02_6.10.1",
"version" : {
"version_data" : [
{
"version_value" : "P9,Honor 6 Versions before EVA-AL10C00B192,Versions before H60-L02_6.10.1"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Video driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a stack overflow vulnerability, which allows attackers to crash the system or escalate user privilege."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "stack overflow"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2016-8761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "P9,Honor 6 Versions before EVA-AL10C00B192,Versions before H60-L02_6.10.1",
"version": {
"version_data": [
{
"version_value": "P9,Honor 6 Versions before EVA-AL10C00B192,Versions before H60-L02_6.10.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161012-01-smartphone-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161012-01-smartphone-en"
},
{
"name" : "93530",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93530"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Video driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a stack overflow vulnerability, which allows attackers to crash the system or escalate user privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "stack overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93530",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93530"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161012-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161012-01-smartphone-en"
}
]
}
}

130
2016/8xxx/CVE-2016-8817.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@nvidia.com",
"ID" : "CVE-2016-8817",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Quadro, NVS, GeForce, GRID and Tesla",
"version" : {
"version_data" : [
{
"version_value" : "All"
}
]
}
}
]
},
"vendor_name" : "Nvidia Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the size input to memcpy(), causing a buffer overflow, leading to denial of service or potential escalation of privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"ID": "CVE-2016-8817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Quadro, NVS, GeForce, GRID and Tesla",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Nvidia Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4257",
"refsource" : "CONFIRM",
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4257"
},
{
"name" : "95059",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95059"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the size input to memcpy(), causing a buffer overflow, leading to denial of service or potential escalation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4257",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4257"
},
{
"name": "95059",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95059"
}
]
}
}

424
2016/8xxx/CVE-2016-8922.json
View File

@ -1,214 +1,214 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-8922",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "WebSphere Portal",
"version" : {
"version_data" : [
{
"version_value" : "5.1.0.0"
},
{
"version_value" : "5.1.0.1"
},
{
"version_value" : "5.1.0.2"
},
{
"version_value" : "5.1.0.3"
},
{
"version_value" : "5.1.0.4"
},
{
"version_value" : "5.1.0.5"
},
{
"version_value" : "6.0.0.0"
},
{
"version_value" : "6.0.0.1"
},
{
"version_value" : "6.0.1.1"
},
{
"version_value" : "6.0.1.3"
},
{
"version_value" : "6.1.0.0"
},
{
"version_value" : "6.0.1.5"
},
{
"version_value" : "6.0.1.2"
},
{
"version_value" : "6.0.1.4"
},
{
"version_value" : "6.1.0.1"
},
{
"version_value" : "6.1.0.2"
},
{
"version_value" : "6.1.0.3"
},
{
"version_value" : "6.0.1.5 build wp6015_008_01"
},
{
"version_value" : "6.0.0.2"
},
{
"version_value" : "6.0.0.3"
},
{
"version_value" : "6.0.0.4"
},
{
"version_value" : "6.0.1.0"
},
{
"version_value" : "6.0.1.6"
},
{
"version_value" : "6.0.1.7"
},
{
"version_value" : "6.1.5.0"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.0.0.1"
},
{
"version_value" : "8.0"
},
{
"version_value" : "1.0"
},
{
"version_value" : "7.0.0.1"
},
{
"version_value" : "7.0.0.1"
},
{
"version_value" : "7.0.0.1"
},
{
"version_value" : "8.0.0.1"
},
{
"version_value" : "7.0.0.2"
},
{
"version_value" : "6.1.0.4"
},
{
"version_value" : "6.1.0.5"
},
{
"version_value" : "6.1.0.6"
},
{
"version_value" : "6.1.5.1"
},
{
"version_value" : "6.1.5.2"
},
{
"version_value" : "6.1.5.3"
},
{
"version_value" : "8"
},
{
"version_value" : "7"
},
{
"version_value" : "6.1.5"
},
{
"version_value" : "6.1.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "6.0.0"
},
{
"version_value" : "8.5"
},
{
"version_value" : "6.1"
},
{
"version_value" : "6.0"
},
{
"version_value" : "8.5.0"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Exphox WebRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-8922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Portal",
"version": {
"version_data": [
{
"version_value": "5.1.0.0"
},
{
"version_value": "5.1.0.1"
},
{
"version_value": "5.1.0.2"
},
{
"version_value": "5.1.0.3"
},
{
"version_value": "5.1.0.4"
},
{
"version_value": "5.1.0.5"
},
{
"version_value": "6.0.0.0"
},
{
"version_value": "6.0.0.1"
},
{
"version_value": "6.0.1.1"
},
{
"version_value": "6.0.1.3"
},
{
"version_value": "6.1.0.0"
},
{
"version_value": "6.0.1.5"
},
{
"version_value": "6.0.1.2"
},
{
"version_value": "6.0.1.4"
},
{
"version_value": "6.1.0.1"
},
{
"version_value": "6.1.0.2"
},
{
"version_value": "6.1.0.3"
},
{
"version_value": "6.0.1.5 build wp6015_008_01"
},
{
"version_value": "6.0.0.2"
},
{
"version_value": "6.0.0.3"
},
{
"version_value": "6.0.0.4"
},
{
"version_value": "6.0.1.0"
},
{
"version_value": "6.0.1.6"
},
{
"version_value": "6.0.1.7"
},
{
"version_value": "6.1.5.0"
},
{
"version_value": "7.0"
},
{
"version_value": "7.0.0.1"
},
{
"version_value": "8.0"
},
{
"version_value": "1.0"
},
{
"version_value": "7.0.0.1"
},
{
"version_value": "7.0.0.1"
},
{
"version_value": "7.0.0.1"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "7.0.0.2"
},
{
"version_value": "6.1.0.4"
},
{
"version_value": "6.1.0.5"
},
{
"version_value": "6.1.0.6"
},
{
"version_value": "6.1.5.1"
},
{
"version_value": "6.1.5.2"
},
{
"version_value": "6.1.5.3"
},
{
"version_value": "8"
},
{
"version_value": "7"
},
{
"version_value": "6.1.5"
},
{
"version_value": "6.1.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.0"
},
{
"version_value": "8.5"
},
{
"version_value": "6.1"
},
{
"version_value": "6.0"
},
{
"version_value": "8.5.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21993561",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21993561"
},
{
"name" : "94413",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94413"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exphox WebRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21993561",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21993561"
},
{
"name": "94413",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94413"
}
]
}
}

160
2016/9xxx/CVE-2016-9433.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9433",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (out-of-bounds array access) via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161118 Re: CVE request: w3m - multiple vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/11/18/3"
},
{
"name" : "https://github.com/tats/w3m/blob/master/ChangeLog",
"refsource" : "CONFIRM",
"url" : "https://github.com/tats/w3m/blob/master/ChangeLog"
},
{
"name" : "https://github.com/tats/w3m/issues/14",
"refsource" : "CONFIRM",
"url" : "https://github.com/tats/w3m/issues/14"
},
{
"name" : "GLSA-201701-08",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-08"
},
{
"name" : "94407",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94407"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (out-of-bounds array access) via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201701-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-08"
},
{
"name": "https://github.com/tats/w3m/blob/master/ChangeLog",
"refsource": "CONFIRM",
"url": "https://github.com/tats/w3m/blob/master/ChangeLog"
},
{
"name": "94407",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94407"
},
{
"name": "https://github.com/tats/w3m/issues/14",
"refsource": "CONFIRM",
"url": "https://github.com/tats/w3m/issues/14"
},
{
"name": "[oss-security] 20161118 Re: CVE request: w3m - multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/18/3"
}
]
}
}

34
2016/9xxx/CVE-2016-9525.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9525",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-9525",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/9xxx/CVE-2016-9758.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9758",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-9758",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/9xxx/CVE-2016-9770.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9770",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-9770",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2019/2xxx/CVE-2019-2049.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2049",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2049",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2780.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2780",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2780",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2840.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2840",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2840",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2995.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2995",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2995",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/6xxx/CVE-2019-6168.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6168",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6168",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/6xxx/CVE-2019-6314.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6314",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6314",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/6xxx/CVE-2019-6883.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6883",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6883",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}